Bug 105614 - [patch] setkey(8): Creating NULL encryption ESP SAs with setkey fails
Summary: [patch] setkey(8): Creating NULL encryption ESP SAs with setkey fails
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-16 20:30 UTC by Jan Melen
Modified: 2017-12-31 22:29 UTC (History)
0 users

See Also:


Attachments
patch-sbin__setkey__parse.y.txt (436 bytes, patch)
2013-01-31 12:43 UTC, John W. O'Brien
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Melen 2006-11-16 20:30:01 UTC
The setkey manual says that the null encryption mode is supported, but
when trying to create a SA with -E null it will result in a Invalid
Argument. This is because the SADB_EXT_KEY_ENCRYPT is not included in to
the PF_KEY message, if the null is defined. Although it should be included
in case the mode is ESP because the kernel expects to receive it whenever
the SA type is ESP even if the null encryption is to be used.

Fix: 

/* set encryption algorithm, if present. */
-       if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) {
+       if (satype != SADB_X_SATYPE_IPCOMP &&
+        (p_key_enc || satype == SADB_SATYPE_ESP)) {
                struct sadb_key m_key;

                m_key.sadb_key_len =--KloQauqE7jntzfl9CaGVn236DwcNX84HFPhfZ0mHDrbbyoUi
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

Index: parse.y
===================================================================
RCS file: /opt/beet/src/sbin/setkey/parse.y,v
retrieving revision 1.3
diff -u -r1.3 parse.y
--- parse.y     14 Nov 2006 13:10:24 -0000      1.3
+++ parse.y     16 Nov 2006 11:28:28 -0000
@@ -1029,7 +1029,8 @@
        l = sizeof(struct sadb_msg);
How-To-Repeat: # ./setkey -c
add 10.10.19.50 10.10.19.100 esp 1680464666 -m transport -E null -A hmac-md5
"authentication!!" ;
The result of line 1: Invalid argument.
Comment 1 John W. O'Brien 2013-01-31 00:42:08 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I found today that this bug still exists in 9.1-STABLE r245089, and
that the suggested patch appears to fix it.

If any further testing or analysis is needed prior to committing a
fix, I would be glad to help.

CC: freebsd-net@ in the hopes of being noticed and adopted
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRCb3gAAoJEEdKvTwaez9w4k8H/3sX3Z4UXcDxDGxFr7Mkhruf
tpye1L8L6RM1ojatg+sPNnHKfasTULU7YDvgULDcDQfUXZ9UsSGXO+rWbyWpsWpq
l2mLl5oxxQf5lcazshxuApkmhsvKKOBI6wAtXz0y/i88wpCREiqVIGRLL30KK+yh
ENOkDz08iFtaKpK7+fIFmlJjSc4e8uXnA6Lnr0rjcDXW77KkmA+nFcw0x0FhZDKn
pRSzX2hRaGLak6U5Bj03/lsxnsZSVIHg7ztqJSEvp+YQfmeA1ENxlnCdeAP0Polk
HFO4ROPHW0sWvjfJypcohxbWgyIkJbYcPeqnBfoKyUUpEATFuXNX4dLtAIVjOqA=
=3N3O
-----END PGP SIGNATURE-----
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2013-01-31 04:31:33 UTC
On 30 January 2013 19:42, John W. O'Brien <john@saltant.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I found today that this bug still exists in 9.1-STABLE r245089, and
> that the suggested patch appears to fix it.
>
> If any further testing or analysis is needed prior to committing a
> fix, I would be glad to help.
>
> CC: freebsd-net@ in the hopes of being noticed and adopted

The patch is maleformed in the PR.  Perhaps you could attach and resend?


-- 
Eitan Adler
Comment 3 John W. O'Brien 2013-01-31 12:43:30 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/30/2013 11:31 PM, Eitan Adler wrote:
> The patch is maleformed in the PR.  Perhaps you could attach and
> resend?

Gladly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRCmbyAAoJEEdKvTwaez9woYkH/0Wm/KjM+6ggRfDs6hcHDE0X
J1KCr3+Y2NAkCXk76uQB2S0K4g1NMF6oIP3JWAMaRKww9m9kaWTHz9wZAqeaVa8c
DriGjePFLUs+ukjRWuYKwYbTHzF/21DTxzOvkqAXOnprZiwY4T4a+WtF0SPAL5lO
FyZTtH0XV+jW3o5sZ5XFQeNhAwbREvvv9VUp6mw6IoUi0dDcfeF3GVE/a63d2YDy
A4UKqsQOIC/hzQqtQBrSOfXTPylb0C4mjflzX50lMLfNI3Xi7NA/NnyGG2p1FSW1
XHngu2TSULx6OQOenX/xUh2Kag1yBxOv32UKNuR2/zX4CO5q8+CVZx7tQS9lkY0=
=irDK
-----END PGP SIGNATURE-----
Comment 4 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 08:00:34 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped