[Openswan Users] Pluto crashes at responder when using sha2_256

Awais Tanveer awaistanveer at gmail.com
Mon Apr 1 06:30:07 UTC 2013 

Hello!

Pluto always gives me segmentation fault when I use sha2_256 in ipsec.conf.
I went through following thread of the mailing list:

https://lists.openswan.org/pipermail/users/2012-February/021275.html

According to this, I recompiled my kernel after having icv_truncbits=128 in
xfrm_algo.c but to no avail.

I am using openswan 2.6.38 and RHEL 6.2 with 2.6.32 kernel. Here is my
ipsec.conf:

version 2.0
config setup
protostack=netkey
plutorestartoncrash=no
plutodebug=all
conn g1_g2
ikev2=insist
ike=aes256-sha
phase2alg=aes256-sha2_256
sha2_truncbug=yes
authby=secret
left=11.11.11.2
right=11.11.11.4
auto=start
and here is part of output of ipsec barf on responder where I guess pluto
crypto helper exits after having segmentation fault:

*Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3: "g1_g2":   IKE
algorithm newest: _256-SHA1-MODP1536*
*Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3: "g1_g2":   ESP
algorithms wanted: AES(12)_256-SHA2_256(5)_000; flags=-strict*
*Mar 31 23:10:25 localhost pluto[7840]: | kernel_alg_esp_enc_ok(12,0):
alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1*
*Mar 31 23:10:25 localhost pluto[7840]: |
kernel_alg_esp_auth_keylen(auth=5, sadb_aalg=5): a_keylen=32*
*Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3: "g1_g2":   ESP
algorithms loaded: AES(12)_256-SHA2_256(5)_256*
*Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3:  *
*Mar 31 23:10:25 localhost kernel: pluto[7840]: segfault at 8004d8da8 ip
0000000000412c31 sp 00007fff50761e30 error 4 in pluto[400000+ec000]*
*Mar 31 23:10:25 localhost abrt[7911]: saved core dump of pid 7840
(/usr/local/libexec/ipsec/pluto) to
/var/spool/abrt/ccpp-2013-03-31-23:10:25-7840.new/coredump (495616 bytes)*
*Mar 31 23:10:25 localhost pluto[7842]: pluto_crypto_helper: helper (0) is
 normal exiting *
*Mar 31 23:10:25 localhost ipsec__plutorun: /usr/local/lib/ipsec/_plutorun:
line 250:  7840 Segmentation fault      (core dumped)
/usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets
--ipsecdir /etc/ipsec.d --debug-all --debug-raw --debug-crypt
--debug-parsing --debug-emitting --debug-control --debug-lifecycle
--debug-klips --debug-dns --debug-oppo --debug-oppoinfo --debug-controlmore
--debug-x509 --debug-dpd --debug-pfkey --debug-natt --debug-nattraversal
--use-netkey --uniqueids*
*Mar 31 23:10:25 localhost abrtd: Executable
'/usr/local/libexec/ipsec/pluto' doesn't belong to any package*

What are the reasons for this? I have also compiled openswan using
USE_EXTRACRYPTO=true but still no success.

-- 
Awais Tanveer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130401/e75a065f/attachment.html>

More information about the Users mailing list