From 45a02523b13e7d211b5350294dd934c66af10c5d Mon Sep 17 00:00:00 2001
From: Filip Tehlar <ftehlar@cisco.com>
Date: Wed, 4 Sep 2019 11:34:15 +0000
Subject: [PATCH] ikev2: fix crash during IKE SA Init exchange

Type: fix

Change-Id: If827fe348fe35d1221d29f91b7e6ea1624d13999
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit b736e75d5bb2d132fb00c35b6aabaa52e5f624ad)
---
 src/plugins/ikev2/ikev2.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index e7b2f92941d..a03e761cba4 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -3036,6 +3036,7 @@ ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name)
     ike0->flags = IKEV2_HDR_FLAG_INITIATOR;
     ike0->exchange = IKEV2_EXCHANGE_SA_INIT;
     ike0->ispi = sa.ispi;
+    ike0->rspi = 0;
 
     /* store whole IKE payload - needed for PSK auth */
     vec_free (sa.last_sa_init_req_packet_data);
@@ -3049,12 +3050,6 @@ ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name)
     sa.i_auth.method = p->auth.method;
     sa.i_auth.hex = p->auth.hex;
     sa.i_auth.data = vec_dup (p->auth.data);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-    clib_memcpy_fast (sa.i_auth.key, p->auth.key,
-		      EVP_PKEY_size (p->auth.key));
-#else
-    sa.i_auth.key = vec_dup (p->auth.key);
-#endif
     vec_add (sa.childs[0].tsi, &p->loc_ts, 1);
     vec_add (sa.childs[0].tsr, &p->rem_ts, 1);
 
-- 
2.16.6