summaryrefslogtreecommitdiff
path: root/src/openvpn/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/crypto.c')
-rw-r--r--src/openvpn/crypto.c31
1 files changed, 14 insertions, 17 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 0dba7ca..7119abc 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -85,6 +85,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
/* Prepare IV */
{
struct buffer iv_buffer;
+ struct packet_id_net pin;
uint8_t iv[OPENVPN_MAX_IV_LENGTH] = {0};
const int iv_len = cipher_ctx_iv_length(ctx->cipher);
@@ -93,11 +94,8 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
buf_set_write(&iv_buffer, iv, iv_len);
/* IV starts with packet id to make the IV unique for packet */
- if (!packet_id_write(&opt->packet_id.send, &iv_buffer, false, false))
- {
- msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
- goto err;
- }
+ packet_id_alloc_outgoing(&opt->packet_id.send, &pin, false);
+ ASSERT(packet_id_write(&pin, &iv_buffer, false, false));
/* Remainder of IV consists of implicit part (unique per session) */
ASSERT(buf_write(&iv_buffer, ctx->implicit_iv, ctx->implicit_iv_len));
@@ -198,25 +196,25 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work,
}
/* Put packet ID in plaintext buffer */
- if (packet_id_initialized(&opt->packet_id)
- && !packet_id_write(&opt->packet_id.send, buf,
- opt->flags & CO_PACKET_ID_LONG_FORM,
- true))
+ if (packet_id_initialized(&opt->packet_id))
{
- msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
- goto err;
+ struct packet_id_net pin;
+ packet_id_alloc_outgoing(&opt->packet_id.send, &pin, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM));
+ ASSERT(packet_id_write(&pin, buf, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), true));
}
}
else if (cipher_kt_mode_ofb_cfb(cipher_kt))
{
+ struct packet_id_net pin;
struct buffer b;
/* IV and packet-ID required for this mode. */
ASSERT(opt->flags & CO_USE_IV);
ASSERT(packet_id_initialized(&opt->packet_id));
+ packet_id_alloc_outgoing(&opt->packet_id.send, &pin, true);
buf_set_write(&b, iv_buf, iv_size);
- ASSERT(packet_id_write(&opt->packet_id.send, &b, true, false));
+ ASSERT(packet_id_write(&pin, &b, true, false));
}
else /* We only support CBC, CFB, or OFB modes right now */
{
@@ -264,12 +262,11 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work,
}
else /* No Encryption */
{
- if (packet_id_initialized(&opt->packet_id)
- && !packet_id_write(&opt->packet_id.send, buf,
- opt->flags & CO_PACKET_ID_LONG_FORM, true))
+ if (packet_id_initialized(&opt->packet_id))
{
- msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
- goto err;
+ struct packet_id_net pin;
+ packet_id_alloc_outgoing(&opt->packet_id.send, &pin, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM));
+ ASSERT(packet_id_write(&pin, buf, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), true));
}
if (ctx->hmac)
{