diff options
Diffstat (limited to 'net/ipv4/esp4.c')
| -rw-r--r-- | net/ipv4/esp4.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 1b5a09d1b90b..1b18ce66e7b7 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
| @@ -5,6 +5,7 @@ | |||
| 5 | #include <net/esp.h> | 5 | #include <net/esp.h> |
| 6 | #include <asm/scatterlist.h> | 6 | #include <asm/scatterlist.h> |
| 7 | #include <linux/crypto.h> | 7 | #include <linux/crypto.h> |
| 8 | #include <linux/kernel.h> | ||
| 8 | #include <linux/pfkeyv2.h> | 9 | #include <linux/pfkeyv2.h> |
| 9 | #include <linux/random.h> | 10 | #include <linux/random.h> |
| 10 | #include <net/icmp.h> | 11 | #include <net/icmp.h> |
| @@ -42,10 +43,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 42 | esp = x->data; | 43 | esp = x->data; |
| 43 | alen = esp->auth.icv_trunc_len; | 44 | alen = esp->auth.icv_trunc_len; |
| 44 | tfm = esp->conf.tfm; | 45 | tfm = esp->conf.tfm; |
| 45 | blksize = (crypto_tfm_alg_blocksize(tfm) + 3) & ~3; | 46 | blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4); |
| 46 | clen = (clen + 2 + blksize-1)&~(blksize-1); | 47 | clen = ALIGN(clen + 2, blksize); |
| 47 | if (esp->conf.padlen) | 48 | if (esp->conf.padlen) |
| 48 | clen = (clen + esp->conf.padlen-1)&~(esp->conf.padlen-1); | 49 | clen = ALIGN(clen, esp->conf.padlen); |
| 49 | 50 | ||
| 50 | if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0) | 51 | if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0) |
| 51 | goto error; | 52 | goto error; |
| @@ -143,7 +144,7 @@ static int esp_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struc | |||
| 143 | struct ip_esp_hdr *esph; | 144 | struct ip_esp_hdr *esph; |
| 144 | struct esp_data *esp = x->data; | 145 | struct esp_data *esp = x->data; |
| 145 | struct sk_buff *trailer; | 146 | struct sk_buff *trailer; |
| 146 | int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); | 147 | int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); |
| 147 | int alen = esp->auth.icv_trunc_len; | 148 | int alen = esp->auth.icv_trunc_len; |
| 148 | int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; | 149 | int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; |
| 149 | int nfrags; | 150 | int nfrags; |
| @@ -304,16 +305,16 @@ static int esp_post_input(struct xfrm_state *x, struct xfrm_decap_state *decap, | |||
| 304 | static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) | 305 | static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) |
| 305 | { | 306 | { |
| 306 | struct esp_data *esp = x->data; | 307 | struct esp_data *esp = x->data; |
| 307 | u32 blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); | 308 | u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); |
| 308 | 309 | ||
| 309 | if (x->props.mode) { | 310 | if (x->props.mode) { |
| 310 | mtu = (mtu + 2 + blksize-1)&~(blksize-1); | 311 | mtu = ALIGN(mtu + 2, blksize); |
| 311 | } else { | 312 | } else { |
| 312 | /* The worst case. */ | 313 | /* The worst case. */ |
| 313 | mtu += 2 + blksize; | 314 | mtu = ALIGN(mtu + 2, 4) + blksize - 4; |
| 314 | } | 315 | } |
| 315 | if (esp->conf.padlen) | 316 | if (esp->conf.padlen) |
| 316 | mtu = (mtu + esp->conf.padlen-1)&~(esp->conf.padlen-1); | 317 | mtu = ALIGN(mtu, esp->conf.padlen); |
| 317 | 318 | ||
| 318 | return mtu + x->props.header_len + esp->auth.icv_trunc_len; | 319 | return mtu + x->props.header_len + esp->auth.icv_trunc_len; |
| 319 | } | 320 | } |