xnu-3789.51.2.tar.gz

[apple/xnu.git] / bsd / netinet6 / esp_input.c

diff --git a/bsd/netinet6/esp_input.c b/bsd/netinet6/esp_input.c
index 23e5aa5606cec71c85b886421d03aa26c717bdc3..8056438bb44d481d157afa970eaedcda459ce95d 100644 (file)
--- a/bsd/netinet6/esp_input.c
+++ b/bsd/netinet6/esp_input.c
@@ -428,19 +428,12 @@ noreplaycheck:
 
        if (algo->finalizedecrypt)
         {
-           unsigned char tag[algo->icvlen];
-           if ((*algo->finalizedecrypt)(sav, tag, algo->icvlen)) {
+           if ((*algo->finalizedecrypt)(sav, saved_icv, algo->icvlen)) {
                ipseclog((LOG_ERR, "packet decryption ICV failure\n"));
                IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
                KERNEL_DEBUG(DBG_FNC_DECRYPT | DBG_FUNC_END, 1,0,0,0,0);
                goto bad;
            }
-           if (cc_cmp_safe(algo->icvlen, saved_icv, tag)) {      
-               ipseclog((LOG_ERR, "packet decryption ICV mismatch\n"));
-               IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
-               KERNEL_DEBUG(DBG_FNC_DECRYPT | DBG_FUNC_END, 1,0,0,0,0);
-               goto bad;
-           }
        }
 
        /*
@@ -1021,19 +1014,12 @@ noreplaycheck:
 
        if (algo->finalizedecrypt)
         {
-           unsigned char tag[algo->icvlen];
-           if ((*algo->finalizedecrypt)(sav, tag, algo->icvlen)) {
+           if ((*algo->finalizedecrypt)(sav, saved_icv, algo->icvlen)) {
                ipseclog((LOG_ERR, "packet decryption ICV failure\n"));
                IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
                KERNEL_DEBUG(DBG_FNC_DECRYPT | DBG_FUNC_END, 1,0,0,0,0);
                goto bad;
            }
-           if (cc_cmp_safe(algo->icvlen, saved_icv, tag)) {      
-               ipseclog((LOG_ERR, "packet decryption ICV mismatch\n"));
-               IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
-               KERNEL_DEBUG(DBG_FNC_DECRYPT | DBG_FUNC_END, 1,0,0,0,0);
-               goto bad;
-           }
        }
 
        /*