Do not use hardcoded cipher block length when padding.

author Guus Sliepen <guus@tinc-vpn.org>

Sat, 19 Dec 2009 22:23:25 +0000 (23:23 +0100)

committer Guus Sliepen <guus@tinc-vpn.org>

Sat, 19 Dec 2009 22:23:25 +0000 (23:23 +0100)
author Guus Sliepen <guus@tinc-vpn.org>
Sat, 19 Dec 2009 22:23:25 +0000 (23:23 +0100)
committer Guus Sliepen <guus@tinc-vpn.org>
Sat, 19 Dec 2009 22:23:25 +0000 (23:23 +0100)
diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c

index ad2a950..6a2cc5a 100644 (file)
--- a/src/gcrypt/cipher.c
+++ b/src/gcrypt/cipher.c
@@ -196,7 +196,13 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
                 if(!oneshot)
                         return false;
  
-               size_t reqlen = ((inlen + 8) / cipher->blklen) * cipher->blklen;
+               size_t reqlen = ((inlen + cipher->blklen) / cipher->blklen) * cipher->blklen;
+
+               if(*outlen < reqlen) {
+                       logger(LOG_ERR, "Error while encrypting: not enough room for padding");
+                       return false;
+               }
+
                 uint8_t padbyte = reqlen - inlen;
                 inlen = reqlen - cipher->blklen;
  
@@ -259,7 +265,8 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
                         }
  
                 *outlen = origlen;
-       }
+       } else
+               *outlen = inlen;
  
         return true;
  }
author	Guus Sliepen <guus@tinc-vpn.org>
	Sat, 19 Dec 2009 22:23:25 +0000 (23:23 +0100)
committer	Guus Sliepen <guus@tinc-vpn.org>
	Sat, 19 Dec 2009 22:23:25 +0000 (23:23 +0100)