From 0ec9603c7aac4b6daa36aa95fa093afe88313bb9 Mon Sep 17 00:00:00 2001
From: Kefu Chai <kchai@redhat.com>
Date: Tue, 3 Apr 2018 17:16:30 +0800
Subject: [PATCH] auth: the outbuf of AES should be multiple of block size

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 3cfcd02af6381022081d51367f7338bde1fcb1d2)
(cherry picked from commit 7635485d34c99671030a10e1da67945c19b4fc88)
---
 src/auth/Crypto.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc
index e5445eeec6c22..d777c36995f75 100644
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -135,9 +135,9 @@ static int nss_aes_operation(
 			     const bufferlist& in, bufferlist& out,
 			     std::string *error)
 {
-  // sample source said this has to be at least size of input + 8,
-  // but i see 15 still fail with SEC_ERROR_OUTPUT_LEN
-  bufferptr out_tmp(in.length()+16);
+  // we are using CEPH_AES_IV for the IV param, so take it into consideration.
+  bufferptr out_tmp{round_up_to(in.length() + sizeof(CEPH_AES_IV),
+                                AES_BLOCK_LEN)};
   bufferlist incopy;
 
   SECStatus ret;
-- 
2.39.5