summaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2/ikev2_crypto.c
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2020-03-25 02:46:28 +0000
committerDave Barach <openvpp@barachs.net>2020-03-26 12:32:59 +0000
commit336eac84eb7902eae212f05711ce06967b4d202c (patch)
tree35923841fb10b0c3dd8d88858bfcfcbb25a35747 /src/plugins/ikev2/ikev2_crypto.c
parentc415d0a8e34a30aeb7efe2360937426b724206c2 (diff)
ikev2: fix wrong usage of BN_bn2bin()
This patch fixes 2 different crashes: 1) BN_bn2bin() returns bytes written, not actual key length. Use BN_bn2binpad() instead which adds padding. 2) Initiator may receive multiple sa-init responses for the same ispi which may result in crash. Remember first response and ignore any subsequent ones. Type: fix Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/plugins/ikev2/ikev2_crypto.c')
-rw-r--r--src/plugins/ikev2/ikev2_crypto.c47
1 files changed, 39 insertions, 8 deletions
diff --git a/src/plugins/ikev2/ikev2_crypto.c b/src/plugins/ikev2/ikev2_crypto.c
index 26ff43387e7..572bee8fc65 100644
--- a/src/plugins/ikev2/ikev2_crypto.c
+++ b/src/plugins/ikev2/ikev2_crypto.c
@@ -458,6 +458,23 @@ ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst)
return out_len + bs;
}
+#ifndef BN_bn2binpad
+int
+BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen)
+{
+ int r = BN_bn2bin (a, to);
+ ASSERT (tolen >= r);
+ int pad = tolen - r;
+ if (pad)
+ {
+ vec_insert (to, pad, 0);
+ clib_memset (to, 0, pad);
+ _vec_len (to) -= pad;
+ }
+ return tolen;
+}
+#endif
+
void
ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
{
@@ -486,13 +503,13 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
sa->dh_private_key = vec_new (u8, t->key_len);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
DH_get0_key (dh, &pub_key, &priv_key);
- r = BN_bn2bin (pub_key, sa->i_dh_data);
+ r = BN_bn2binpad (pub_key, sa->i_dh_data, t->key_len);
ASSERT (r == t->key_len);
- r = BN_bn2bin (priv_key, sa->dh_private_key);
+ r = BN_bn2binpad (priv_key, sa->dh_private_key, t->key_len);
#else
- r = BN_bn2bin (dh->pub_key, sa->i_dh_data);
+ r = BN_bn2binpad (dh->pub_key, sa->i_dh_data, t->key_len);
ASSERT (r == t->key_len);
- r = BN_bn2bin (dh->priv_key, sa->dh_private_key);
+ r = BN_bn2binpad (dh->priv_key, sa->dh_private_key, t->key_len);
#endif
ASSERT (r == t->key_len);
}
@@ -501,9 +518,9 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
sa->r_dh_data = vec_new (u8, t->key_len);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
DH_get0_key (dh, &pub_key, &priv_key);
- r = BN_bn2bin (pub_key, sa->r_dh_data);
+ r = BN_bn2binpad (pub_key, sa->r_dh_data, t->key_len);
#else
- r = BN_bn2bin (dh->pub_key, sa->r_dh_data);
+ r = BN_bn2binpad (dh->pub_key, sa->r_dh_data, t->key_len);
#endif
ASSERT (r == t->key_len);
@@ -511,7 +528,14 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
sa->dh_shared_key = vec_new (u8, t->key_len);
ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
r = DH_compute_key (sa->dh_shared_key, ex, dh);
- ASSERT (r == t->key_len);
+ ASSERT (t->key_len >= r);
+ int pad = t->key_len - r;
+ if (pad)
+ {
+ vec_insert (sa->dh_shared_key, pad, 0);
+ clib_memset (sa->dh_shared_key, 0, pad);
+ _vec_len (sa->dh_shared_key) -= pad;
+ }
BN_clear_free (ex);
}
DH_free (dh);
@@ -630,7 +654,14 @@ ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
sa->dh_shared_key = vec_new (u8, t->key_len);
ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
r = DH_compute_key (sa->dh_shared_key, ex, dh);
- ASSERT (r == t->key_len);
+ ASSERT (t->key_len >= r);
+ int pad = t->key_len - r;
+ if (pad)
+ {
+ vec_insert (sa->dh_shared_key, pad, 0);
+ clib_memset (sa->dh_shared_key, 0, pad);
+ _vec_len (sa->dh_shared_key) -= pad;
+ }
BN_clear_free (ex);
DH_free (dh);
}