Message ID | 20211201180727.2496903-2-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel,1/9] Implement optional cipher in --data-ciphers prefixed with ? | expand |
Acked-by: Gert Doering <gert@greenie.muc.de> Verified that these changes are only done within "aead" encrypt/decrypt crypto functions, and we already know it's an AEAD cipher. Changed the commit subject to actually name it "AEAD" TAG_LENGTH :-) (I wondered why the patch does not remove cipher_kt_tag_size() right away, but that's our beloved crypto_adjust_frame_parameters()... so I assume that will come as part of the frame cleanup later on) Lightly tested client side, with BF-CBC and AEAD connections. Your patch has been applied to the master branch. commit e82e3382384846456881eec97d626b2d4cfb2df6 Author: Arne Schwabe Date: Wed Dec 1 19:07:20 2021 +0100 Directly use hardcoed OPENVPN_AEAD_TAG_LENGTH instead lookup Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20211201180727.2496903-2-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23273.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 251decdc5..270d83c56 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -69,7 +69,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work, const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt; uint8_t *mac_out = NULL; const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); - const int mac_len = cipher_kt_tag_size(cipher_kt); + const int mac_len = OPENVPN_AEAD_TAG_LENGTH; /* IV, packet-ID and implicit IV required for this mode. */ ASSERT(ctx->cipher); @@ -362,7 +362,6 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work, const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher); uint8_t *tag_ptr = NULL; - int tag_size = 0; int outlen; struct gc_arena gc; @@ -415,7 +414,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work, } /* keep the tag value to feed in later */ - tag_size = cipher_kt_tag_size(cipher_kt); + const int tag_size = OPENVPN_AEAD_TAG_LENGTH; if (buf->len < tag_size) { CRYPT_ERROR("missing tag");
We always use the same tag size for all AEAED cipher, so instead of doing a lookup, always use the same tag size. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/crypto.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)