From 679611f5ec1f669c6c24c45c778a2f23267c608f Mon Sep 17 00:00:00 2001 From: mc36 Date: Thu, 3 Oct 2024 06:52:30 +0200 Subject: [PATCH] automatic commit at releng box --- misc/native/p4emu_fwd.h | 59 ++++++++++++------------------- misc/native/p4emu_msg.h | 39 +++++--------------- misc/native/p4emu_tab.h | 39 +++++++++++++++++--- src/org/freertr/util/verCore.java | 2 +- src/rtr.csv | 2 +- src/rtr.html | 2 +- src/rtr.txt | 2 +- src/rtr8.csv | 2 +- src/rtr8.html | 2 +- 9 files changed, 72 insertions(+), 77 deletions(-) diff --git a/misc/native/p4emu_fwd.h b/misc/native/p4emu_fwd.h index 3073fa4968..b3c16e4500 100644 --- a/misc/native/p4emu_fwd.h +++ b/misc/native/p4emu_fwd.h @@ -494,12 +494,10 @@ int putOpenvpnHeader(struct packetContext *ctx, struct neigh_entry *neigh_res, i if (EVP_CIPHER_CTX_set_padding(ctx->encr, 0) != 1) return 1; if (EVP_EncryptUpdate(ctx->encr, &bufD[*bufP], &tmp2, &bufD[*bufP], tmp) != 1) return 1; if (neigh_res->hashBlkLen < 1) return 0; - if (EVP_MD_CTX_reset(ctx->dgst) != 1) return 1; - if (EVP_DigestSignInit(ctx->dgst, NULL, neigh_res->hashAlg, NULL, neigh_res->hashPkey) != 1) return 1; - if (EVP_DigestSignUpdate(ctx->dgst, &bufD[*bufP], tmp) != 1) return 1; + if (myHmacInit(ctx->dgst, neigh_res->hashAlg, neigh_res->hashKeyDat, neigh_res->hashKeyLen) != 1) return 1; + if (EVP_DigestUpdate(ctx->dgst, &bufD[*bufP], tmp) != 1) return 1; *bufP -= neigh_res->hashBlkLen; - size_t sizt = preBuff; - if (EVP_DigestSignFinal(ctx->dgst, &bufD[*bufP], &sizt) != 1) return 1; + if (myHmacEnd(ctx->dgst, neigh_res->hashAlg, neigh_res->hashKeyDat, neigh_res->hashKeyLen, &bufD[*bufP]) != 1) return 1; return 0; #else return 1; @@ -557,11 +555,9 @@ int putEspHeader(struct packetContext *ctx, struct neigh_entry *neigh_res, int * put32msb(bufD, *bufP + 4, seq); if (neigh_res->hashBlkLen < 1) return 0; tmp += 8; - if (EVP_MD_CTX_reset(ctx->dgst) != 1) return 1; - if (EVP_DigestSignInit(ctx->dgst, NULL, neigh_res->hashAlg, NULL, neigh_res->hashPkey) != 1) return 1; - if (EVP_DigestSignUpdate(ctx->dgst, &bufD[*bufP], tmp) != 1) return 1; - size_t sizt = preBuff; - if (EVP_DigestSignFinal(ctx->dgst, &bufD[*bufP + tmp], &sizt) != 1) return 1; + if (myHmacInit(ctx->dgst, neigh_res->hashAlg, neigh_res->hashKeyDat, neigh_res->hashKeyLen) != 1) return 1; + if (EVP_DigestUpdate(ctx->dgst, &bufD[*bufP], tmp) != 1) return 1; + if (myHmacEnd(ctx->dgst, neigh_res->hashAlg, neigh_res->hashKeyDat, neigh_res->hashKeyLen, &bufD[*bufP + tmp]) != 1) return 1; *bufS += neigh_res->hashBlkLen; return 0; #else @@ -628,15 +624,13 @@ int macsec_apply(struct packetContext *ctx, int prt, int *bufP, int *bufS, int * if (EVP_EncryptUpdate(ctx->encr, &bufD[*bufP], &tmp2, &bufD[*bufP], tmp) != 1) return 1; } if (port2vrf_res->mcscHashBlkLen > 0) { - if (EVP_MD_CTX_reset(ctx->dgst) != 1) return 1; - if (EVP_DigestSignInit(ctx->dgst, NULL, port2vrf_res->mcscHashAlg, NULL, port2vrf_res->mcscHashPkey) != 1) return 