libipsec: Properly calculate padding length especially for AES-GCM
authorTobias Brunner <tobias@strongswan.org>
Fri, 11 Oct 2013 23:09:53 +0000 (01:09 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 17 Oct 2013 09:42:45 +0000 (11:42 +0200)
src/libipsec/esp_packet.c

index db5ef36..7de765e 100644 (file)
@@ -309,7 +309,9 @@ METHOD(esp_packet_t, encrypt, status_t,
        payload = this->payload ? this->payload->get_encoding(this->payload)
                                                        : chunk_empty;
        plainlen = payload.len + 2;
-       padding.len = blocksize - (plainlen % blocksize);
+       padding.len = pad_len(plainlen, blocksize);
+       /* ICV must be on a 4-byte boundary */
+       padding.len += pad_len(iv.len + plainlen + padding.len, 4);
        plainlen += padding.len;
 
        /* len = spi, seq, IV, plaintext, ICV */