warp-vpn

point to point VPN implementation
git clone git://git.2f30.org/warp-vpn
Log | Files | Refs | README

commit b807f6d21c67aba0550b205456d46a8054fc06cc
parent a277455f7772361c9a3f4a68c33fe539f7435267
Author: sin <sin@2f30.org>
Date:   Wed, 30 Mar 2016 09:34:11 +0100

use default iv length for gcm

Diffstat:
Mstun.c | 14++++----------
1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/stun.c b/stun.c @@ -27,9 +27,9 @@ * All tunneled traffic is encapsulated inside the TCP payload. * The packet format is shown below: * - * [PAYLOAD LENGTH] [IV] [PAYLOAD] + * [PAYLOAD LENGTH] [IV] [PAYLOAD] [TAG] * - * Where payload length is 2 octets and IV is 16 octets. + * Where payload length is 2 octets, IV is 12 octets and tag is 16 octects. */ #include <sys/types.h> @@ -79,11 +79,11 @@ #define CHALLENGETIMEO 1 /* in seconds */ #define RECONNECTTIMEO 60 /* in seconds */ #define HDRLEN 2 -#define IVLEN 16 +#define IVLEN 12 #define TAGLEN 16 #define PKTLENMASK 0xfff #define BADPKT 0x8000 -#define MTU 1400 +#define MTU 1412 enum { TUNDEV, @@ -192,9 +192,6 @@ aesenc(EVP_CIPHER_CTX *ctx, unsigned char *ct, unsigned char *pt, int plen, if (EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL) != 1) logerr("EVP_EncryptInit_ex failed"); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, IVLEN, NULL) != 1) - logerr("EVP_CTRL_GCM_SET_IVLEN failed"); - if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) != 1) logerr("EVP_EncryptInit_ex failed"); @@ -219,9 +216,6 @@ aesdec(EVP_CIPHER_CTX *ctx, unsigned char *pt, unsigned char *ct, int clen, if (EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL) != 1) logerr("EVP_DecryptInit_ex failed"); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, IVLEN, NULL) != 1) - logerr("EVP_CTRL_GCM_SET_IVLEN failed"); - if (EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv) != 1) logerr("EVP_DecryptInit_ex failed");