diff options
| author | Arne Schwabe | 2022-01-01 17:25:20 +0100 |
|---|---|---|
| committer | Gert Doering | 2022-02-02 12:16:32 +0100 |
| commit | 5b3c8ca869766de2c94eb7dd4450b0d9ab1c75fc (patch) | |
| tree | 2527f975329055209bd75f716bc9525437076ef5 /src/openvpn/crypto.c | |
| parent | 29453c37c1f3aa420a894996dd7be4a4f8393c5a (diff) | |
| download | openvpn-5b3c8ca869766de2c94eb7dd4450b0d9ab1c75fc.zip openvpn-5b3c8ca869766de2c94eb7dd4450b0d9ab1c75fc.tar.gz | |
Fix mssfix and frame calculation in CBC mode
This commit fixes the MSS calculation in CBC mode. This fix has two parts:
- Added rounding to a multiple of block size during calculation of overhead
- In CBC mode the packet ID is part of the plaintext (or payload) rather
than part of the header (like for AEAD), adjust the functions to
correctly reflect this.
OCC link calculation is not affected since it ignores rounding of CBC
block size completely.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20220101162532.2251835-3-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23494.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/crypto.c')
| -rw-r--r-- | src/openvpn/crypto.c | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 0aa76e0..0cfaa0a 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -210,7 +210,7 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work, ASSERT(0); } - /* set the IV pseudo-randomly */ + /* write the pseudo-randomly IV (CBC)/packet ID (OFB/CFB) */ ASSERT(buf_write(&work, iv_buf, iv_size)); dmsg(D_PACKET_CONTENT, "ENCRYPT IV: %s", format_hex(iv_buf, iv_size, 0, &gc)); @@ -670,17 +670,15 @@ openvpn_decrypt(struct buffer *buf, struct buffer work, unsigned int calculate_crypto_overhead(const struct key_type *kt, - bool packet_id, - bool packet_id_long_form, - unsigned int payload_size, + unsigned int pkt_id_size, bool occ) { unsigned int crypto_overhead = 0; - /* We always have a packet id, no matter if encrypted or unencrypted */ - if (packet_id) + if (!cipher_kt_mode_cbc(kt->cipher)) { - crypto_overhead += packet_id_size(packet_id_long_form); + /* In CBC mode, the packet id is part of the payload size/overhead */ + crypto_overhead += pkt_id_size; } if (cipher_kt_mode_aead(kt->cipher)) @@ -703,11 +701,7 @@ calculate_crypto_overhead(const struct key_type *kt, if (cipher_defined(kt->cipher)) { /* CBC, OFB or CFB mode */ - /* This is a worst case upper bound of needing to add - * a full extra block for padding when the payload - * is exactly a multiple of the block size */ - if (occ || (cipher_kt_mode_cbc(kt->cipher) && - (payload_size % cipher_kt_block_size(kt->cipher) == 0))) + if (occ) { crypto_overhead += cipher_kt_block_size(kt->cipher); } |