Hi, I am testing IKEv2 implementation in VPP, and I noticed that a problem occurs sometimes when establishing a new IKEv2 association.
About 2% of the time on a thousand of IKE exchanges, an assert fails (ASSERT (r == t->key_len) in ikev2_crypto.c:503). After investigating a little, it seems that DH_compute_key (OpenSSL function) returns 254 occasionally while 255 is the expected value. In debug mode, the program exits because of the assert. When the code is compiled as a release, it causes the IKEv2 association to fail. Does the problem come from OpenSSL (version 1.0.2g) or VPP? Could this behavior be avoided in any way? Would restarting the exchange from the beginning be an appropriate fix? Thanks, Berenger
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9833): https://lists.fd.io/g/vpp-dev/message/9833 Mute This Topic: https://lists.fd.io/mt/23376892/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-