commit b807f6d21c67aba0550b205456d46a8054fc06cc
parent a277455f7772361c9a3f4a68c33fe539f7435267
Author: sin <sin@2f30.org>
Date: Wed, 30 Mar 2016 09:34:11 +0100
use default iv length for gcm
Diffstat:
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/stun.c b/stun.c
@@ -27,9 +27,9 @@
* All tunneled traffic is encapsulated inside the TCP payload.
* The packet format is shown below:
*
- * [PAYLOAD LENGTH] [IV] [PAYLOAD]
+ * [PAYLOAD LENGTH] [IV] [PAYLOAD] [TAG]
*
- * Where payload length is 2 octets and IV is 16 octets.
+ * Where payload length is 2 octets, IV is 12 octets and tag is 16 octects.
*/
#include <sys/types.h>
@@ -79,11 +79,11 @@
#define CHALLENGETIMEO 1 /* in seconds */
#define RECONNECTTIMEO 60 /* in seconds */
#define HDRLEN 2
-#define IVLEN 16
+#define IVLEN 12
#define TAGLEN 16
#define PKTLENMASK 0xfff
#define BADPKT 0x8000
-#define MTU 1400
+#define MTU 1412
enum {
TUNDEV,
@@ -192,9 +192,6 @@ aesenc(EVP_CIPHER_CTX *ctx, unsigned char *ct, unsigned char *pt, int plen,
if (EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL) != 1)
logerr("EVP_EncryptInit_ex failed");
- if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, IVLEN, NULL) != 1)
- logerr("EVP_CTRL_GCM_SET_IVLEN failed");
-
if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) != 1)
logerr("EVP_EncryptInit_ex failed");
@@ -219,9 +216,6 @@ aesdec(EVP_CIPHER_CTX *ctx, unsigned char *pt, unsigned char *ct, int clen,
if (EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL) != 1)
logerr("EVP_DecryptInit_ex failed");
- if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, IVLEN, NULL) != 1)
- logerr("EVP_CTRL_GCM_SET_IVLEN failed");
-
if (EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv) != 1)
logerr("EVP_DecryptInit_ex failed");
