summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVladimir Ratnikov <vratnikov@netgate.com>2019-05-17 09:17:59 -0400
committerNeale Ranns <nranns@cisco.com>2019-05-20 16:59:53 +0000
commitf48050785f254afb7515383e8595425fa652e056 (patch)
tree5a22f4f7859b00d4cd6e635b58b1683f5a1c9968
parentd1a5b2dcfa237c3346bd8d759c8f21f4002be9eb (diff)
openssl plugin 3des routine iv_len fix
Since 3DES has 8 bytes of initialization vector and code contains hardcode for 16 bytes, check added to determine if crypto algorythm is 3DES_CBC and set corresponding iv_len param Change-Id: Iac50c8a8241e321e3b4d576c88f2496852bd905c Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
-rw-r--r--src/plugins/crypto_openssl/main.c8
-rw-r--r--test/test_ipsec_esp.py12
2 files changed, 17 insertions, 3 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index 2132c5bb15a..fd749d04926 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -70,9 +70,15 @@ openssl_ops_enc_cbc (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
vnet_crypto_op_t *op = ops[i];
vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
int out_len;
+ int iv_len;
+
+ if (op->op == VNET_CRYPTO_OP_3DES_CBC_ENC)
+ iv_len = 8;
+ else
+ iv_len = 16;
if (op->flags & VNET_CRYPTO_OP_FLAG_INIT_IV)
- RAND_bytes (op->iv, 16);
+ RAND_bytes (op->iv, iv_len);
EVP_EncryptInit_ex (ctx, cipher, NULL, key->data, op->iv);
EVP_EncryptUpdate (ctx, op->dst, &out_len, op->src, op->len);
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index eb21c58ae91..0abd96d4a10 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -363,7 +363,7 @@ class TestIpsecEspAll(ConfigIpsecESP,
super(TestIpsecEspAll, self).tearDown()
def test_crypto_algs(self):
- """All engines AES-[CBC, GCM]-[128, 192, 256] w/ & w/o ESN"""
+ """All engines AES-[CBC, GCM]-[128, 192, 256] 3DES-CBC w/ & w/o ESN"""
# foreach VPP crypto engine
engines = ["ia32", "ipsecmb", "openssl"]
@@ -416,7 +416,15 @@ class TestIpsecEspAll(ConfigIpsecESP,
'scapy-crypto': "AES-CBC",
'scapy-integ': "HMAC-SHA1-96",
'salt': 0,
- 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"}]
+ 'key': "JPjyOWBeVEQiMe7hJPjyOWBeVEQiMe7h"},
+ {'vpp-crypto': (VppEnum.vl_api_ipsec_crypto_alg_t.
+ IPSEC_API_CRYPTO_ALG_3DES_CBC),
+ 'vpp-integ': (VppEnum.vl_api_ipsec_integ_alg_t.
+ IPSEC_API_INTEG_ALG_SHA1_96),
+ 'scapy-crypto': "3DES",
+ 'scapy-integ': "HMAC-SHA1-96",
+ 'salt': 0,
+ 'key': "JPjyOWBeVEQiMe7h00112233"}]
# with and without ESN
flags = [0,