diff options
| author | Steffan Karger <steffan@karger.me> | 2014-07-29 22:52:24 +0200 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2015-02-27 17:04:42 +0100 |
| commit | 6f0ab30d7f034d4f8d7c2ca872cfef066b16c7f0 (patch) | |
| tree | 961b27fdd5c518e41b66b1a76d57004044e91fa2 /src/openvpn | |
| parent | 5b46cf43432e69bb55747830494f613115a2af0c (diff) | |
| download | openvpn-6f0ab30d7f034d4f8d7c2ca872cfef066b16c7f0.tar.gz openvpn-6f0ab30d7f034d4f8d7c2ca872cfef066b16c7f0.tar.xz openvpn-6f0ab30d7f034d4f8d7c2ca872cfef066b16c7f0.zip | |
Fix frame size calculation for non-CBC modes.
CBC mode is the only mode that OpenVPN supports that needs padding. So,
only include the worst case padding size in the frame size calculation when
using CBC mode.
While doing so, rewrite crypto_adjust_frame_parameters() to be better
readable, and provide debug output (for high debug levels).
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1406667144-17674-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8952
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 669f898b8fcaf7a8d43825fa0255c2791cc0ef89)
Diffstat (limited to 'src/openvpn')
| -rw-r--r-- | src/openvpn/crypto.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 475c253..aa93a7b 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -403,11 +403,27 @@ crypto_adjust_frame_parameters(struct frame *frame, bool packet_id, bool packet_id_long_form) { - frame_add_to_extra_frame (frame, - (packet_id ? packet_id_size (packet_id_long_form) : 0) + - ((cipher_defined && use_iv) ? cipher_kt_iv_size (kt->cipher) : 0) + - (cipher_defined ? cipher_kt_block_size (kt->cipher) : 0) + /* worst case padding expansion */ - kt->hmac_length); + size_t crypto_overhead = 0; + + if (packet_id) + crypto_overhead += packet_id_size (packet_id_long_form); + + if (cipher_defined) + { + if (use_iv) + crypto_overhead += cipher_kt_iv_size (kt->cipher); + + if (cipher_kt_mode_cbc (kt->cipher)) + /* worst case padding expansion */ + crypto_overhead += cipher_kt_block_size (kt->cipher); + } + + crypto_overhead += kt->hmac_length; + + frame_add_to_extra_frame (frame, crypto_overhead); + + msg(D_MTU_DEBUG, "%s: Adjusting frame parameters for crypto by %zu bytes", + __func__, crypto_overhead); } /* |