[Openswan dev] FC3/FC4 builds and openswan 2.x

Michael Richardson mcr at xelerance.com
Fri Aug 12 11:18:28 CEST 2005


We had many reports in the last months, usually from FCx users about
crashes in des_set_key(), cbc_encrypt, etc. Often they had *IMPOSSIBLE*
call traces, 

 [<c0386759>] _3des_cbc_encrypt+0x7c/0x89
 [<c037e1c6>] ipsec_alg_esp_encrypt+0x5d/0x102
 [<c0368be7>] ipsec_xmit_encap_once1+0x615/0x110c
 [<c0121376>] vprintk+0x1cf/0x49d
 [<c0121376>] vprintk+0x1cf/0x49d
 [<c0376549>] addrtoa+0x41/0x8c
 [<c01211a3>] printk+0x17/0x1b
 [<c0368270>] ipsec_print_ip+0x1e0/0x357
 [<c03696e4>] ipsec_xmit_encap_once+0x6/0x8
 [<c036a744>] ipsec_xmit_encap_bundle+0xb6e/0x15da

(And debugging into this is just a disaster too, even under QEMU)

Well, I should have clued in that FCx kernels are built without frame
pointers, so the call trace is really just a guess. On x86 we use
assembly versions of AES and 3DES --- and that code makes assumptions
about the ABI (frame pointers vs not). The assembly code can be
adjusted, and can be conditionally compiled, but medium to long term, we
wish to just use the cryptoapi code for software crypto anyway.

HEAD as of 10:15am today has a patch to the AES and 3DES Makefile's that
will use C versions of the code if frame pointers have been omitted. We
detect that from the .config file definitions.

Paul is testing the automatic part of the patch to confirm that it makes
the right decision.

It does explain why every time I tried to reproduce it, even with FC
kernel source, I failed --- because I didn't get the .config file
perfectly in sync. (And building the whole kernel takes ~1.5GB and many

- -- 
] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
]                    I'm a dad: http://www.sandelman.ca/lrmr/                 [
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys


More information about the Dev mailing list