aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2/ikev2_crypto.c
AgeCommit message (Collapse)AuthorFilesLines
2020-03-26ikev2: fix wrong usage of BN_bn2bin()Filip Tehlar1-8/+39
This patch fixes 2 different crashes: 1) BN_bn2bin() returns bytes written, not actual key length. Use BN_bn2binpad() instead which adds padding. 2) Initiator may receive multiple sa-init responses for the same ispi which may result in crash. Remember first response and ignore any subsequent ones. Type: fix Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-10ikev2: better loggingFilip Tehlar1-8/+8
Type: refactor Change-Id: Iedcb24684c54f4d78583ab3aa3db1097e73df248 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-10-22ikev2: fix GCM cipherFilip Tehlar1-3/+3
Type: fix Change-Id: I382499061ff4b1c2cc1b70ebbf9725ff0e1be325 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-09-27ipsec: fix memleaks in ikev2 openssl codeChristian E. Hopps1-3/+15
- Need to always free created contexts - Always pair init with cleanup for older openssl API. Type: fix Signed-off-by: Christian E. Hopps <chopps@chopps.org> Change-Id: Ie8840403bcac500c20085d57240401ad39d119f8
2019-09-19ikev2: add support for GCM cipherFilip Tehlar1-0/+21
Type: feature Change-Id: Ic703015b55f0ae947e5e44b10b74b3c79efe7da6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-05-22Fix Diffie-Hellman exchange with newer openssl APIChristian E. Hopps1-21/+16
Change-Id: Id42a597c130d0053d074446e552a81c7264549e7 Signed-off-by: Christian E. Hopps <chopps@chopps.org>
2019-02-25IKEv2 to pluginNeale Ranns1-0/+1076
for easy integration with ptoducts running their own Ike stack. Without the VPP IKE plugin loaded, the product is free to handle IKE packets as it pleases. Change-Id: Id0839f4d58b797f4c2da0382eb499fc08b05f66f Signed-off-by: Neale Ranns <nranns@cisco.com>