aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2013-10-17 11:36:32 +0200
committerTobias Brunner <tobias@strongswan.org>2013-10-17 11:43:58 +0200
commitf6cadb7f54f82cf01451d60c08d5a34169032609 (patch)
tree175d94ffa953e37fb6de699b1289c3675481874f
parentf5c5fd6f74b8b9bd65948e4b73ab916a141d7e83 (diff)
downloadstrongswan-f6cadb7f54f82cf01451d60c08d5a34169032609.tar.bz2
strongswan-f6cadb7f54f82cf01451d60c08d5a34169032609.tar.xz
libipsec: Don't print ciphertext with ICV in log message
Diffstat
-rw-r--r--src/libipsec/esp_packet.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c
index 7de765ecd..ebe13ce77 100644
--- a/src/libipsec/esp_packet.c
+++ b/src/libipsec/esp_packet.c
@@ -232,7 +232,6 @@ METHOD(esp_packet_t, decrypt, status_t,
return PARSE_ERROR;
}
ciphertext = reader->peek(reader);
- ciphertext.len += icv.len;
reader->destroy(reader);
if (!esp_context->verify_seqno(esp_context, seq))
@@ -245,6 +244,8 @@ METHOD(esp_packet_t, decrypt, status_t,
DBG3(DBG_ESP, "ESP decryption:\n SPI %.8x [seq %u]\n IV %B\n "
"encrypted %B\n ICV %B", spi, seq, &iv, &ciphertext, &icv);
+ /* include ICV in ciphertext for decryption/verification */
+ ciphertext.len += icv.len;
/* aad = spi + seq */
aad = chunk_create(data.ptr, 8);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-24 11:48:33 +0000