X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fopenssl%2Fcipher.c;h=a8032ea02a68a7459bb26e3caada3952da12a078;hb=1be0c284c7c8d34c2dd6c2160ce49aeae468e867;hp=17ad408b317dd7465eb576c06c28040aa7708f33;hpb=edc1efed3c0cf5aebb1c765066c0413757229a31;p=tinc

diff --git a/src/openssl/cipher.c b/src/openssl/cipher.c
index 17ad408b..a8032ea0 100644
--- a/src/openssl/cipher.c
+++ b/src/openssl/cipher.c
@@ -77,6 +77,24 @@ size_t cipher_keylength(const cipher_t *cipher) {
 	return EVP_CIPHER_key_length(cipher->cipher) + EVP_CIPHER_iv_length(cipher->cipher);
 }
 
+uint64_t cipher_budget(const cipher_t *cipher) {
+	/* Hopefully some failsafe way to calculate the maximum amount of bytes to
+	   send/receive with a given cipher before we might run into birthday paradox
+	   attacks. Because we might use different modes, the block size of the mode
+	   might be 1 byte. In that case, use the IV length. Ensure the whole thing
+	   is limited to what can be represented with a 64 bits integer.
+	 */
+
+	if(!cipher || !cipher->cipher)
+		return UINT64_MAX; // NULL cipher
+
+	int ivlen = EVP_CIPHER_iv_length(cipher->cipher);
+	int blklen = EVP_CIPHER_block_size(cipher->cipher);
+	int len = blklen > 1 ? blklen : ivlen > 1 ? ivlen : 8;
+	int bits = len * 4 - 1;
+	return bits < 64 ? UINT64_C(1) << bits : UINT64_MAX;
+}
+
 size_t cipher_blocksize(const cipher_t *cipher) {
 	if(!cipher || !cipher->cipher)
 		return 1;
@@ -119,7 +137,7 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 		int len, pad;
 		if(EVP_EncryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL)
 				&& EVP_EncryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, inlen)
-				&& EVP_EncryptFinal(cipher->ctx, (unsigned char *)outdata + len, &pad)) {
+				&& EVP_EncryptFinal_ex(cipher->ctx, (unsigned char *)outdata + len, &pad)) {
 			if(outlen) *outlen = len + pad;
 			return true;
 		}
@@ -140,7 +158,7 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 		int len, pad;
 		if(EVP_DecryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL)
 				&& EVP_DecryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, inlen)
-				&& EVP_DecryptFinal(cipher->ctx, (unsigned char *)outdata + len, &pad)) {
+				&& EVP_DecryptFinal_ex(cipher->ctx, (unsigned char *)outdata + len, &pad)) {
 			if(outlen) *outlen = len + pad;
 			return true;
 		}