From: Arne Schwabe <arne@rfc2549.org>
Date: Wed, 1 Dec 2021 18:07:20 +0000 (+0100)
Subject: Directly use hardcoed OPENVPN_AEAD_TAG_LENGTH instead lookup
X-Git-Tag: v2.6_beta1~371
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e82e3382384846456881eec97d626b2d4cfb2df6;p=thirdparty%2Fopenvpn.git

Directly use hardcoed OPENVPN_AEAD_TAG_LENGTH instead lookup

We always use the same tag size for all AEAD cipher, so instead
of doing a lookup, use the tag size directly.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20211201180727.2496903-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23273.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 251decdc5..270d83c56 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -69,7 +69,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
     const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt;
     uint8_t *mac_out = NULL;
     const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher);
-    const int mac_len = cipher_kt_tag_size(cipher_kt);
+    const int mac_len = OPENVPN_AEAD_TAG_LENGTH;
 
     /* IV, packet-ID and implicit IV required for this mode. */
     ASSERT(ctx->cipher);
@@ -362,7 +362,6 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
     const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt;
     const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher);
     uint8_t *tag_ptr = NULL;
-    int tag_size = 0;
     int outlen;
     struct gc_arena gc;
 
@@ -415,7 +414,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
     }
 
     /* keep the tag value to feed in later */
-    tag_size = cipher_kt_tag_size(cipher_kt);
+    const int tag_size = OPENVPN_AEAD_TAG_LENGTH;
     if (buf->len < tag_size)
     {
         CRYPT_ERROR("missing tag");