comparison packet.c @ 605:53c21d4ec98a

- Don't allow setting memLevel since that doesn't work properly - Better handling of the case where compressing makes the data larger (possibly only happens when memLevel is adjusted, but better to be safe)
author Matt Johnston <matt@ucc.asn.au>
date Mon, 28 Feb 2011 13:51:27 +0000
parents a98a2138364a
children 895fbe068f2c
comparison
equal deleted inserted replaced
599:8220862baae8 605:53c21d4ec98a
39 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state, 39 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state,
40 buffer * clear_buf, unsigned int clear_len, 40 buffer * clear_buf, unsigned int clear_len,
41 unsigned char *output_mac); 41 unsigned char *output_mac);
42 static int checkmac(); 42 static int checkmac();
43 43
44 #define ZLIB_COMPRESS_INCR 20 /* this is 12 bytes + 0.1% of 8000 bytes */ 44 #define ZLIB_COMPRESS_INCR 100
45 #define ZLIB_DECOMPRESS_INCR 100 45 #define ZLIB_DECOMPRESS_INCR 100
46 #ifndef DISABLE_ZLIB 46 #ifndef DISABLE_ZLIB
47 static buffer* buf_decompress(buffer* buf, unsigned int len); 47 static buffer* buf_decompress(buffer* buf, unsigned int len);
48 static void buf_compress(buffer * dest, buffer * src, unsigned int len); 48 static void buf_compress(buffer * dest, buffer * src, unsigned int len);
49 #endif 49 #endif
450 } 450 }
451 451
452 blocksize = ses.keys->trans.algo_crypt->blocksize; 452 blocksize = ses.keys->trans.algo_crypt->blocksize;
453 mac_size = ses.keys->trans.algo_mac->hashsize; 453 mac_size = ses.keys->trans.algo_mac->hashsize;
454 454
455 /* Encrypted packet len is payload+5, then worst case is if we are 3 away 455 /* Encrypted packet len is payload+5. We need to then make sure
456 * from a blocksize multiple. In which case we need to pad to the 456 * there is enough space for padding or MIN_PACKET_LEN.
457 * multiple, then add another blocksize (or MIN_PACKET_LEN) */ 457 * Add extra 3 since we need at least 4 bytes of padding */
458 encrypt_buf_size = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3 458 encrypt_buf_size = (ses.writepayload->len+4+1)
459 + MAX(MIN_PACKET_LEN, blocksize) + 3
459 /* add space for the MAC at the end */ 460 /* add space for the MAC at the end */
460 + mac_size 461 + mac_size
461 #ifndef DISABLE_ZLIB 462 #ifndef DISABLE_ZLIB
462 /* zlib compression could lengthen the payload in some cases */ 463 /* some extra in case 'compression' makes it larger */
463 + ZLIB_COMPRESS_INCR 464 + ZLIB_COMPRESS_INCR
464 #endif 465 #endif
465 /* and an extra cleartext (stripped before transmission) byte for the 466 /* and an extra cleartext (stripped before transmission) byte for the
466 * packet type */ 467 * packet type */
467 + 1; 468 + 1;
471 buf_setpos(writebuf, PACKET_PAYLOAD_OFF); 472 buf_setpos(writebuf, PACKET_PAYLOAD_OFF);
472 473
473 #ifndef DISABLE_ZLIB 474 #ifndef DISABLE_ZLIB
474 /* compression */ 475 /* compression */
475 if (is_compress_trans()) { 476 if (is_compress_trans()) {
477 int compress_delta;
476 buf_compress(writebuf, ses.writepayload, ses.writepayload->len); 478 buf_compress(writebuf, ses.writepayload, ses.writepayload->len);
479 compress_delta = (writebuf->len - PACKET_PAYLOAD_OFF) - ses.writepayload->len;
480
481 /* Handle the case where 'compress' increased the size. */
482 if (compress_delta > ZLIB_COMPRESS_INCR) {
483 buf_resize(writebuf, writebuf->size + compress_delta);
484 }
477 } else 485 } else
478 #endif 486 #endif
479 { 487 {
480 memcpy(buf_getwriteptr(writebuf, ses.writepayload->len), 488 memcpy(buf_getwriteptr(writebuf, ses.writepayload->len),
481 buf_getptr(ses.writepayload, ses.writepayload->len), 489 buf_getptr(ses.writepayload, ses.writepayload->len),