From nobody@FreeBSD.org  Thu Nov 16 20:23:53 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5DBC016A415
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 16 Nov 2006 20:23:53 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 131B043D72
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 16 Nov 2006 20:23:35 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id kAGKNZx9063384
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 16 Nov 2006 20:23:35 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id kAGKNZor063383;
	Thu, 16 Nov 2006 20:23:35 GMT
	(envelope-from nobody)
Message-Id: <200611162023.kAGKNZor063383@www.freebsd.org>
Date: Thu, 16 Nov 2006 20:23:35 GMT
From: Jan Mikael Melen<jan@melen.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Creating NULL encryption ESP SAs with setkey fails
X-Send-Pr-Version: www-3.0

>Number:         105614
>Category:       bin
>Synopsis:       [patch] setkey(8): Creating NULL encryption ESP SAs with setkey fails
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 16 20:30:01 GMT 2006
>Closed-Date:    
>Last-Modified:  Thu Jan 31 12:50:00 UTC 2013
>Originator:     Jan Mikael Melen
>Release:        CURRENT
>Organization:
>Environment:
FreeBSD n-current.nomadiclab.com 7.0-CURRENT FreeBSD 7.0-CURRENT #9: Thu Nov 16 19:54:26 UTC 2006     root@n51-current.nomadiclab.com:/usr/beet/sys/i386/compile/IPSEC_BEET  i386

>Description:

The setkey manual says that the null encryption mode is supported, but
when trying to create a SA with -E null it will result in a Invalid
Argument. This is because the SADB_EXT_KEY_ENCRYPT is not included in to
the PF_KEY message, if the null is defined. Although it should be included
in case the mode is ESP because the kernel expects to receive it whenever
the SA type is ESP even if the null encryption is to be used.


>How-To-Repeat:
# ./setkey -c
add 10.10.19.50 10.10.19.100 esp 1680464666 -m transport -E null -A hmac-md5
"authentication!!" ;
The result of line 1: Invalid argument.

>Fix:

Index: parse.y
===================================================================
RCS file: /opt/beet/src/sbin/setkey/parse.y,v
retrieving revision 1.3
diff -u -r1.3 parse.y
--- parse.y     14 Nov 2006 13:10:24 -0000      1.3
+++ parse.y     16 Nov 2006 11:28:28 -0000
@@ -1029,7 +1029,8 @@
        l = sizeof(struct sadb_msg);

        /* set encryption algorithm, if present. */
-       if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) {
+       if (satype != SADB_X_SATYPE_IPCOMP &&
+        (p_key_enc || satype == SADB_SATYPE_ESP)) {
                struct sadb_key m_key;

                m_key.sadb_key_len =

>Release-Note:
>Audit-Trail:

From: "John W. O'Brien" <john@saltant.com>
To: bug-followup@FreeBSD.org, freebsd-net@freebsd.org
Cc:  
Subject: Re: bin/105614: [patch] setkey(8): Creating NULL encryption ESP SAs
 with setkey fails
Date: Wed, 30 Jan 2013 19:42:08 -0500

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 I found today that this bug still exists in 9.1-STABLE r245089, and
 that the suggested patch appears to fix it.
 
 If any further testing or analysis is needed prior to committing a
 fix, I would be glad to help.
 
 CC: freebsd-net@ in the hopes of being noticed and adopted
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: Using GnuPG with undefined - http://www.enigmail.net/
 
 iQEcBAEBAgAGBQJRCb3gAAoJEEdKvTwaez9w4k8H/3sX3Z4UXcDxDGxFr7Mkhruf
 tpye1L8L6RM1ojatg+sPNnHKfasTULU7YDvgULDcDQfUXZ9UsSGXO+rWbyWpsWpq
 l2mLl5oxxQf5lcazshxuApkmhsvKKOBI6wAtXz0y/i88wpCREiqVIGRLL30KK+yh
 ENOkDz08iFtaKpK7+fIFmlJjSc4e8uXnA6Lnr0rjcDXW77KkmA+nFcw0x0FhZDKn
 pRSzX2hRaGLak6U5Bj03/lsxnsZSVIHg7ztqJSEvp+YQfmeA1ENxlnCdeAP0Polk
 HFO4ROPHW0sWvjfJypcohxbWgyIkJbYcPeqnBfoKyUUpEATFuXNX4dLtAIVjOqA=
 =3N3O
 -----END PGP SIGNATURE-----

