[src/trunk]: src/sys/netinet6 use correct padding boundary, to correctly esti...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a4a42f53ebf1
branches:  trunk
changeset: 535060:a4a42f53ebf1
user:      itojun <itojun%NetBSD.org@localhost>
date:      Fri Aug 09 06:38:12 2002 +0000

description:
use correct padding boundary, to correctly estimate ESP header size.
problem found by Arto Selonen <arto%selonen.org@localhost>

diffstat:

 sys/netinet6/esp.h        |   3 ++-
 sys/netinet6/esp_core.c   |  28 +++++++++++++++++++++++-----
 sys/netinet6/esp_output.c |  18 +++++++++++-------
 3 files changed, 36 insertions(+), 13 deletions(-)

diffs (130 lines):

diff -r 0ae2a3661edc -r a4a42f53ebf1 sys/netinet6/esp.h
--- a/sys/netinet6/esp.h        Fri Aug 09 06:29:01 2002 +0000
+++ b/sys/netinet6/esp.h        Fri Aug 09 06:38:12 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: esp.h,v 1.19 2002/08/09 06:29:01 itojun Exp $  */
+/*     $NetBSD: esp.h,v 1.20 2002/08/09 06:38:12 itojun Exp $  */
 /*     $KAME: esp.h,v 1.19 2001/09/04 08:43:19 itojun Exp $    */
 
 /*
@@ -92,6 +92,7 @@
 };
 
 extern const struct esp_algorithm *esp_algorithm_lookup __P((int));
+extern int esp_max_padbound __P((void));
 extern int esp_max_ivlen __P((void));
 
 /* crypt routines */
diff -r 0ae2a3661edc -r a4a42f53ebf1 sys/netinet6/esp_core.c
--- a/sys/netinet6/esp_core.c   Fri Aug 09 06:29:01 2002 +0000
+++ b/sys/netinet6/esp_core.c   Fri Aug 09 06:38:12 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: esp_core.c,v 1.23 2002/06/09 14:43:11 itojun Exp $     */
+/*     $NetBSD: esp_core.c,v 1.24 2002/08/09 06:38:13 itojun Exp $     */
 /*     $KAME: esp_core.c,v 1.53 2001/11/27 09:47:30 sakane Exp $       */
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: esp_core.c,v 1.23 2002/06/09 14:43:11 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: esp_core.c,v 1.24 2002/08/09 06:38:13 itojun Exp $");
 
 #include "opt_inet.h"
 
@@ -171,18 +171,36 @@
 }
 
 int
+esp_max_padbound()
+{
+       int idx;
+       static int padbound = 0;
+
+       if (padbound)
+               return padbound;
+
+       for (idx = 0; idx < sizeof(esp_algorithms)/sizeof(esp_algorithms[0]);
+            idx++) {
+               if (esp_algorithms[idx].padbound > padbound)
+                       padbound = esp_algorithms[idx].padbound;
+       }
+       return padbound;
+}
+
+int
 esp_max_ivlen()
 {
        int idx;
-       int ivlen;
+       static int ivlen = 0;
 
-       ivlen = 0;
+       if (ivlen)
+               return ivlen;
+
        for (idx = 0; idx < sizeof(esp_algorithms)/sizeof(esp_algorithms[0]);
             idx++) {
                if (esp_algorithms[idx].ivlenval > ivlen)
                        ivlen = esp_algorithms[idx].ivlenval;
        }
-
        return ivlen;
 }
 
diff -r 0ae2a3661edc -r a4a42f53ebf1 sys/netinet6/esp_output.c
--- a/sys/netinet6/esp_output.c Fri Aug 09 06:29:01 2002 +0000
+++ b/sys/netinet6/esp_output.c Fri Aug 09 06:38:12 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: esp_output.c,v 1.13 2002/06/09 14:43:11 itojun Exp $   */
+/*     $NetBSD: esp_output.c,v 1.14 2002/08/09 06:38:14 itojun Exp $   */
 /*     $KAME: esp_output.c,v 1.44 2001/07/26 06:53:15 jinmei Exp $     */
 
 /*
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: esp_output.c,v 1.13 2002/06/09 14:43:11 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: esp_output.c,v 1.14 2002/08/09 06:38:14 itojun Exp $");
 
 #include "opt_inet.h"
 
@@ -123,7 +123,8 @@
         */
        if (sav->flags & SADB_X_EXT_OLD) {
                /* RFC 1827 */
-               hdrsiz = sizeof(struct esp) + ivlen + 9;
+               hdrsiz = sizeof(struct esp) + ivlen +
+                   esp_max_padbound() - 1 + 2;
        } else {
                /* RFC 2406 */
                aalgo = ah_algorithm_lookup(sav->alg_auth);
@@ -131,7 +132,8 @@
                        authlen = (aalgo->sumsiz)(sav);
                else
                        authlen = 0;
-               hdrsiz = sizeof(struct newesp) + ivlen + 9 + authlen;
+               hdrsiz = sizeof(struct newesp) + ivlen +
+                   esp_max_padbound() - 1 + 2 + authlen;
        }
 
        return hdrsiz;
@@ -141,11 +143,13 @@
         * ASSUMING:
         *      sizeof(struct newesp) > sizeof(struct esp).
         *      esp_max_ivlen() = max ivlen for CBC mode
-        *      9 = (maximum padding length without random padding length)
-        *         + (Pad Length field) + (Next Header field).
+        *      esp_max_padbound - 1 =
+        *         (maximum padding length without random padding length)
+        *      2 = (Pad Length field) + (Next Header field).
         *      16 = maximum ICV we support.
         */
-       return sizeof(struct newesp) + esp_max_ivlen() + 9 + 16;
+       return sizeof(struct newesp) + esp_max_ivlen() +
+           esp_max_padbound() - 1 + 2 + 16;
 }
 
 /*