ikev2: fix crash during IKE SA Init exchange

[vpp.git] / src / plugins / ikev2 / ikev2.c

diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 929f977..a03e761 100644 (file)
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -3036,6 +3036,7 @@ ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name)
     ike0->flags = IKEV2_HDR_FLAG_INITIATOR;
     ike0->exchange = IKEV2_EXCHANGE_SA_INIT;
     ike0->ispi = sa.ispi;
+    ike0->rspi = 0;
 
     /* store whole IKE payload - needed for PSK auth */
     vec_free (sa.last_sa_init_req_packet_data);
@@ -3049,12 +3050,6 @@ ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name)
     sa.i_auth.method = p->auth.method;
     sa.i_auth.hex = p->auth.hex;
     sa.i_auth.data = vec_dup (p->auth.data);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-    clib_memcpy_fast (sa.i_auth.key, p->auth.key,
-                     EVP_PKEY_size (p->auth.key));
-#else
-    sa.i_auth.key = vec_dup (p->auth.key);
-#endif
     vec_add (sa.childs[0].tsi, &p->loc_ts, 1);
     vec_add (sa.childs[0].tsr, &p->rem_ts, 1);
 
@@ -3295,13 +3290,9 @@ clib_error_t *
 ikev2_init (vlib_main_t * vm)
 {
   ikev2_main_t *km = &ikev2_main;
-  clib_error_t *error;
   vlib_thread_main_t *tm = vlib_get_thread_main ();
   int thread_id;
 
-  if ((error = vlib_call_init_function (vm, ipsec_init)))
-    return error;
-
   clib_memset (km, 0, sizeof (ikev2_main_t));
   km->vnet_main = vnet_get_main ();
   km->vlib_main = vm;
@@ -3319,16 +3310,20 @@ ikev2_init (vlib_main_t * vm)
 
   km->sa_by_ispi = hash_create (0, sizeof (uword));
 
-
-  if ((error = vlib_call_init_function (vm, ikev2_cli_init)))
-    return error;
-
   udp_register_dst_port (vm, 500, ikev2_node.index, 1);
 
+  ikev2_cli_reference ();
+
   return 0;
 }
 
-VLIB_INIT_FUNCTION (ikev2_init);
+/* *INDENT-OFF* */
+VLIB_INIT_FUNCTION (ikev2_init) =
+{
+  .runs_after = VLIB_INITS("ipsec_init"),
+};
+/* *INDENT-ON* */
+
 
 static u8
 ikev2_mngr_process_child_sa (ikev2_sa_t * sa, ikev2_child_sa_t * csa)
@@ -3474,7 +3469,7 @@ VLIB_REGISTER_NODE (ikev2_mngr_process_node, static) = {
 
 VLIB_PLUGIN_REGISTER () = {
     .version = VPP_BUILD_VER,
-    .description = "IKEv2",
+    .description = "Internet Key Exchange (IKEv2) Protocol",
 };
 /* *INDENT-ON* */