diff options
author | Tobias Brunner <tobias@strongswan.org> | 2013-10-12 01:09:53 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2013-10-17 11:42:45 +0200 |
commit | f5c5fd6f74b8b9bd65948e4b73ab916a141d7e83 (patch) | |
tree | cd84db8dccfd3961c1b9751d65eedccebe85ea00 | |
parent | 812ae898bfa4917e2d69b17b0c3949bb2c2c2b18 (diff) | |
download | strongswan-f5c5fd6f74b8b9bd65948e4b73ab916a141d7e83.tar.bz2 strongswan-f5c5fd6f74b8b9bd65948e4b73ab916a141d7e83.tar.xz |
libipsec: Properly calculate padding length especially for AES-GCM
-rw-r--r-- | src/libipsec/esp_packet.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c index db5ef3685..7de765ecd 100644 --- a/src/libipsec/esp_packet.c +++ b/src/libipsec/esp_packet.c @@ -309,7 +309,9 @@ METHOD(esp_packet_t, encrypt, status_t, payload = this->payload ? this->payload->get_encoding(this->payload) : chunk_empty; plainlen = payload.len + 2; - padding.len = blocksize - (plainlen % blocksize); + padding.len = pad_len(plainlen, blocksize); + /* ICV must be on a 4-byte boundary */ + padding.len += pad_len(iv.len + plainlen + padding.len, 4); plainlen += padding.len; /* len = spi, seq, IV, plaintext, ICV */ |