aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2/ikev2_crypto.c
AgeCommit message (Collapse)AuthorFilesLines
2022-04-04vppinfra: make _vec_len() read-onlyDamjan Marion1-3/+3
Use of _vec_len() to set vector length breaks address sanitizer. Users should use vec_set_len(), vec_inc_len(), vec_dec_len () instead. Type: improvement Change-Id: I441ae948771eb21c23a61f3ff9163bdad74a2cb8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-10-21misc: minimize dependencies on udp.hFlorin Coras1-1/+0
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id13f33843b230a1d169560742c4f7b2dc17d8718
2020-10-07misc: Purge unused pg includesNeale Ranns1-1/+0
Type: style Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I26a19e42076e031ec5399d5ca05cb49fd6fbe1cd
2020-09-30ikev2: better packet parsing functionsFilip Tehlar1-19/+28
Ticket: VPP-1918 Type: improvement Change-Id: I2bc3e30121697404dcd54f1c2127bd85ccc1029e Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-09-28ikev2: fix memory leaksBenoît Ganne1-0/+1
Type: fix Change-Id: I5be19a4923b37e2636621d36155178ac348ee41c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-15ikev2: add support for AES-GCM cipher in IKEFilip Tehlar1-31/+92
Type: feature Ticket: VPP-1920 Change-Id: I6e30f3594cb30553f3ca5a35e0a4f679325aacec Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-07ikev2: per thread usage of openssl contextFilip Tehlar1-73/+24
Type: refactor Change-Id: I04af90b4d86c00092ce1732aeb3c0517af1808e0 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-26ikev2: fix wrong usage of BN_bn2bin()Filip Tehlar1-8/+39
This patch fixes 2 different crashes: 1) BN_bn2bin() returns bytes written, not actual key length. Use BN_bn2binpad() instead which adds padding. 2) Initiator may receive multiple sa-init responses for the same ispi which may result in crash. Remember first response and ignore any subsequent ones. Type: fix Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-10ikev2: better loggingFilip Tehlar1-8/+8
Type: refactor Change-Id: Iedcb24684c54f4d78583ab3aa3db1097e73df248 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-10-22ikev2: fix GCM cipherFilip Tehlar1-3/+3
Type: fix Change-Id: I382499061ff4b1c2cc1b70ebbf9725ff0e1be325 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-09-27ipsec: fix memleaks in ikev2 openssl codeChristian E. Hopps1-3/+15
- Need to always free created contexts - Always pair init with cleanup for older openssl API. Type: fix Signed-off-by: Christian E. Hopps <chopps@chopps.org> Change-Id: Ie8840403bcac500c20085d57240401ad39d119f8
2019-09-19ikev2: add support for GCM cipherFilip Tehlar1-0/+21
Type: feature Change-Id: Ic703015b55f0ae947e5e44b10b74b3c79efe7da6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-05-22Fix Diffie-Hellman exchange with newer openssl APIChristian E. Hopps1-21/+16
Change-Id: Id42a597c130d0053d074446e552a81c7264549e7 Signed-off-by: Christian E. Hopps <chopps@chopps.org>
2019-02-25IKEv2 to pluginNeale Ranns1-0/+1076
for easy integration with ptoducts running their own Ike stack. Without the VPP IKE plugin loaded, the product is free to handle IKE packets as it pleases. Change-Id: Id0839f4d58b797f4c2da0382eb499fc08b05f66f Signed-off-by: Neale Ranns <nranns@cisco.com>