Fix frame size calculation for non-CBC modes.

author Steffan Karger <steffan@karger.me>

Tue, 29 Jul 2014 20:52:24 +0000 (22:52 +0200)

committer Gert Doering <gert@greenie.muc.de>

Fri, 27 Feb 2015 16:04:42 +0000 (17:04 +0100)
author Steffan Karger <steffan@karger.me>
Tue, 29 Jul 2014 20:52:24 +0000 (22:52 +0200)
committer Gert Doering <gert@greenie.muc.de>
Fri, 27 Feb 2015 16:04:42 +0000 (17:04 +0100)
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c

index 475c2539c679586da4c08eaa70381076faace79c..aa93a7b7a039623afa23dd05b69aebd58d99b077 100644 (file)
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -403,11 +403,27 @@ crypto_adjust_frame_parameters(struct frame *frame,
                                bool packet_id,
                                bool packet_id_long_form)
  {
-  frame_add_to_extra_frame (frame,
-                           (packet_id ? packet_id_size (packet_id_long_form) : 0) +
-                           ((cipher_defined && use_iv) ? cipher_kt_iv_size (kt->cipher) : 0) +
-                           (cipher_defined ? cipher_kt_block_size (kt->cipher) : 0) + /* worst case padding expansion */
-                           kt->hmac_length);
+  size_t crypto_overhead = 0;
+
+  if (packet_id)
+    crypto_overhead += packet_id_size (packet_id_long_form);
+
+  if (cipher_defined)
+    {
+      if (use_iv)
+       crypto_overhead += cipher_kt_iv_size (kt->cipher);
+
+      if (cipher_kt_mode_cbc (kt->cipher))
+       /* worst case padding expansion */
+       crypto_overhead += cipher_kt_block_size (kt->cipher);
+    }
+
+  crypto_overhead += kt->hmac_length;
+
+  frame_add_to_extra_frame (frame, crypto_overhead);
+
+  msg(D_MTU_DEBUG, "%s: Adjusting frame parameters for crypto by %zu bytes",
+      __func__, crypto_overhead);
  }
  
  /*
author	Steffan Karger <steffan@karger.me>
	Tue, 29 Jul 2014 20:52:24 +0000 (22:52 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Fri, 27 Feb 2015 16:04:42 +0000 (17:04 +0100)