diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/esp4.c | 6 | ||||
-rw-r--r-- | net/ipv6/esp6.c | 7 |
2 files changed, 7 insertions, 6 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index e911c6dd8296..1b18ce66e7b7 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -144,7 +144,7 @@ static int esp_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struc | |||
144 | struct ip_esp_hdr *esph; | 144 | struct ip_esp_hdr *esph; |
145 | struct esp_data *esp = x->data; | 145 | struct esp_data *esp = x->data; |
146 | struct sk_buff *trailer; | 146 | struct sk_buff *trailer; |
147 | int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); | 147 | int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); |
148 | int alen = esp->auth.icv_trunc_len; | 148 | int alen = esp->auth.icv_trunc_len; |
149 | int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; | 149 | int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; |
150 | int nfrags; | 150 | int nfrags; |
@@ -305,13 +305,13 @@ static int esp_post_input(struct xfrm_state *x, struct xfrm_decap_state *decap, | |||
305 | static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) | 305 | static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) |
306 | { | 306 | { |
307 | struct esp_data *esp = x->data; | 307 | struct esp_data *esp = x->data; |
308 | u32 blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); | 308 | u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); |
309 | 309 | ||
310 | if (x->props.mode) { | 310 | if (x->props.mode) { |
311 | mtu = ALIGN(mtu + 2, blksize); | 311 | mtu = ALIGN(mtu + 2, blksize); |
312 | } else { | 312 | } else { |
313 | /* The worst case. */ | 313 | /* The worst case. */ |
314 | mtu += 2 + blksize; | 314 | mtu = ALIGN(mtu + 2, 4) + blksize - 4; |
315 | } | 315 | } |
316 | if (esp->conf.padlen) | 316 | if (esp->conf.padlen) |
317 | mtu = ALIGN(mtu, esp->conf.padlen); | 317 | mtu = ALIGN(mtu, esp->conf.padlen); |
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 0c7d7b42c80b..40d9a1935ab5 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
@@ -134,7 +134,7 @@ static int esp6_input(struct xfrm_state *x, struct xfrm_decap_state *decap, stru | |||
134 | struct ipv6_esp_hdr *esph; | 134 | struct ipv6_esp_hdr *esph; |
135 | struct esp_data *esp = x->data; | 135 | struct esp_data *esp = x->data; |
136 | struct sk_buff *trailer; | 136 | struct sk_buff *trailer; |
137 | int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); | 137 | int blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); |
138 | int alen = esp->auth.icv_trunc_len; | 138 | int alen = esp->auth.icv_trunc_len; |
139 | int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; | 139 | int elen = skb->len - sizeof(struct ipv6_esp_hdr) - esp->conf.ivlen - alen; |
140 | 140 | ||
@@ -236,13 +236,14 @@ out_nofree: | |||
236 | static u32 esp6_get_max_size(struct xfrm_state *x, int mtu) | 236 | static u32 esp6_get_max_size(struct xfrm_state *x, int mtu) |
237 | { | 237 | { |
238 | struct esp_data *esp = x->data; | 238 | struct esp_data *esp = x->data; |
239 | u32 blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); | 239 | u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4); |
240 | 240 | ||
241 | if (x->props.mode) { | 241 | if (x->props.mode) { |
242 | mtu = ALIGN(mtu + 2, blksize); | 242 | mtu = ALIGN(mtu + 2, blksize); |
243 | } else { | 243 | } else { |
244 | /* The worst case. */ | 244 | /* The worst case. */ |
245 | mtu += 2 + blksize; | 245 | u32 padsize = ((blksize - 1) & 7) + 1; |
246 | mtu = ALIGN(mtu + 2, padsize) + blksize - padsize; | ||
246 | } | 247 | } |
247 | if (esp->conf.padlen) | 248 | if (esp->conf.padlen) |
248 | mtu = ALIGN(mtu, esp->conf.padlen); | 249 | mtu = ALIGN(mtu, esp->conf.padlen); |