diff options
| author |   Stanislav Zaikin <stanislav.zaikin@46labs.com> | 2024-08-06 18:10:13 +0200 |
|---|---|---|
| committer |   Beno�t Ganne <bganne@cisco.com> | 2024-08-07 10:12:22 +0000 |
| commit | fa7b7a41e7ca9400dda2266a10dd9179be40c128 (patch) | |
| tree | 851e58edcba94c0741f769ac3435bdc3ee4d3a36 | |
| parent | cf9356d642ce131c6562fcd281c01e51af888ec3 (diff) | |
ikev2: fix BN_bn2bin re-allocation
the former code was re-allocating the vector when padding takes place.
it's not necessary since we have the correct size. also, it caused
issues since upper layer doesn't know about re-allocation and it caused
crash. with this patch many test-cases are enabled again.
Type: fix
Change-Id: Idf0b320101670ec64d62e9aac6399cc7c54c996f
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
| -rw-r--r-- | src/plugins/ikev2/ikev2_crypto.c | 5 | ||||
| -rw-r--r-- | test/test_ikev2.py | 10 |
2 files changed, 2 insertions, 13 deletions
diff --git a/src/plugins/ikev2/ikev2_crypto.c b/src/plugins/ikev2/ikev2_crypto.c index 3d4ad0a28ed..58167e2322e 100644 --- a/src/plugins/ikev2/ikev2_crypto.c +++ b/src/plugins/ikev2/ikev2_crypto.c @@ -481,15 +481,14 @@ ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa, int BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen) { - int r = BN_bn2bin (a, to); + int r = BN_num_bytes (a); ASSERT (tolen >= r); int pad = tolen - r; if (pad) { - vec_insert (to, pad, 0); clib_memset (to, 0, pad); - vec_dec_len (to, pad); } + BN_bn2bin (a, to + pad); return tolen; } #endif diff --git a/test/test_ikev2.py b/test/test_ikev2.py index b93e7805363..be14df10203 100644 --- a/test/test_ikev2.py +++ b/test/test_ikev2.py @@ -23,8 +23,6 @@ from scapy.utils import long_converter from framework import VppTestCase from asfframework import ( tag_fixme_vpp_workers, - tag_fixme_ubuntu2204, - tag_fixme_debian11, is_distro_ubuntu2204, is_distro_debian11, VppTestRunner, @@ -2036,7 +2034,6 @@ class TestResponderBehindNAT(TemplateResponder, Ikev2Params): @tag_fixme_vpp_workers -@tag_fixme_ubuntu2204 class TestInitiatorNATT(TemplateInitiator, Ikev2Params): """test ikev2 initiator - NAT traversal (intitiator behind NAT)""" @@ -2069,7 +2066,6 @@ class TestInitiatorNATT(TemplateInitiator, Ikev2Params): @tag_fixme_vpp_workers -@tag_fixme_ubuntu2204 class TestInitiatorPsk(TemplateInitiator, Ikev2Params): """test ikev2 initiator - pre shared key auth""" @@ -2101,7 +2097,6 @@ class TestInitiatorPsk(TemplateInitiator, Ikev2Params): @tag_fixme_vpp_workers -@tag_fixme_ubuntu2204 class TestInitiatorRequestWindowSize(TestInitiatorPsk): """test initiator - request window size (1)""" @@ -2151,7 +2146,6 @@ class TestInitiatorRequestWindowSize(TestInitiatorPsk): @tag_fixme_vpp_workers -@tag_fixme_ubuntu2204 class TestInitiatorRekey(TestInitiatorPsk): """test ikev2 initiator - rekey""" @@ -2197,7 +2191,6 @@ class TestInitiatorRekey(TestInitiatorPsk): @tag_fixme_vpp_workers -@tag_fixme_ubuntu2204 class TestInitiatorDelSAFromResponder(TemplateInitiator, Ikev2Params): """test ikev2 initiator - delete IKE SA from responder""" @@ -2407,8 +2400,6 @@ class TestResponderRekeySA(TestResponderPsk): self.verify_ike_sas() -@tag_fixme_ubuntu2204 -@tag_fixme_debian11 class TestResponderVrf(TestResponderPsk, Ikev2Params): """test ikev2 responder - non-default table id""" @@ -2528,7 +2519,6 @@ class Test_IKE_AES_GCM_16_256(TemplateResponder, Ikev2Params): @tag_fixme_vpp_workers -@tag_fixme_ubuntu2204 class TestInitiatorKeepaliveMsg(TestInitiatorPsk): """ Test for keep alive messages |