[Openswan Users] Pluto crashes at responder when using sha2_256

Awais Tanveer awaistanveer at gmail.com
Tue Apr 2 17:45:28 UTC 2013


On further investigation, I found out there is a failed assertion on
algo_info.c. Its a case of bad_case(). Pluto gives error:

"ASSERTION FAILED in algo_info.c:105 case 5 unexpected"

It comes in when pluto tries to convert authentication algorithm constant
numbers from IKEv2 to IKEV1.

Do I need some patching to resolve this issue?

On Mon, Apr 1, 2013 at 11:30 AM, Awais Tanveer <awaistanveer at gmail.com>wrote:

> Hello!
>
> Pluto always gives me segmentation fault when I use sha2_256 in
> ipsec.conf. I went through following thread of the mailing list:
>
> https://lists.openswan.org/pipermail/users/2012-February/021275.html
>
> According to this, I recompiled my kernel after having icv_truncbits=128
> in xfrm_algo.c but to no avail.
>
> I am using openswan 2.6.38 and RHEL 6.2 with 2.6.32 kernel. Here is my
> ipsec.conf:
>
> version 2.0
> config setup
> protostack=netkey
>  plutorestartoncrash=no
> plutodebug=all
> conn g1_g2
>  ikev2=insist
> ike=aes256-sha
> phase2alg=aes256-sha2_256
>  sha2_truncbug=yes
> authby=secret
> left=11.11.11.2
>  right=11.11.11.4
> auto=start
> and here is part of output of ipsec barf on responder where I guess pluto
> crypto helper exits after having segmentation fault:
>
> *Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3: "g1_g2":   IKE
> algorithm newest: _256-SHA1-MODP1536*
> *Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3: "g1_g2":   ESP
> algorithms wanted: AES(12)_256-SHA2_256(5)_000; flags=-strict*
> *Mar 31 23:10:25 localhost pluto[7840]: | kernel_alg_esp_enc_ok(12,0):
> alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1*
> *Mar 31 23:10:25 localhost pluto[7840]: |
> kernel_alg_esp_auth_keylen(auth=5, sadb_aalg=5): a_keylen=32*
> *Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3: "g1_g2":   ESP
> algorithms loaded: AES(12)_256-SHA2_256(5)_256*
> *Mar 31 23:10:25 localhost pluto[7840]: "g1_g2" #3:  *
> *Mar 31 23:10:25 localhost kernel: pluto[7840]: segfault at 8004d8da8 ip
> 0000000000412c31 sp 00007fff50761e30 error 4 in pluto[400000+ec000]*
> *Mar 31 23:10:25 localhost abrt[7911]: saved core dump of pid 7840
> (/usr/local/libexec/ipsec/pluto) to /var/spool/abrt/ccpp-2013-03-31-23:10:25-7840.new/coredump
> (495616 bytes)*
> *Mar 31 23:10:25 localhost pluto[7842]: pluto_crypto_helper: helper (0)
> is  normal exiting *
> *Mar 31 23:10:25 localhost ipsec__plutorun:
> /usr/local/lib/ipsec/_plutorun: line 250:  7840 Segmentation fault
>  (core dumped) /usr/local/libexec/ipsec/pluto --nofork --secretsfile
> /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-all --debug-raw
> --debug-crypt --debug-parsing --debug-emitting --debug-control
> --debug-lifecycle --debug-klips --debug-dns --debug-oppo --debug-oppoinfo
> --debug-controlmore --debug-x509 --debug-dpd --debug-pfkey --debug-natt
> --debug-nattraversal --use-netkey --uniqueids*
> *Mar 31 23:10:25 localhost abrtd: Executable
> '/usr/local/libexec/ipsec/pluto' doesn't belong to any package*
>
> What are the reasons for this? I have also compiled openswan using
> USE_EXTRACRYPTO=true but still no success.
>
> --
> Awais Tanveer
>



-- 
Engr. Awais Tanveer
Software Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130402/15405e3c/attachment.html>


More information about the Users mailing list