From nobody@FreeBSD.org  Tue Aug 12 05:14:07 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 851EF1065675
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 12 Aug 2008 05:14:07 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 6F9118FC1D
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 12 Aug 2008 05:14:07 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m7C5E6ZM001557
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 12 Aug 2008 05:14:06 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m7C5E6gb001556;
	Tue, 12 Aug 2008 05:14:06 GMT
	(envelope-from nobody)
Message-Id: <200808120514.m7C5E6gb001556@www.freebsd.org>
Date: Tue, 12 Aug 2008 05:14:06 GMT
From: "Eugene M. Zheganin" <emz@norma.perm.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: some ipsec configurations make FreeBSD panic
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         126468
>Category:       kern
>Synopsis:       [ipsec] some ipsec configurations make FreeBSD panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 12 05:20:01 UTC 2008
>Closed-Date:    Sun Jan 17 13:33:48 UTC 2010
>Last-Modified:  Sun Jan 17 13:40:03 UTC 2010
>Originator:     Eugene M. Zheganin
>Release:        7.0-RELEASE-p3
>Organization:
Norma JSC.
>Environment:
FreeBSD izh.norma.com. 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #5: Mon Aug 11 18:41:13 YEKST 2008     emz@ravenholm.hq.norma.perm.ru:/usr/obj/usr/src/sys/IZH  i386
>Description:
The ipsec.conf below makes FreeBSD panic immidiately after setkey -f ipsec.conf.
This ipsec.conf was reported to be working on 6.2-RELEASE and on all releases since 4.7-RELEASE. Problem appeared after an upgrade to 7.0-RELEASE.

The problem is repeatable on 2 FreeBSD machines, one of those machines is running a clean install of FreeBSD 7.0-RELEASE-p3.

The file is also available at http://zhegan.in/unix/ipsec.conf .

===Cut===
flush;
spdflush;

spdadd 212.33.248.82 212.33.248.81 ipencap -P out ipsec esp/tunnel/212.33.248.82-212.33.248.81/require ah/transport/212.33.248.82-212.33.248.81/require;
spdadd 212.33.248.81 212.33.248.82 ipencap -P in  ipsec esp/tunnel/212.33.248.81-212.33.248.82/require ah/transport/212.33.248.81-212.33.248.82/require;
spdadd 192.168.251.5 192.168.251.2 ipencap -P out ipsec esp/tunnel/192.168.251.5-192.168.251.2/require ah/transport/192.168.251.5-192.168.251.2/require;
spdadd 192.168.251.2 192.168.251.5 ipencap -P in  ipsec esp/tunnel/192.168.251.2-192.168.251.5/require ah/transport/192.168.251.2-192.168.251.5/require;

add 212.33.248.81 212.33.248.82 esp 0x10007 -m tunnel -E 3des-cbc "Somepeoplesaymylovecanno" -A hmac-md5 "Pleasebelievemem";
add 212.33.248.81 212.33.248.82 ah 0x10008 -m transport -A keyed-md5 "Yourloveformehas";

add 212.33.248.82 212.33.248.81 esp 0x10005 -m tunnel -E 3des-cbc "ButnowIvegottoknowyatell" -A hmac-md5 "TellmewhoamItobl";
add 212.33.248.82 212.33.248.81 ah 0x10006 -m transport -A keyed-md5 "Iwasbornwithouty";

add 192.168.251.5 192.168.251.2 esp 0x10052 -m tunnel -E 3des-cbc "DrutfomgooxkeabTevutOcks" -A hmac-md5 "onghojdiodhovtev";
add 192.168.251.5 192.168.251.2 ah 0x10053 -m transport -A keyed-md5 "saidIltUxOpZeeld";

add 192.168.251.2 192.168.251.5 esp 0x10054 -m tunnel -E 3des-cbc "DrutfomgooxkeabTevutOcks" -A hmac-md5 "MesbemusnEbMifAv";
add 192.168.251.2 192.168.251.5 ah 0x10055 -m transport -A keyed-md5 "toojijbishriRiwi";
===Cut===
>How-To-Repeat:
Get a FreeBSD, get an IPSEC-enabled kernel. Try to setkey -f <file> with a proposed configuration inside the <file>.
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->bz 
Responsible-Changed-By: remko 
Responsible-Changed-When: Tue Aug 12 06:50:06 UTC 2008 
Responsible-Changed-Why:  
Hi Bjoern, can you have a look at this please? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=126468 

From: Yuriy Tsibizov <Yuriy.Tsibizov@gfk.ru>
To: bug-followup@FreeBSD.org, emz@norma.perm.ru
Cc:  
Subject: Re: bin/126468: [ipsec] some ipsec configurations make FreeBSD panic
Date: Tue, 12 Aug 2008 15:59:13 +0400 (MSD)

 This bug is reproducible on 7-STABLE (FreeBSD test-xx.hhp.local 7.0-STABLE 
 FreeBSD 7.0-STABLE #1: Tue Aug 12 10:23:00 UTC 2008 
 chibis@test-xx.hhp.local:/usr/obj/usr/src/sys/IPSEC-G  i386)
 
 It's fresh FreeBSD 7-RELEASE installation updated to 7-STABLE as of Aug, 
 11th with following rc.conf:
 
 --
 hostname="test-xx.hhp.local"
 ifconfig_em0="DHCP"
 ifconfig_em1="DHCP"
 sshd_enable="YES"
 
 ddb_enable="YES"                # Set to YES to load ddb scripts at boot.
 --
 
 DHCP IPs are from 10.x.x.x network. Only em1 is attached to LAN.
 
 
 Kernel config:
 
 --
 include GENERIC
 device crypto
 options         IPSEC                   #IP security (requires device 
 crypto)
 options KDB
 options DDB
 options KDB_UNATTENDED
 --
 
 Running setkey with ipsec.conf from http://zhegan.in/unix/ipsec.conf
 setkey -f ipsec.conf
 
 Kernel panic messages:
 
 --
 Fatal trap 12: page fault while in kernel mode
 cpuid = 0; apic id = 00
 fault virtual address   = 0x0
 fault code              = supervisor write, page not present
 instruction pointer     = 0x20:0xc0ad4dbc
 stack pointer           = 0x28:0xe8d0d7cc
 frame pointer           = 0x28:0xe8d0d7f0
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                          = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 819 (setkey)
 --
 
 Backtrace:
 
 --
 db> bt
 
 Tracing pid 819 tid 100100 td 0xc6c09440
 memcpy(0,c6c84700,10,c66bcb60,c1472960,...) at memcpy+0x14
 swcr_authprepare(80,c0c38440,1,c677a1f0,2000000,...) at 
 swcr_authprepare+0x13b
 swcr_newsession(c6412500,e8d0d884,e8d0d8a8,c09ecab6,c145f048,...) at 
 swcr_newsession+0x419
 crypto_newsession(c6c847f8,e8d0d8a8,3000000,9,80,...) at 
 crypto_newsession+0x198
 ah_init(c6c84780,c0c36708,c6c84780,e8d0d910,c091dc68,...) at ah_init+0x41
 xform_init(c6c84780,2,101,0,0,...) at xform_init+0x43
 key_setsaval(80,c0c35ee0,101,c0c35f40,c6c84800,...) at key_setsaval+0x2e8
 key_newsav(e8d0d968,c0b87717,1356,c6857b18,c6955300,...) at 
 key_newsav+0x124
 key_add(c69f0d00,c6c8c100,e8d0d9f4,e8d0d9f0,c6c8c1e0,...) at key_add+0x34b
 key_parse(c6c8c100,c69f0d00,39,c66f95e0,e8d0db24,...) at key_parse+0x837
 key_output(c6c8c100,c69f0d00,c69f0d00,20000,e8d0db44,...) at 
 key_output+0xd8
 raw_usend(c69f0d00,0,c6c8c100,0,0,...) at raw_usend+0x89
 key_send(c69f0d00,0,c6c8c100,0,0,...) at key_send+0x35
 sosend_generic(c69f0d00,0,e8d0dbe8,c6c8c100,0,...) at sosend_generic+0x645
 sosend(c69f0d00,0,e8d0dbe8,0,0,...) at sosend+0x3f
 kern_sendit(c6c09440,4,e8d0dc64,0,0,...) at kern_sendit+0x106
 sendit(0,bfbfe824,0,0,0,...) at sendit+0xb1
 sendto(c6c09440,e8d0dcfc,18,e8d0dd38,e8d0dd2c,...) at sendto+0x48
 syscall(e8d0dd38) at syscall+0x335
 Xint0x80_syscall() at Xint0x80_syscall+0x20
 --- syscall (133, FreeBSD ELF32, sendto), eip = 0x2814e0cf, esp = 
 0xbfbf66fc, ebp = 0xbfbf6728 ---
 --
 
 
State-Changed-From-To: open->analyzed 
State-Changed-By: bz 
State-Changed-When: Tue Jan 27 19:02:15 UTC 2009 
State-Changed-Why:  
I can see the problem but cannot understand how it could 
have worked in the past. 
swcr_authprepare() from the bt and it seems both 
CRYPTO_MD5_KPDK and CRYPTO_SHA1_KPDK are buggy. 
CRYPTO_SHA1_KPDK also wrt to argument order passed in the 
finalize function. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=126468 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/126468: commit references a PR
Date: Wed, 28 Jan 2009 15:31:26 +0000 (UTC)

 Author: bz
 Date: Wed Jan 28 15:31:16 2009
 New Revision: 187826
 URL: http://svn.freebsd.org/changeset/base/187826
 
 Log:
   While OpenBSD's crypto/ framework has sha1 and md5 implementations that
   can cope with a result buffer of NULL in the "Final" function, we cannot.
   Thus pass in a temporary buffer long enough for either md5 or sha1 results
   so that we do not panic.
   
   PR:		bin/126468
   MFC after:	1 week
 
 Modified:
   head/sys/opencrypto/cryptosoft.c
 
 Modified: head/sys/opencrypto/cryptosoft.c
 ==============================================================================
 --- head/sys/opencrypto/cryptosoft.c	Wed Jan 28 15:22:44 2009	(r187825)
 +++ head/sys/opencrypto/cryptosoft.c	Wed Jan 28 15:31:16 2009	(r187826)
 @@ -433,12 +433,17 @@ swcr_authprepare(struct auth_hash *axf, 
  		break;
  	case CRYPTO_MD5_KPDK:
  	case CRYPTO_SHA1_KPDK:
 +	{
 +		/* We need a buffer that can hold an md5 and a sha1 result. */
 +		u_char buf[SHA1_RESULTLEN];
 +
  		sw->sw_klen = klen;
  		bcopy(key, sw->sw_octx, klen);
  		axf->Init(sw->sw_ictx);
  		axf->Update(sw->sw_ictx, key, klen);
 -		axf->Final(NULL, sw->sw_ictx);
 +		axf->Final(buf, sw->sw_ictx);
  		break;
 +	}
  	default:
  		printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d "
  		    "doesn't use keys.\n", __func__, axf->type);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: analyzed->patched 
State-Changed-By: bz 
State-Changed-When: Wed Jan 28 15:42:59 UTC 2009 
State-Changed-Why:  
A patch was comitted to HEAD. A follow-up mail was sent 
to the commit message stating that I am unsure why the 
calculations are done at all if we are not interested 
in the result. 

PS: the sha1 options are swapped somewhere by a macro, so 
they were fine. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=126468 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/126468: commit references a PR
Date: Sat,  9 Jan 2010 15:44:04 +0000 (UTC)

 Author: bz
 Date: Sat Jan  9 15:43:47 2010
 New Revision: 201898
 URL: http://svn.freebsd.org/changeset/base/201898
 
 Log:
   Add comments trying to explain what bad things happen here, i.e.
   how hashed MD5/SHA are implemented, abusing Final() for padding and
   sw_octx to transport the key from the beginning to the end.
   
   Enlightened about what was going on here by: cperciva
   Reviewed by:	cperciva
   MFC After:	3 days
   X-MFC with:	r187826
   PR:		kern/126468
 
 Modified:
   head/sys/opencrypto/cryptosoft.c
 
 Modified: head/sys/opencrypto/cryptosoft.c
 ==============================================================================
 --- head/sys/opencrypto/cryptosoft.c	Sat Jan  9 15:37:24 2010	(r201897)
 +++ head/sys/opencrypto/cryptosoft.c	Sat Jan  9 15:43:47 2010	(r201898)
 @@ -434,7 +434,16 @@ swcr_authprepare(struct auth_hash *axf, 
  	case CRYPTO_MD5_KPDK:
  	case CRYPTO_SHA1_KPDK:
  	{
 -		/* We need a buffer that can hold an md5 and a sha1 result. */
 +		/* 
 +		 * We need a buffer that can hold an md5 and a sha1 result
 +		 * just to throw it away.
 +		 * What we do here is the initial part of:
 +		 *   ALGO( key, keyfill, .. )
 +		 * adding the key to sw_ictx and abusing Final() to get the
 +		 * "keyfill" padding.
 +		 * In addition we abuse the sw_octx to save the key to have
 +		 * it to be able to append it at the end in swcr_authcompute().
 +		 */
  		u_char buf[SHA1_RESULTLEN];
  
  		sw->sw_klen = klen;
 @@ -495,9 +504,17 @@ swcr_authcompute(struct cryptodesc *crd,
  
  	case CRYPTO_MD5_KPDK:
  	case CRYPTO_SHA1_KPDK:
 +		/* If we have no key saved, return error. */
  		if (sw->sw_octx == NULL)
  			return EINVAL;
  
