diff options
author | Gabriel Oginski <gabrielx.oginski@intel.com> | 2021-08-12 14:04:03 +0100 |
---|---|---|
committer | Fan Zhang <roy.fan.zhang@intel.com> | 2021-08-13 08:36:09 +0000 |
commit | 078d258034cef5b4ca74d9deb37b2684cc77d060 (patch) | |
tree | e44d3d15e30cc9c7b1bad1335fa0c009c0dba348 /src | |
parent | 3ea8c5c45382a5168ec919f6e3dfb6b080579fe4 (diff) |
wireguard: add flag to check hmac for decryption
Type: fix
Originally the decryption doesn't check the hmac for chacha20-poly1305.
This patch fixes the problem by adding flag to crypto op to check hmac.
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I63e06fc011b288b1c9dc1b96a92923f224ef656b
Diffstat (limited to 'src')
-rwxr-xr-x | src/plugins/wireguard/wireguard_noise.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c index 850be2c86c8..7b4c01942bc 100755 --- a/src/plugins/wireguard/wireguard_noise.c +++ b/src/plugins/wireguard/wireguard_noise.c @@ -518,6 +518,7 @@ chacha20poly1305_calc (vlib_main_t * vm, { op->tag = src + src_len - NOISE_AUTHTAG_LEN; src_len -= NOISE_AUTHTAG_LEN; + op->flags |= VNET_CRYPTO_OP_FLAG_HMAC_CHECK; } else op->tag = tag_; |