From: "Fabio M. Di Nitto" <fdinitto@xxxxxxxxxx>
libnss is "weird" in this respect as some block sizes are hardcoded,
others need to be determined dynamically.
For AES we need to use the values we know since GetBlockSize would
return errors, for 3des (that hopefully nobody is using) the value
returned by GetBlockSize is 8, but let's use the call into libnss
to avoid possible conflicts with distro patching or older versions.
Signed-off-by: Fabio M. Di Nitto <fdinitto@xxxxxxxxxx>
---
exec/totemcrypto.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c
index 69818b8..362ea82 100644
--- a/exec/totemcrypto.c
+++ b/exec/totemcrypto.c
@@ -666,6 +666,7 @@ size_t crypto_sec_header_size(
int crypto_cipher = string_to_crypto_cipher_type(crypto_cipher_type);
int crypto_hash = string_to_crypto_hash_type(crypto_hash_type);
size_t hdr_size = 0;
+ int block_size = 0;
hdr_size = sizeof(struct crypto_config_header);
@@ -675,7 +676,19 @@ size_t crypto_sec_header_size(
if (crypto_cipher) {
hdr_size += SALT_SIZE;
- hdr_size += cypher_block_len[crypto_cipher];
+ if (cypher_block_len[crypto_cipher]) {
+ block_size = cypher_block_len[crypto_cipher];
+ } else {
+ block_size = PK11_GetBlockSize(crypto_cipher, NULL);
+ if (block_size < 0) {
+ /*
+ * failsafe. we can potentially lose up to 63
+ * byte per packet, but better than fragmenting
+ */
+ block_size = 64;
+ }
+ }
+ hdr_size += block_size;
}
return hdr_size;
--
1.8.3.1
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