From: Eitan Adler <lists@eitanadler.com>
To: "John W. O'Brien" <john@saltant.com>
Cc: bug-followup@freebsd.org, freebsd-net@freebsd.org
Subject: Re: bin/105614: [patch] setkey(8): Creating NULL encryption ESP SAs
 with setkey fails
Date: Wed, 30 Jan 2013 23:31:33 -0500

 On 30 January 2013 19:42, John W. O'Brien <john@saltant.com> wrote:
 > -----BEGIN PGP SIGNED MESSAGE-----
 > Hash: SHA1
 >
 > I found today that this bug still exists in 9.1-STABLE r245089, and
 > that the suggested patch appears to fix it.
 >
 > If any further testing or analysis is needed prior to committing a
 > fix, I would be glad to help.
 >
 > CC: freebsd-net@ in the hopes of being noticed and adopted
 
 The patch is maleformed in the PR.  Perhaps you could attach and resend?
 
 
 -- 
 Eitan Adler

From: "John W. O'Brien" <john@saltant.com>
To: Eitan Adler <lists@eitanadler.com>
Cc: bug-followup@freebsd.org, freebsd-net@freebsd.org
Subject: Re: bin/105614: [patch] setkey(8): Creating NULL encryption ESP SAs
 with setkey fails
Date: Thu, 31 Jan 2013 07:43:30 -0500

 This is a multi-part message in MIME format.
 --------------000206080500030101040004
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 7bit
 
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 On 01/30/2013 11:31 PM, Eitan Adler wrote:
 > The patch is maleformed in the PR.  Perhaps you could attach and
 > resend?
 
 Gladly.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: Using GnuPG with undefined - http://www.enigmail.net/
 
 iQEcBAEBAgAGBQJRCmbyAAoJEEdKvTwaez9woYkH/0Wm/KjM+6ggRfDs6hcHDE0X
 J1KCr3+Y2NAkCXk76uQB2S0K4g1NMF6oIP3JWAMaRKww9m9kaWTHz9wZAqeaVa8c
 DriGjePFLUs+ukjRWuYKwYbTHzF/21DTxzOvkqAXOnprZiwY4T4a+WtF0SPAL5lO
 FyZTtH0XV+jW3o5sZ5XFQeNhAwbREvvv9VUp6mw6IoUi0dDcfeF3GVE/a63d2YDy
 A4UKqsQOIC/hzQqtQBrSOfXTPylb0C4mjflzX50lMLfNI3Xi7NA/NnyGG2p1FSW1
 XHngu2TSULx6OQOenX/xUh2Kag1yBxOv32UKNuR2/zX4CO5q8+CVZx7tQS9lkY0=
 =irDK
 -----END PGP SIGNATURE-----
 
 --------------000206080500030101040004
 Content-Type: text/plain; charset=UTF-8;
  name="patch-sbin__setkey__parse.y.txt"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment;
  filename="patch-sbin__setkey__parse.y.txt"
 
 SW5kZXg6IHBhcnNlLnkKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gcGFyc2UueQkocmV2aXNpb24gMjQ1
 OTQ3KQorKysgcGFyc2UueQkod29ya2luZyBjb3B5KQpAQCAtMTAxMCw3ICsxMDEwLDggQEAK
 IAlsID0gc2l6ZW9mKHN0cnVjdCBzYWRiX21zZyk7CiAKIAkvKiBzZXQgZW5jcnlwdGlvbiBh
 bGdvcml0aG0sIGlmIHByZXNlbnQuICovCi0JaWYgKHNhdHlwZSAhPSBTQURCX1hfU0FUWVBF
 X0lQQ09NUCAmJiBwX2tleV9lbmMpIHsKKwlpZiAoc2F0eXBlICE9IFNBREJfWF9TQVRZUEVf
 SVBDT01QICYmCisJICAgIChwX2tleV9lbmMgfHwgc2F0eXBlID09IFNBREJfU0FUWVBFX0VT
 UCkpIHsKIAkJc3RydWN0IHNhZGJfa2V5IG1fa2V5OwogCiAJCW1fa2V5LnNhZGJfa2V5X2xl
 biA9Cg==
 --------------000206080500030101040004--
>Unformatted:
