X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fgcrypt%2Fcipher.c;h=ad2a9505318475dcbd0fed871fc3df23d2219ee5;hb=0ff44fc2417217d542bf0e9a7ecfd20020893bc7;hp=2e8e057d9eaf2cfe57fde2f1da459b5473c8c617;hpb=d6c50eb73ad49bd2eac67214995dff76b7a20661;p=tinc

diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c
index 2e8e057d..ad2a9505 100644
--- a/src/gcrypt/cipher.c
+++ b/src/gcrypt/cipher.c
@@ -196,7 +196,7 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 		if(!oneshot)
 			return false;
 
-		size_t reqlen = ((inlen + 1) / cipher->blklen) * cipher->blklen;
+		size_t reqlen = ((inlen + 8) / cipher->blklen) * cipher->blklen;
 		uint8_t padbyte = reqlen - inlen;
 		inlen = reqlen - cipher->blklen;
 
@@ -207,6 +207,9 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 				pad[i] = padbyte;
 	}
 	
+	if(oneshot)
+		gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
+
 	if((err = gcry_cipher_encrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
 		logger(LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
 		return false;
@@ -228,6 +231,9 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
 	gcry_error_t err;
 
+	if(oneshot)
+		gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
+
 	if((err = gcry_cipher_decrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
 		logger(LOG_ERR, "Error while decrypting: %s", gcry_strerror(err));
 		return false;
@@ -239,14 +245,18 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 
 		uint8_t padbyte = ((uint8_t *)outdata)[inlen - 1];
 
-		if(padbyte == 0 || padbyte > cipher->blklen || padbyte > inlen)
+		if(padbyte == 0 || padbyte > cipher->blklen || padbyte > inlen) {
+			logger(LOG_ERR, "Error while decrypting: invalid padding");
 			return false;
+		}
 
 		size_t origlen = inlen - padbyte;
 
 		for(int i = inlen - 1; i >= origlen; i--)
-			if(((uint8_t *)indata)[i] != padbyte)
+			if(((uint8_t *)outdata)[i] != padbyte) {
+				logger(LOG_ERR, "Error while decrypting: invalid padding");
 				return false;
+			}
 
 		*outlen = origlen;
 	}