summaryrefslogtreecommitdiff
path: root/src/lib/crypt.c
diff options
context:
space:
mode:
authorDimitri Staessens <[email protected]>2022-02-25 18:44:12 +0100
committerSander Vrijders <[email protected]>2022-03-03 12:00:54 +0100
commitf535637a394eecca1af182fb09b175b53e9fbf1f (patch)
treef0598166eeac5ff9f1c197c7ee3103703ddc1fd5 /src/lib/crypt.c
parentf5d642a06f9c1a58197313b32f6b213a152e446f (diff)
downloadouroboros-f535637a394eecca1af182fb09b175b53e9fbf1f.tar.gz
ouroboros-f535637a394eecca1af182fb09b175b53e9fbf1f.zip
lib: Encrypt bare FRCP messages on encrypted flows
Bare FRCP messages (ACKs without data, Rendez-vous packets) were not encrypted on encrypted flows, causing the receiver to fail decryption. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
Diffstat (limited to 'src/lib/crypt.c')
-rw-r--r--src/lib/crypt.c23
1 files changed, 9 insertions, 14 deletions
diff --git a/src/lib/crypt.c b/src/lib/crypt.c
index 043eae13..e19981bc 100644
--- a/src/lib/crypt.c
+++ b/src/lib/crypt.c
@@ -217,8 +217,7 @@ static int openssl_encrypt(struct flow * f,
in = shm_du_buff_head(sdb);
in_sz = shm_du_buff_tail(sdb) - in;
- if (in_sz == 0)
- return 0;
+ assert(in_sz > 0);
if (random_buffer(iv, IVSZ) < 0)
goto fail_iv;
@@ -229,11 +228,7 @@ static int openssl_encrypt(struct flow * f,
EVP_CIPHER_CTX_reset(f->ctx);
- ret = EVP_EncryptInit_ex(f->ctx,
- EVP_aes_256_cbc(),
- NULL,
- f->key,
- iv);
+ ret = EVP_EncryptInit_ex(f->ctx, EVP_aes_256_cbc(), NULL, f->key, iv);
if (ret != 1)
goto fail_encrypt_init;
@@ -287,13 +282,17 @@ static int openssl_decrypt(struct flow * f,
int in_sz;
int tmp_sz;
+ in = shm_du_buff_head(sdb);
+ in_sz = shm_du_buff_tail(sdb) - in;
+ if (in_sz < IVSZ)
+ return -ECRYPT;
+
in = shm_du_buff_head_release(sdb, IVSZ);
memcpy(iv, in, IVSZ);
in = shm_du_buff_head(sdb);
-
- in_sz = shm_du_buff_tail(sdb) - shm_du_buff_head(sdb);
+ in_sz = shm_du_buff_tail(sdb) - in;
out = malloc(in_sz);
if (out == NULL)
@@ -301,11 +300,7 @@ static int openssl_decrypt(struct flow * f,
EVP_CIPHER_CTX_reset(f->ctx);
- ret = EVP_DecryptInit_ex(f->ctx,
- EVP_aes_256_cbc(),
- NULL,
- f->key,
- iv);
+ ret = EVP_DecryptInit_ex(f->ctx, EVP_aes_256_cbc(), NULL, f->key, iv);
if (ret != 1)
goto fail_decrypt_init;