diff options
Diffstat (limited to 'net/ipv6/esp6.c')
| -rw-r--r-- | net/ipv6/esp6.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 9b27460f0cc7..40d9a1935ab5 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
| @@ -31,6 +31,7 @@ | |||
| 31 | #include <net/esp.h> | 31 | #include <net/esp.h> |
| 32 | #include <asm/scatterlist.h> | 32 | #include <asm/scatterlist.h> |
| 33 | #include <linux/crypto.h> | 33 | #include <linux/crypto.h> |
| 34 | #include <linux/kernel.h> | ||
| 34 | #include <linux/pfkeyv2.h> | 35 | #include <linux/pfkeyv2.h> |
| 35 | #include <linux/random.h> | 36 | #include <linux/random.h> |
| 36 | #include <net/icmp.h> | 37 | #include <net/icmp.h> |
| @@ -66,10 +67,10 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 66 | 67 | ||
| 67 | alen = esp->auth.icv_trunc_len; | 68 | alen = esp->auth.icv_trunc_len; |
| 68 | tfm = esp->conf.tfm; | 69 | tfm = esp->conf.tfm; |
| 69 | blksize = (crypto_tfm_alg_blocksize(tfm) + 3) & ~3; | 70 | blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4); |
| 70 | clen = (clen + 2 + blksize-1)&~(blksize-1); | 71 | clen = ALIGN(clen + 2, blksize); |
| 71 | if (esp->conf.padlen) | 72 | if (esp->conf.padlen) |
| 72 | clen = (clen + esp->conf.padlen-1)&~(esp->conf.padlen-1); | 73 | clen = ALIGN(clen, esp->conf.padlen); |
| 73 | 74 | ||
| 74 | if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0) { | 75 | if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0) { |
| 75 | goto error; | 76 | goto error; |
| @@ -133,7 +134,7 @@ static int esp6_input(struct xfrm_state *x, struct xfrm_decap_state *decap, stru | |||
| 133 | struct ipv6_esp_hdr *esph; | 134 | struct ipv6_esp_hdr *esph; |
| 134 | struct esp_data *esp = x->data; | 135 | struct esp_data *esp = x->data; |
| 135 | struct sk_buff *trailer; | 136 | struct sk_buff *trailer; |
| 136 | int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); | 137 | int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); |
| 137 | int alen = esp->auth.icv_trunc_len; | 138 | int alen = esp->auth.icv_trunc_len; |
| 138 | int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; | 139 | int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; |
| 139 | 140 | ||
| @@ -235,16 +236,17 @@ out_nofree: | |||
| 235 | static u32 esp6_get_max_size(struct xfrm_state *x, int mtu) | 236 | static u32 esp6_get_max_size(struct xfrm_state *x, int mtu) |
| 236 | { | 237 | { |
| 237 | struct esp_data *esp = x->data; | 238 | struct esp_data *esp = x->data; |
| 238 | u32 blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); | 239 | u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); |
| 239 | 240 | ||
| 240 | if (x->props.mode) { | 241 | if (x->props.mode) { |
| 241 | mtu = (mtu + 2 + blksize-1)&~(blksize-1); | 242 | mtu = ALIGN(mtu + 2, blksize); |
| 242 | } else { | 243 | } else { |
| 243 | /* The worst case. */ | 244 | /* The worst case. */ |
| 244 | mtu += 2 + blksize; | 245 | u32 padsize = ((blksize - 1) & 7) + 1; |
| 246 | mtu = ALIGN(mtu + 2, padsize) + blksize - padsize; | ||
| 245 | } | 247 | } |
| 246 | if (esp->conf.padlen) | 248 | if (esp->conf.padlen) |
| 247 | mtu = (mtu + esp->conf.padlen-1)&~(esp->conf.padlen-1); | 249 | mtu = ALIGN(mtu, esp->conf.padlen); |
| 248 | 250 | ||
| 249 | return mtu + x->props.header_len + esp->auth.icv_full_len; | 251 | return mtu + x->props.header_len + esp->auth.icv_full_len; |
| 250 | } | 252 | } |