osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

ipsec: calculate and verified the AEAD ICV only if enabled 

AEAD ciphers should behave in the same way as the classical
cipher+hmac methods: the ICV should be calculated and verified
if the user has enabled the authentication check in the ESP
protocol options.
This commit is contained in:
Dr. Matthias St. Pierre 2021-06-28 01:02:46 +02:00 committed by Wireshark GitLab Utility
parent 67dad02eb0
commit 1e04fb3001
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
epan/dissectors/packet-ipsec.c
View File

@ -2018,7 +2018,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
#ifdef HAVE_LIBGCRYPT_AEAD
if (icv_type == ICV_TYPE_AEAD) {
if (g_esp_enable_authentication_check && icv_type == ICV_TYPE_AEAD) {
/* Allocate buffer for ICV */
esp_icv = (guint8 *)tvb_memdup(wmem_packet_scope(), tvb, esp_packet_len - esp_icv_len, esp_icv_len);
@ -2050,7 +2050,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
decrypt_ok = TRUE;
#ifdef HAVE_LIBGCRYPT_AEAD
if (icv_type == ICV_TYPE_AEAD) {
if (g_esp_enable_authentication_check && icv_type == ICV_TYPE_AEAD) {
guchar *esp_icv_computed;
gint tag_len;