1; + if (myHmacInit(ctx->dgst, port2vrf_res->mcscHashAlg, port2vrf_res->mcscHashKeyDat, port2vrf_res->mcscHashKeyLen) != 1) return 1; if (port2vrf_res->mcscNeedMacs != 0) { - if (EVP_DigestSignUpdate(ctx->dgst, &bufH[0], 12) != 1) return 1; + if (EVP_DigestUpdate(ctx->dgst, &bufH[0], 12) != 1) return 1; } - if (EVP_DigestSignUpdate(ctx->dgst, &bufD[0], 8) != 1) return 1; - if (EVP_DigestSignUpdate(ctx->dgst, &bufD[*bufP], tmp) != 1) return 1; - size_t sizt = preBuff; - if (EVP_DigestSignFinal(ctx->dgst, &bufD[*bufP + tmp], &sizt) != 1) return 1; + if (EVP_DigestUpdate(ctx->dgst, &bufD[0], 8) != 1) return 1; + if (EVP_DigestUpdate(ctx->dgst, &bufD[*bufP], tmp) != 1) return 1; + if (myHmacEnd(ctx->dgst, port2vrf_res->mcscHashAlg, port2vrf_res->mcscHashKeyDat, port2vrf_res->mcscHashKeyLen, &bufD[*bufP + tmp]) != 1) return 1; *bufS += port2vrf_res->mcscHashBlkLen; } *bufP -= 8; @@ -1044,11 +1038,9 @@ void doFlood(struct packetContext *ctx, struct table_head flood, int bufP, int b tmp = bufS - bufP + preBuff - tun_res->hashBlkLen; \ if (tmp < 1) doDropper; \ if (tun_res->hashBlkLen > 0) { \ - if (EVP_MD_CTX_reset(ctx->dgst) != 1) doDropper; \ - if (EVP_DigestSignInit(ctx->dgst, NULL, tun_res->hashAlg, NULL, tun_res->hashPkey) != 1) doDropper; \ - if (EVP_DigestSignUpdate(ctx->dgst, &bufD[bufP], tmp) != 1) doDropper; \ - sizt = preBuff; \ - if (EVP_DigestSignFinal(ctx->dgst, &bufD[0], &sizt) != 1) doDropper; \ + if (myHmacInit(ctx->dgst, tun_res->hashAlg, tun_res->hashKeyDat, tun_res->hashKeyLen) != 1) doDropper; \ + if (EVP_DigestUpdate(ctx->dgst, &bufD[bufP], tmp) != 1) doDropper; \ + if (myHmacEnd(ctx->dgst, tun_res->hashAlg, tun_res->hashKeyDat, tun_res->hashKeyLen, &bufD[0]) != 1) doDropper; \ if (memcmp(&bufD[0], &bufD[bufP + tmp], tun_res->hashBlkLen) !=0) doDropper; \ bufS -= tun_res->hashBlkLen; \ } \ @@ -1094,11 +1086,9 @@ void doFlood(struct packetContext *ctx, struct table_head flood, int bufP, int b tmp = bufS - bufP + preBuff; \ if (tmp < 1) doDropper; \ if (tun_res->hashBlkLen > 0) { \ - if (EVP_MD_CTX_reset(ctx->dgst) != 1) doDropper; \ - if (EVP_DigestSignInit(ctx->dgst, NULL, tun_res->hashAlg, NULL, tun_res->hashPkey) != 1) doDropper; \ - if (EVP_DigestSignUpdate(ctx->dgst, &bufD[bufP], tmp) != 1) doDropper; \ - sizt = preBuff; \ - if (EVP_DigestSignFinal(ctx->dgst, &bufD[0], &sizt) != 1) doDropper; \ + if (myHmacInit(ctx->dgst, tun_res->hashAlg, tun_res->hashKeyDat, tun_res->hashKeyLen) != 1) doDropper; \ + if (EVP_DigestUpdate(ctx->dgst, &bufD[bufP], tmp) != 1) doDropper; \ + if (myHmacEnd(ctx->dgst, tun_res->hashAlg, tun_res->hashKeyDat, tun_res->hashKeyLen, &bufD[0]) != 1) doDropper; \ if (memcmp(&bufD[0], &bufD[bufP - tun_res->hashBlkLen], tun_res->hashBlkLen) !