<html><body><div style="color:#000; background-color:#fff; font-family:bookman old style, new york, times, serif;font-size:10pt"><div style="font-family: 'bookman old style', 'new york', times, serif; font-size: 10pt; "><span>Hi when I use sha2 hash to connect using openswan 2.6.37 the pluto daemon seg faults with a message </span></div><div style="font-family: 'bookman old style', 'new york', times, serif; font-size: 10pt; "><span><br></span></div><div><span><div><font size="2"><div>Jan 31 04:18:31 xxxxxxxxxxxxxxxxxxx kernel: pluto[25450]: egfault at 0000000000000004 rip 0000000000447509 rsp 00007fff17a021d0 error 6</div><div>Jan 31 04:18:31 xxxxxxxxxxxxxxxxxxx ipsec__plutorun: /usr/local/lib/ipsec/_plutorun: line 246: 25450 Segmentation fault /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --strictcrlpolicy --nat_traversal</div><div>Jan 31 04:18:31
xxxxxxxxxxxxxxxxxxx ipsec__plutorun: !pluto failure!: exited with error status 139 (signal 11)</div><div>egfault at 0000000000000004 rip 0000000000447509 rsp 00007fff17a021d0 error 6</div><div>Jan 31 04:18:31 xxxxxxxxxxxxxxxxxxx ipsec__plutorun: /usr/local/lib/ipsec/_plutorun: line 246: 25450 Segmentation fault /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --strictcrlpolicy --nat_traversal</div><div>Jan 31 04:18:31 xxxxxxxxxxxxxxxxxxx ipsec__plutorun: !pluto failure!: exited with error status 139 (signal 11)</div><div>Jan 31 04:18:31 xxxxxxxxxxxxxxxxxxx ipsec__plutorun: restarting IPsec after pause...</div><div>Jan 31 04:18:41 xxxxxxxxxxxxxxxxxxx ipsec_setup: Stopping Openswan IPsec...</div><div>Jan 31 04:18:41 xxxxxxxxxxxxxxxxxxx ipsec_setup: Removing orphaned /var/run/pluto/pluto.pid:</div><div>Jan 31 04:18:41 xxxxxxxxxxxxxxxxxxx kernel: NET:
Unregistered protocol family 15</div><div><br></div></font></div><div style="font-family: 'bookman old style', 'new york', times, serif; font-size: 10pt; "><br></div><div style="font-family: 'bookman old style', 'new york', times, serif; font-size: 10pt; ">Putting in debug mode the crash is found to be at </div><div><font size="2">~/openswan-2.6.37/programs/pluto/spdb_struct.c:316</font><br></div><div><font size="2"><br></font></div><div><font size="2">The connection is defined in ipsec.conf file as</font></div><div><font size="2"><div><br></div><div>conn test</div><div> type=transport</div><div> right=10.1.3.18</div><div> rightprotoport=tcp/any</div><div> left=10.1.2.48</div><div> leftprotoport=tcp/23</div><div> pfs=yes</div><div> phase2=esp</div><div>
phase2alg=aes128-sha2_256;modp1024</div><div> ike=aes128-sha2_256;modp1024</div><div> authby=secret</div><div> auto=add</div></font></div><div style="font-family: 'bookman old style', 'new york', times, serif; font-size: 10pt; "><br></div><div style="font-size: 10pt; font-family: 'bookman old style', 'new york', times, serif; ">Everything works fine if I replace sha2_256 with sha1.</div><div style="font-size: 10pt; font-family: 'bookman old style', 'new york', times, serif; "><br></div><div style="font-size: 10pt; font-family: 'bookman old style', 'new york', times, serif; ">Here is the output of ipsec setup status where it does not show OAKLEY sha2_256 getting loaded.</div><div style="font-size: 10pt; font-family: 'bookman old style', 'new york', times, serif; "><br></div><div><div><font size="2">000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8,
keysizemin=64, keysizemax=64</font></div><div><font size="2">000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192</font></div><div><font size="2">000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128</font></div><div><font size="2">000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448</font></div><div><font size="2">000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0</font></div><div><font size="2">000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256</font></div><div><font size="2">000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256</font></div><div><font size="2">000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256</font></div><div><font size="2">000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B,
ivlen=8, keysizemin=128, keysizemax=256</font></div><div><font size="2">000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256</font></div><div><font size="2">000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256</font></div><div><font size="2">000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256</font></div><div><font size="2">000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256</font></div><div><font size="2">000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256</font></div><div><font size="2">000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256</font></div><div><font size="2">000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128</font></div><div><font size="2">000 algorithm
ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160</font></div><div><font size="2">000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256</font></div><div><font size="2">000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160</font></div><div><font size="2">000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128</font></div><div><font size="2">000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0</font></div><div><font size="2">000 </font></div><div><font size="2">000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131</font></div><div><font size="2">000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192</font></div><div><font size="2">000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128</font></div><div><font size="2">000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16</font></div><div><font size="2">000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20</font></div><div><font size="2">000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024</font></div><div><font size="2">000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536</font></div><div><font size="2">000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048</font></div><div><font size="2">000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=30</font></div><div><font size="2"><br></font></div><div><font size="2">With openswan 2.6.33 OAKLEY SHA2_256 is shown and the connection gets established I can see the SP using setkey. But the telnet connection is not established. Again everything works fine if I replace sha2 with sha1. </font></div><div><font size="2"><br></font></div><div><font
size="2">Am I missing something here or this is a bug?</font></div></div></span></div></div></body></html>