<div dir="ltr"><br><div class="gmail_extra">On further investigation, I found out there is a failed assertion on algo_info.c. Its a case of bad_case(). Pluto gives error:</div><div class="gmail_extra"><br></div><div class="gmail_extra">
"ASSERTION FAILED in algo_info.c:105 case 5 unexpected"</div><div class="gmail_extra"><br></div><div class="gmail_extra">It comes in when pluto tries to convert authentication algorithm constant numbers from IKEv2 to IKEV1.</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">Do I need some patching to resolve this issue?<br><br><div class="gmail_quote">On Mon, Apr 1, 2013 at 11:30 AM, Awais Tanveer <span dir="ltr"><<a href="mailto:awaistanveer@gmail.com" target="_blank">awaistanveer@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello!<div><br></div><div>Pluto always gives me segmentation fault when I use sha2_256 in ipsec.conf. I went through following thread of the mailing list:</div>
<div><br></div><div><a href="https://lists.openswan.org/pipermail/users/2012-February/021275.html" target="_blank">https://lists.openswan.org/pipermail/users/2012-February/021275.html</a></div>
<div><br></div><div>According to this, I recompiled my kernel after having icv_truncbits=128 in xfrm_algo.c but to no avail.</div><div><br></div><div>I am using openswan 2.6.38 and RHEL 6.2 with 2.6.32 kernel. Here is my ipsec.conf:</div>
<div><br></div><div><div>version<span style="white-space:pre-wrap">        </span>2.0<span style="white-space:pre-wrap">        </span></div><div>config setup</div><div><span style="white-space:pre-wrap">        </span>protostack=netkey</div>
<div><span style="white-space:pre-wrap">        </span>plutorestartoncrash=no</div><div><span style="white-space:pre-wrap">        </span>plutodebug=all<span style="white-space:pre-wrap">        </span></div><div>conn g1_g2</div><div>
<span style="white-space:pre-wrap">                </span>ikev2=insist</div><div><span style="white-space:pre-wrap">                </span>ike=aes256-sha</div><div><span style="white-space:pre-wrap">                </span>phase2alg=aes256-sha2_256</div>
<div><span style="white-space:pre-wrap">                </span>sha2_truncbug=yes</div><div><span style="white-space:pre-wrap">                </span>authby=secret</div><div><span style="white-space:pre-wrap">                </span>left=11.11.11.2</div>
<div><span style="white-space:pre-wrap">                </span>right=11.11.11.4</div><div><span style="white-space:pre-wrap">                </span>auto=start</div><div>and here is part of output of ipsec barf on responder where I guess pluto crypto helper exits after having segmentation fault:</div>
<div><br></div><div><div><b>Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3: "g1_g2": IKE algorithm newest: _256-SHA1-MODP1536</b></div><div><b>Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3: "g1_g2": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; flags=-strict</b></div>
<div><b>Mar 31 23:10:25 localhost pluto[7840]: | kernel_alg_esp_enc_ok(12,0): alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1</b></div><div><b>Mar 31 23:10:25 localhost pluto[7840]: | kernel_alg_esp_auth_keylen(auth=5, sadb_aalg=5): a_keylen=32</b></div>
<div><b>Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3: "g1_g2": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_256</b></div><div><b>Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3: </b></div>
<div><b>Mar 31 23:10:25 localhost kernel: pluto[7840]: segfault at 8004d8da8 ip 0000000000412c31 sp 00007fff50761e30 error 4 in pluto[400000+ec000]</b></div><div><b>Mar 31 23:10:25 localhost abrt[7911]: saved core dump of pid 7840 (/usr/local/libexec/ipsec/pluto) to /var/spool/abrt/ccpp-<a href="tel:2013-03-31-23" value="+12013033123" target="_blank">2013-03-31-23</a>:10:25-7840.new/coredump (495616 bytes)</b></div>
<div><b>Mar 31 23:10:25 localhost pluto[7842]: pluto_crypto_helper: helper (0) is normal exiting </b></div><div><b>Mar 31 23:10:25 localhost ipsec__plutorun: /usr/local/lib/ipsec/_plutorun: line 250: 7840 Segmentation fault (core dumped) /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-all --debug-raw --debug-crypt --debug-parsing --debug-emitting --debug-control --debug-lifecycle --debug-klips --debug-dns --debug-oppo --debug-oppoinfo --debug-controlmore --debug-x509 --debug-dpd --debug-pfkey --debug-natt --debug-nattraversal --use-netkey --uniqueids</b></div>
<div><b>Mar 31 23:10:25 localhost abrtd: Executable '/usr/local/libexec/ipsec/pluto' doesn't belong to any package</b></div><div><br></div></div><div>What are the reasons for this? I have also compiled openswan using USE_EXTRACRYPTO=true but still no success.</div>
<span class="HOEnZb"><font color="#888888">
<div><br></div>-- <br>Awais Tanveer<br>
</font></span></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Engr. Awais Tanveer<br>Software Engineer<br>
</div></div>