git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Tue, 22 Nov 2016 20:41:26 +0000 (21:41 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 22 Nov 2016 21:20:50 +0000 (22:20 +0100)
commit	418d2d98489dfe7afafcaf21828541d034afb7f4
tree	99ff4eb5af349b800079df01c2ebf1274f6668d4	tree
parent	39b7d4da02c40e76640c4da96ef7da7a6354cc00	commit \| diff

--tls-crypt fixes

* Check return value of buf_init()  (found by coverity)

* Use the TLS frame to determine the buffer size, as is done for the
  reliability buffers used for tls-auth.  (We previously incorrectly used
  the TLS *plaintext* buffer size, which is bigger for typical setups
  with tun-mtu <= 1500.  Using the frame to calculate the size saves some
  bytes for typical setups, and doesn't break setups with big tun-mtu.)

* More carefully handle errors in tls_crypt_wrap() - just drop the packet
  instead of ASSERT()ing out (should not happen in the first place, but
  this is a bit more friendly if it happens somehow anyway).

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1479847286-17518-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13204.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>