1 files changed, 14 insertions, 17 deletions

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 0dba7ca..7119abc 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -85,6 +85,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
     /* Prepare IV */
     {
         struct buffer iv_buffer;
+        struct packet_id_net pin;
         uint8_t iv[OPENVPN_MAX_IV_LENGTH] = {0};
         const int iv_len = cipher_ctx_iv_length(ctx->cipher);
 
@@ -93,11 +94,8 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
         buf_set_write(&iv_buffer, iv, iv_len);
 
         /* IV starts with packet id to make the IV unique for packet */
-        if (!packet_id_write(&opt->packet_id.send, &iv_buffer, false, false))
-        {
-            msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
-            goto err;
-        }
+        packet_id_alloc_outgoing(&opt->packet_id.send, &pin, false);
+        ASSERT(packet_id_write(&pin, &iv_buffer, false, false));
 
         /* Remainder of IV consists of implicit part (unique per session) */
         ASSERT(buf_write(&iv_buffer, ctx->implicit_iv, ctx->implicit_iv_len));
@@ -198,25 +196,25 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work,
                 }
 
                 /* Put packet ID in plaintext buffer */
-                if (packet_id_initialized(&opt->packet_id)
-                    && !packet_id_write(&opt->packet_id.send, buf,
-                                        opt->flags & CO_PACKET_ID_LONG_FORM,
-                                        true))
+                if (packet_id_initialized(&opt->packet_id))
                 {
-                    msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
-                    goto err;
+                    struct packet_id_net pin;
+                    packet_id_alloc_outgoing(&opt->packet_id.send, &pin, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM));
+                    ASSERT(packet_id_write(&pin, buf, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), true));
                 }
             }
             else if (cipher_kt_mode_ofb_cfb(cipher_kt))
             {
+                struct packet_id_net pin;
                 struct buffer b;
 
                 /* IV and packet-ID required for this mode. */
                 ASSERT(opt->flags & CO_USE_IV);
                 ASSERT(packet_id_initialized(&opt->packet_id));
 
+                packet_id_alloc_outgoing(&opt->packet_id.send, &pin, true);
                 buf_set_write(&b, iv_buf, iv_size);
-                ASSERT(packet_id_write(&opt->packet_id.send, &b, true, false));
+                ASSERT(packet_id_write(&pin, &b, true, false));
             }
             else /* We only support CBC, CFB, or OFB modes right now */
             {
@@ -264,12 +262,11 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work,
         }
         else                            /* No Encryption */
         {
-            if (packet_id_initialized(&opt->packet_id)
-                && !packet_id_write(&opt->packet_id.send, buf,
-                                    opt->flags & CO_PACKET_ID_LONG_FORM, true))
+            if (packet_id_initialized(&opt->packet_id))
             {
-                msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
-                goto err;
+                struct packet_id_net pin;
+                packet_id_alloc_outgoing(&opt->packet_id.send, &pin, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM));
+                ASSERT(packet_id_write(&pin, buf, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), true));
             }
             if (ctx->hmac)
             {