summaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard
diff options
context:
space:
mode:
authorGabriel Oginski <gabrielx.oginski@intel.com>2021-08-12 14:04:03 +0100
committerFan Zhang <roy.fan.zhang@intel.com>2021-08-13 08:36:09 +0000
commit078d258034cef5b4ca74d9deb37b2684cc77d060 (patch)
treee44d3d15e30cc9c7b1bad1335fa0c009c0dba348 /src/plugins/wireguard
parent3ea8c5c45382a5168ec919f6e3dfb6b080579fe4 (diff)
wireguard: add flag to check hmac for decryption
Type: fix Originally the decryption doesn't check the hmac for chacha20-poly1305. This patch fixes the problem by adding flag to crypto op to check hmac. Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I63e06fc011b288b1c9dc1b96a92923f224ef656b
Diffstat (limited to 'src/plugins/wireguard')
-rwxr-xr-xsrc/plugins/wireguard/wireguard_noise.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c
index 850be2c86c8..7b4c01942bc 100755
--- a/src/plugins/wireguard/wireguard_noise.c
+++ b/src/plugins/wireguard/wireguard_noise.c
@@ -518,6 +518,7 @@ chacha20poly1305_calc (vlib_main_t * vm,
{
op->tag = src + src_len - NOISE_AUTHTAG_LEN;
src_len -= NOISE_AUTHTAG_LEN;
+ op->flags |= VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
}
else
op->tag = tag_;