 +		/*
 +		 * Add the trailing copy of the key (see comment in
 +		 * swcr_authprepare()) after the data:
 +		 *   ALGO( .., key, algofill )
 +		 * and let Final() do the proper, natural "algofill"
 +		 * padding.
 +		 */
  		axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
  		axf->Final(aalg, &ctx);
  		break;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: bz 
State-Changed-When: Sun Jan 17 13:32:49 UTC 2010 
State-Changed-Why:  
The fix has been reviewed and merged down to RELENG_6. 
Thanks a lot for the detailed report. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=126468 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/126468: commit references a PR
Date: Sun, 17 Jan 2010 13:32:25 +0000 (UTC)

 Author: bz
 Date: Sun Jan 17 13:31:48 2010
 New Revision: 202475
 URL: http://svn.freebsd.org/changeset/base/202475
 
 Log:
   MFC r187826:
     While OpenBSD's crypto/ framework has sha1 and md5 implementations that
     can cope with a result buffer of NULL in the "Final" function, we cannot.
     Thus pass in a temporary buffer long enough for either md5 or sha1 results
     so that we do not panic.
   
   PR:		bin/126468
   Reviewed by:	cperciva
 
 Modified:
   stable/7/sys/opencrypto/cryptosoft.c
 Directory Properties:
   stable/7/sys/   (props changed)
   stable/7/sys/cddl/contrib/opensolaris/   (props changed)
   stable/7/sys/contrib/dev/acpica/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
 
 Modified: stable/7/sys/opencrypto/cryptosoft.c
 ==============================================================================
 --- stable/7/sys/opencrypto/cryptosoft.c	Sun Jan 17 13:28:25 2010	(r202474)
 +++ stable/7/sys/opencrypto/cryptosoft.c	Sun Jan 17 13:31:48 2010	(r202475)
 @@ -429,12 +429,17 @@ swcr_authprepare(struct auth_hash *axf, 
  		break;
  	case CRYPTO_MD5_KPDK:
  	case CRYPTO_SHA1_KPDK:
 +	{
 +		/* We need a buffer that can hold an md5 and a sha1 result. */
 +		u_char buf[SHA1_RESULTLEN];
 +
  		sw->sw_klen = klen;
  		bcopy(key, sw->sw_octx, klen);
  		axf->Init(sw->sw_ictx);
  		axf->Update(sw->sw_ictx, key, klen);
 -		axf->Final(NULL, sw->sw_ictx);
 +		axf->Final(buf, sw->sw_ictx);
  		break;
 +	}
  	default:
  		printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d "
  		    "doesn't use keys.\n", __func__, axf->type);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/126468: commit references a PR
Date: Sun, 17 Jan 2010 13:32:55 +0000 (UTC)

 Author: bz
 Date: Sun Jan 17 13:32:14 2010
 New Revision: 202476
 URL: http://svn.freebsd.org/changeset/base/202476
 
 Log:
   MFC r187826:
     While OpenBSD's crypto/ framework has sha1 and md5 implementations that
     can cope with a result buffer of NULL in the "Final" function, we cannot.
     Thus pass in a temporary buffer long enough for either md5 or sha1 results
     so that we do not panic.
   
   PR:		bin/126468
   Reviewed by:	cperciva
 
 Modified:
   stable/6/sys/opencrypto/cryptosoft.c
 Directory Properties:
   stable/6/sys/   (props changed)
   stable/6/sys/contrib/pf/   (props changed)
   stable/6/sys/dev/cxgb/   (props changed)
 
 Modified: stable/6/sys/opencrypto/cryptosoft.c
 ==============================================================================
 --- stable/6/sys/opencrypto/cryptosoft.c	Sun Jan 17 13:31:48 2010	(r202475)
 +++ stable/6/sys/opencrypto/cryptosoft.c	Sun Jan 17 13:32:14 2010	(r202476)
 @@ -425,12 +425,17 @@ swcr_authprepare(struct auth_hash *axf, 
  		break;
  	case CRYPTO_MD5_KPDK:
  	case CRYPTO_SHA1_KPDK:
 +	{
 +		/* We need a buffer that can hold an md5 and a sha1 result. */
 +		u_char buf[SHA1_RESULTLEN];
 +
  		sw->sw_klen = klen;
  		bcopy(key, sw->sw_octx, klen);
  		axf->Init(sw->sw_ictx);
  		axf->Update(sw->sw_ictx, key, klen);
 -		axf->Final(NULL, sw->sw_ictx);
 +		axf->Final(buf, sw->sw_ictx);
  		break;
 +	}
  	default:
  		printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d "
  		    "doesn't use keys.\n", __func__, axf->type);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