=0) doDropper; \ } \ if (EVP_CIPHER_CTX_reset(ctx->encr) != 1) doDropper; \ @@ -1336,9 +1326,6 @@ void processDataPacket(struct packetContext *ctx, int bufS, int prt) { int ttl = ctx->port; packRx[ttl]++; byteRx[ttl] += bufS; -#ifndef HAVE_NOCRYPTO - size_t sizt = 0; -#endif bufP = preBuff; bufP += 6 * 2; // dmac, smac ethtyp_rx: @@ -1370,15 +1357,13 @@ void processDataPacket(struct packetContext *ctx, int bufS, int prt) { if (tmp < 1) doDropper; if (port2vrf_res->mcscNeedAead == 0) if ((tmp % port2vrf_res->mcscEncrBlkLen) != 0) doDropper; if (port2vrf_res->mcscHashBlkLen > 0) { - if (EVP_MD_CTX_reset(ctx->dgst) != 1) doDropper; - if (EVP_DigestSignInit(ctx->dgst, NULL, port2vrf_res->mcscHashAlg, NULL, port2vrf_res->mcscHashPkey) != 1) doDropper; + if (myHmacInit(ctx->dgst, port2vrf_res->mcscHashAlg, port2vrf_res->mcscHashKeyDat, port2vrf_res->mcscHashKeyLen) != 1) doDropper; if (port2vrf_res->mcscNeedMacs != 0) { - if (EVP_DigestSignUpdate(ctx->dgst, &bufD[preBuff + 0], 12) != 1) doDropper; + if (EVP_DigestUpdate(ctx->dgst, &bufD[preBuff + 0], 12) != 1) doDropper; } - if (EVP_DigestSignUpdate(ctx->dgst, &bufD[bufP - 8], 8) != 1) doDropper; - if (EVP_DigestSignUpdate(ctx->dgst, &bufD[bufP], tmp) != 1) doDropper; - sizt = preBuff; - if (EVP_DigestSignFinal(ctx->dgst, &bufD[0], &sizt) != 1) doDropper; + if (EVP_DigestUpdate(ctx->dgst, &bufD[bufP - 8], 8) != 1) doDropper; + if (EVP_DigestUpdate(ctx->dgst, &bufD[bufP], tmp) != 1) doDropper; + if (myHmacEnd(ctx->dgst, port2vrf_res->mcscHashAlg, port2vrf_res->mcscHashKeyDat, port2vrf_res->mcscHashKeyLen, &bufD[0]) != 1) doDropper; if (memcmp(&bufD[0], &bufD[bufP + tmp], port2vrf_res->mcscHashBlkLen) !=0) doDropper; } if (EVP_CIPHER_CTX_reset(ctx->encr) != 1) doDropper; diff --git a/misc/native/p4emu_msg.h b/misc/native/p4emu_msg.h index f2e879c4cf..8b76f6f85b 100644 --- a/misc/native/p4emu_msg.h +++ b/misc/native/p4emu_msg.h @@ -57,15 +57,6 @@ const EVP_MD* getHashAlg(char *buf) { if (strcmp(buf, "sha512") == 0) return EVP_sha512(); return NULL; } - - -EVP_PKEY* getHashKey(unsigned char* key, int len) { - if (len < 1) { - return EVP_PKEY_new(); - } else { - return EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, len); - } -} #endif @@ -2008,11 +1999,7 @@ int doOneCommand(struct packetContext *ctx, unsigned char* buf) { port2vrf_res->mcscIvRxKeyLen = str2key(arg[11], port2vrf_res->mcscIvRxKeyDat); port2vrf_res->mcscIvTxKeyLen = str2key(arg[12], port2vrf_res->mcscIvTxKeyDat); port2vrf_res->mcscHashKeyLen = str2key(arg[13], port2vrf_res->mcscHashKeyDat); - port2vrf_res->mcscHashPkey = getHashKey(port2vrf_res->mcscHashKeyDat, port2vrf_res->mcscHashKeyLen); - if (port2vrf_res->mcscHashPkey == NULL) { - port2vrf_res->mcscEthtyp = 0; - return 0; - } + myHmacSetup(port2vrf_res->mcscHashAlg, port2vrf_res->mcscHashKeyDat, &port2vrf_res->mcscHashKeyLen); if (del == 0) port2vrf_res->mcscEthtyp = 0; return 0; } @@ -2041,13 +2028,11 @@ int doOneCommand(struct packetContext *ctx, unsigned char* buf) { tun4_ntry.spi = atoi(arg[15]); tun4_ntry.encrKeyLen = str2key(arg[16], tun4_ntry.encrKeyDat); tun4_ntry.hashKeyLen = str2key(arg[17], tun4_ntry.hashKeyDat); - tun4_ntry.hashPkey = getHashKey(tun4_ntry.hashKeyDat, tun4_ntry.hashKeyLen); - if (tun4_ntry.hashPkey == NULL) return 0; + myHmacSetup(tun4_ntry.hashAlg, tun4_ntry.hashKeyDat, &tun4_ntry.hashKeyLen); neigh_ntry.spi = atoi(arg[18]); neigh_ntry.encrKeyLen = str2key(arg[19], neigh_ntry.encrKeyDat); neigh_ntry.hashKeyLen = str2key(arg[20], neigh_ntry.hashKeyDat); - neigh_ntry.hashPkey = getHashKey(neigh_ntry.hashKeyDat, neigh_ntry.hashKeyLen); - if (neigh_ntry.hashPkey == NULL) return 0; + myHmacSetup(neigh_ntry.hashAlg, neigh_ntry.hashKeyDat, &neigh_ntry.hashKeyLen); tun4_ntry.prot = IP_PROTOCOL_ESP; tun4_ntry.command = 7; if (del == 0) table_del(&neigh_table, &neigh_ntry); @@ -2087,13 +2072,11 @@ int doOneCommand(struct packetContext *ctx, unsigned char* buf) { tun6_ntry.spi = atoi(arg[15]); tun6_ntry.encrKeyLen = str2key(arg[16], tun6_ntry.encrKeyDat); tun6_ntry.hashKeyLen = str2key(arg[17], tun6_ntry.hashKeyDat); - tun6_ntry.hashPkey = getHashKey(tun6_ntry.hashKeyDat, tun6_ntry.hashKeyLen); - if (tun6_ntry.hashPkey == NULL) return 0; + myHmacSetup(tun6_ntry.hashAlg, tun6_ntry.hashKeyDat, &tun6_ntry.hashKeyLen); neigh_ntry.spi = atoi(arg[18]); neigh_ntry.encrKeyLen = str2key(arg[19], neigh_ntry.encrKeyDat); neigh_ntry.hashKeyLen = str2key(arg[20], neigh_ntry.hashKeyDat); - neigh_ntry.hashPkey = getHashKey(neigh_ntry.hashKeyDat, neigh_ntry.hashKeyLen); - if (neigh_ntry.hashPkey == NULL) return 0; + myHmacSetup(neigh_ntry.hashAlg, neigh_ntry.hashKeyDat, &neigh_ntry.hashKeyLen); tun6_ntry.prot = IP_PROTOCOL_ESP; tun6_ntry.command = 7; if (del == 0) table_del(&neigh_table, &neigh_ntry); @@ -2130,10 +2113,8 @@ int doOneCommand(struct packetContext *ctx, unsigned char* buf) { tun4_ntry.hashKeyLen = str2key(arg[18], tun4_ntry.hashKeyDat); neigh_ntry.encrKeyLen = str2key(arg[17], neigh_ntry.encrKeyDat); neigh_ntry.hashKeyLen = str2key(arg[18], neigh_ntry.hashKeyDat); - tun4_ntry.hashPkey = getHashKey(tun4_ntry.hashKeyDat, tun4_ntry.hashKeyLen); - if (tun4_ntry.hashPkey == NULL) return 0; - neigh_ntry.hashPkey = getHashKey(neigh_ntry.hashKeyDat, neigh_ntry.hashKeyLen); - if (neigh_ntry.hashPkey == NULL) return 0; + myHmacSetup(tun4_ntry.hashAlg, tun4_ntry.hashKeyDat, &tun4_ntry.hashKeyLen); + myHmacSetup(neigh_ntry.hashAlg, neigh_ntry.hashKeyDat, &neigh_ntry.hashKeyLen); tun4_ntry.prot = IP_PROTOCOL_UDP; tun4_ntry.command = 8; if (del == 0) table_del(&neigh_table, &neigh_ntry); @@ -2176,10 +2157,8 @@ int doOneCommand(struct packetContext *ctx, unsigned char* buf) { tun6_ntry.hashKeyLen = str2key(arg[18], tun6_ntry.hashKeyDat); neigh_ntry.encrKeyLen = str2key(arg[17], neigh_ntry.encrKeyDat); neigh_ntry.hashKeyLen = str2key(arg[18], neigh_ntry.hashKeyDat); - tun6_ntry.hashPkey = getHashKey(tun6_ntry.hashKeyDat, tun6_ntry.hashKeyLen); - if (tun6_ntry.hashPkey == NULL) return 0; - neigh_ntry.hashPkey = getHashKey(neigh_ntry.hashKeyDat, neigh_ntry.hashKeyLen); - if (neigh_ntry.hashPkey == NULL) return 0; + myHmacSetup(tun6_ntry.hashAlg, tun6_ntry.hashKeyDat, &tun6_ntry.hashKeyLen); + myHmacSetup(neigh_ntry.hashAlg, neigh_ntry.hashKeyDat, &neigh_ntry.hashKeyLen); tun6_ntry.prot = IP_PROTOCOL_UDP; tun6_ntry.command = 8; if (del == 0) table_del(&neigh_table, &neigh_ntry); diff --git a/misc/native/p4emu_tab.h b/misc/native/p4emu_tab.h index d9a94424a6..d51edef35f 100644 --- a/misc/native/p4emu_tab.h +++ b/misc/native/p4emu_tab.h @@ -151,7 +151,6 @@ struct port2vrf_entry { int mcscSeqRx; const EVP_CIPHER *mcscEncrAlg; const EVP_MD *mcscHashAlg; - EVP_PKEY *mcscHashPkey; #endif long mcscPackRx; long mcscByteRx; @@ -287,7 +286,6 @@ struct neigh_entry { int hashBlkLen; const EVP_CIPHER *encrAlg; const EVP_MD *hashAlg; - EVP_PKEY *hashPkey; #endif long pack; long byte; @@ -645,7 +643,6 @@ struct tun4_entry { int hashBlkLen; const EVP_CIPHER *encrAlg; const EVP_MD *hashAlg; - EVP_PKEY *hashPkey; #endif long pack; long byte; @@ -678,7 +675,6 @@ struct tun6_entry { int hashBlkLen; const EVP_CIPHER *encrAlg; const EVP_MD *hashAlg; - EVP_PKEY *hashPkey; #endif long pack; long byte; @@ -845,3 +841,38 @@ int shiftContext(struct packetContext *trg, struct packetContext *src, unsigned #endif return trg->bufC == NULL; } + + +#ifndef HAVE_NOCRYPTO +void myHmacSetup(const EVP_MD *alg, unsigned char *key, int *len) { + int blk = EVP_MD_get_block_size(alg); + for (int i=*len; i tester release: freeRouter v24.10.2-cur, done by sprscc13@mrn0b0dy.
-tested: 2024-10-02 20:18:16, took 00:13:14, with 60 workers, on 3524 cases, 0 failed, 0 traces, 11 retries
+tested: 2024-10-02 23:33:49, took 00:13:13, with 60 workers, on 3524 cases, 0 failed, 0 traces, 0 retries
jvm: ./rtr.bin

diff --git a/src/rtr.txt b/src/rtr.txt index 9579506471..7c77343c57 100644 --- a/src/rtr.txt +++ b/src/rtr.txt @@ -1 +1 @@ -24.10.2 +24.10.3 diff --git a/src/rtr8.csv b/src/rtr8.csv index 2038babba4..7c53c8c3f4 100644 --- a/src/rtr8.csv +++ b/src/rtr8.csv @@ -1,6 +1,6 @@ url;file;result;test -;-;-;freeRouter v24.10.2-cur, done by sprscc13@mrn0b0dy. --;-;-;2024-10-02 20:28:40, took 00:10:02, with 60 workers, on 617 cases, 0 failed, 0 traces, 1 retries +-;-;-;2024-10-03 04:50:51, took 00:12:04, with 60 workers, on 617 cases, 0 failed, 0 traces, 1 retries -;-;-;./rtr.bin http://sources.freertr.org/cfg/p4lang-acl001.tst;p4lang-acl001.tst;success;p4lang: copp http://sources.freertr.org/cfg/p4lang-acl002.tst;p4lang-acl002.tst;success;p4lang: ingress access list diff --git a/src/rtr8.html b/src/rtr8.html index 80e0896a1b..8d0a4d43f6 100644 --- a/src/rtr8.html +++ b/src/rtr8.html @@ -10,7 +10,7 @@ tester release: freeRouter v24.10.2-cur, done by sprscc13@mrn0b0dy.
-tested: 2024-10-02 20:28:40, took 00:10:02, with 60 workers, on 617 cases, 0 failed, 0 traces, 1 retries
+tested: 2024-10-03 04:50:51, took 00:12:04, with 60 workers, on 617 cases, 0 failed, 0 traces, 1 retries
jvm: ./rtr.bin

fileresulttest
fileresulttest