ipsec: calculate and verified the AEAD ICV only if enabled
AEAD ciphers should behave in the same way as the classical cipher+hmac methods: the ICV should be calculated and verified if the user has enabled the authentication check in the ESP protocol options.
This commit is contained in:
parent
67dad02eb0
commit
1e04fb3001
|
@ -2018,7 +2018,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (icv_type == ICV_TYPE_AEAD) {
|
||||
if (g_esp_enable_authentication_check && icv_type == ICV_TYPE_AEAD) {
|
||||
/* Allocate buffer for ICV */
|
||||
esp_icv = (guint8 *)tvb_memdup(wmem_packet_scope(), tvb, esp_packet_len - esp_icv_len, esp_icv_len);
|
||||
|
||||
|
@ -2050,7 +2050,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
decrypt_ok = TRUE;
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (icv_type == ICV_TYPE_AEAD) {
|
||||
if (g_esp_enable_authentication_check && icv_type == ICV_TYPE_AEAD) {
|
||||
guchar *esp_icv_computed;
|
||||
gint tag_len;
|
||||
|
||||
|
|
Loading…
Reference in New Issue