From 57f48a743c6afd52ce83eba3f2c94fe452cd04ca Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Sun, 9 Jun 2019 14:58:25 -0700
Subject: [PATCH] fix GP MTU calculation

1) Had been erroneously assuming 32-byte blocksize for AES-256 (it's only 16)
2) HMAC-SHA256 writes a 16-byte MAC

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 gpst.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gpst.c b/gpst.c
index 0a621c41..66f00666 100644
--- a/gpst.c
+++ b/gpst.c
@@ -374,14 +374,14 @@ static int calculate_mtu(struct openconnect_info *vpninfo, int can_use_esp)
 	if (!mtu && can_use_esp) {
 		/* remove ESP, UDP, IP headers from base (wire) MTU */
 		mtu = ( base_mtu - UDP_HEADER_SIZE - ESP_HEADER_SIZE
-		        - 12 /* both supported algos (SHA1 and MD5) have 96-bit MAC lengths (RFC2403 and RFC2404) */
-		        - (vpninfo->enc_key_len ? : 32) /* biggest supported IV (AES-256) */ );
+		        - vpninfo->hmac_out_len
+		        - MAX_IV_SIZE);
 		if (vpninfo->peer_addr->sa_family == AF_INET6)
 			mtu -= IPV6_HEADER_SIZE;
 		else
 			mtu -= IPV4_HEADER_SIZE;
-		/* round down to a multiple of blocksize */
-		mtu -= mtu % (vpninfo->enc_key_len ? : 32);
+		/* round down to a multiple of blocksize (16 bytes for both AES-128 and AES-256) */
+		mtu -= mtu % 16;
 		/* subtract ESP footer, which is included in the payload before padding to the blocksize */
 		mtu -= ESP_FOOTER_SIZE;
 
-- 
2.49.0