libipsec: Don't print ciphertext with ICV in log message
This commit is contained in:
parent
f5c5fd6f74
commit
f6cadb7f54
|
@ -232,7 +232,6 @@ METHOD(esp_packet_t, decrypt, status_t,
|
||||||
return PARSE_ERROR;
|
return PARSE_ERROR;
|
||||||
}
|
}
|
||||||
ciphertext = reader->peek(reader);
|
ciphertext = reader->peek(reader);
|
||||||
ciphertext.len += icv.len;
|
|
||||||
reader->destroy(reader);
|
reader->destroy(reader);
|
||||||
|
|
||||||
if (!esp_context->verify_seqno(esp_context, seq))
|
if (!esp_context->verify_seqno(esp_context, seq))
|
||||||
|
@ -245,6 +244,8 @@ METHOD(esp_packet_t, decrypt, status_t,
|
||||||
DBG3(DBG_ESP, "ESP decryption:\n SPI %.8x [seq %u]\n IV %B\n "
|
DBG3(DBG_ESP, "ESP decryption:\n SPI %.8x [seq %u]\n IV %B\n "
|
||||||
"encrypted %B\n ICV %B", spi, seq, &iv, &ciphertext, &icv);
|
"encrypted %B\n ICV %B", spi, seq, &iv, &ciphertext, &icv);
|
||||||
|
|
||||||
|
/* include ICV in ciphertext for decryption/verification */
|
||||||
|
ciphertext.len += icv.len;
|
||||||
/* aad = spi + seq */
|
/* aad = spi + seq */
|
||||||
aad = chunk_create(data.ptr, 8);
|
aad = chunk_create(data.ptr, 8);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue