search

xelerance / Openswan

Openswan
Other
852 stars 214 forks source link

remote segfault #451

Closed AnatoliChe closed 3 years ago

AnatoliChe commented 3 years ago

With 2.6.52.2rc1 OW it's possible to make remote Segfault

peer2 conf; conn point2-point1 esp=aes128-sha1 left=192.168.44.102 right=192.168.44.101

point2# ipsec auto --add point2-point1 004 "point2-point1" #68: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode

debug on point1: "point1-poiint2" #36: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xd66b959f <0xfa41c26e xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}

now change ipsec.conf of point2 to: conn point2-point1 esp=aes128-sha2 #yeap left=192.168.44.102 right=192.168.44.101

point2# ipsec auto --add point2-point1

002 loaded key: 1607 002 loaded key: 83B8 002 "point2-point1": deleting connection 002 "point2-point1" #54: deleting state #54 (STATE_QUICK_I2) 002 "point2-point1" #58: deleting state #58 (STATE_QUICK_I2) 002 "point2-point1" #57: deleting state #57 (STATE_QUICK_I2) 002 "point2-point1" #56: deleting state #56 (STATE_QUICK_R2) 002 "point2-point1" #53: deleting state #53 (STATE_MAIN_I4) 002 "point2-point1" #55: deleting state #55 (STATE_MAIN_R3) 034 esp string error: hash_alg not found, enc_alg="aes", auth_alg="sha2", modp=""

check debug on peer1 and see:

"point1-point2" #4: received Delete SA(0x47a0a80b) payload: deleting IPSEC State #33 "point1-point2" #4: deleting state #33 (STATE_QUICK_R2) "point1-point2" #4: received and ignored informational message "point1-point2" #4: received Delete SA payload: replace IPSEC State #36 in 10 seconds "point1-point2" #4: received and ignored informational message "point1-point2" #4: received Delete SA(0x2683de6e) payload: deleting IPSEC State #35 "point1-point2" #4: deleting state #35 (STATE_QUICK_R2) "point1-point2" #4: received and ignored informational message "point1-point2" #4: received Delete SA(0xeee0953b) payload: deleting IPSEC State #34 "point1-point2" #4: deleting state #34 (STATE_QUICK_I2) "point1-point2" #4: received and ignored informational message packet from 192.168.44.102:500: received and ignored informational message "point1-point2" #4: received Delete SA payload: deleting ISAKMP State #4 "point1-point2" #4: deleting state #4 (STATE_MAIN_I4) packet from 192.168.44.102:500: received and ignored informational message "point1-point2" #36: DPD: could not find newest phase 1 state pluto_crypto_helper: helper [nonnss] (8) is exiting normally pluto_crypto_helper: helper [nonnss] (1) is exiting normally pluto_crypto_helper: helper [nonnss] (10) is exiting normally pluto_crypto_helper: helper [nonnss] (0) is exiting normally pluto_crypto_helper: helper [nonnss] (2) is exiting normally pluto_crypto_helper: helper [nonnss] (9) is exiting normally pluto_crypto_helper: helper [nonnss] (6) is exiting normally pluto_crypto_helper: helper [nonnss] (5) is exiting normally pluto_crypto_helper: helper [nonnss] (7) is exiting normally pluto_crypto_helper: helper [nonnss] (3) is exiting normally Segmentation fault (core dumped) pluto_crypto_helper: helper [nonnss] (4) is exiting normally

dbg core dump

gdb pluto -c core

Reading symbols from /usr/local/libexec/ipsec/pluto...done. [New LWP 7808] Core was generated by `/usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipse'. Program terminated with signal SIGSEGV, Segmentation fault.

0 0x00005573bad10819 in ipsecdoi_replace (st=st@entry=0x5573bcdc6e70, policy_add=policy_add@entry=0, policy_del=policy_del@entry=0, try=try@entry=1)

at programs/pluto/ipsec_doi.c:489

489 struct state *parent = find_phase1_state(c (gdb) bt

0 0x00005573bad10819 in ipsecdoi_replace (st=st@entry=0x5573bcdc6e70, policy_add=policy_add@entry=0, policy_del=policy_del@entry=0, try=try@entry=1)

at programs/pluto/ipsec_doi.c:489

1 0x00005573bad0d7a8 in sa_replace (st=st@entry=0x5573bcdc6e70, type=type@entry=5) at programs/pluto/replace.c:130

2 0x00005573bad0c82b in handle_a_timer_event (ev=0x5573bcdc3110) at programs/pluto/timer.c:518

3 0x00005573bad0d00a in handle_timer_event () at programs/pluto/timer.c:442

4 0x00005573bad0ba39 in call_server () at programs/pluto/server.c:810

5 0x00005573bacf5faf in main (argc=, argv=) at programs/pluto/plutomain.c:1134

(gdb) frame 0

0 0x00005573bad10819 in ipsecdoi_replace (st=st@entry=0x5573bcdc6e70, policy_add=policy_add@entry=0, policy_del=policy_del@entry=0, try=try@entry=1)

at programs/pluto/ipsec_doi.c:489

489 struct state parent = find_phase1_state(c (gdb) list 484 } 485 } 486 else 487 { 488 / Use the newest Parent SA / 489 struct state parent = find_phase1_state(c 490 , ISAKMP_SA_ESTABLISHED_STATES | PHASE1_INITIATOR_STATES); 491 492 if (parent->st_serialno != st->st_clonedfrom) { 493 DBG(DBG_CONTROL, DBG_log("Switched parent SA from #%lu to #%lu for rekey", (gdb) print c $1 = (struct connection *) 0x5573bcdb4780

mohicks commented 3 years ago

Hi Anatoli,

I can't seem to reproduce this. Could you please send 'ipsec barf' output for at least the machine that crashes? It looks like point1 is attempting a DPD action after point2 has sent delete SA messages.

Just to confirm: point1 has 2.6.52.2rc1, and the test procedure is:

Is that right?

AnatoliChe commented 3 years ago

Reproducing is 100%. I haveit with baremetal and virtual. For testing docker is simplest one

`cat Dockerfile FROM debian:buster as build MAINTAINER Aatoli Che anatoli.che@gmail.com

RUN apt-get update > /dev/null && DEBIAN_FRONTEND=noninteractive apt-get -y -q upgrade RUN DEBIAN_FRONTEND=noninteractive apt-get -y -q install libnspr4-dev libnss3-dev libnss3-tools RUN DEBIAN_FRONTEND=noninteractive apt-get -y -q install git libgmp-dev make flex bison iproute2 iptables sed gawk bash coreutils libpcap0.8-dev libpcap0.8 electric-fence tcpdump linux-headers-amd64 gcc RUN cd /usr/src/ && git clone https://github.com/xelerance/Openswan RUN cd /usr/src/Openswan; make KERNELSRC=linux-headers-4.19.0-12-amd64 programs install

FROM debian:buster as ipsecnode MAINTAINER Aatoli Che anatoli.che@gmail.com

RUN apt-get update > /dev/null && DEBIAN_FRONTEND=noninteractive apt-get -y -q upgrade RUN DEBIAN_FRONTEND=noninteractive apt-get -y -q install gdb rsyslog COPY --from=build /usr/local /usr/local/ COPY --from=build /etc/init.d/ipsec /etc/init.d/ BUILD: docker build -t ipsec . at this point I do not want cube or swarm start point1 docker run -ti --privileged -v ~point1/ipsec.secrets:/etc/ipsec.secrets -v ~/point1/ipsec.conf:/etc/ipsec.conf ipsec ip a 172.17.0.2 /etc/init.d/rsyslog start /etc/init.d/ipsec start tail -f /dev/shm/openswan.log We will get here: "point1-to-point2" #1: received Vendor ID payload [Openswan (this version) 2.6.52.2-1-gd420cf802 ] "point1-to-point2" #1: received Vendor ID payload [Dead Peer Detection] "point1-to-point2" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 "point1-to-point2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 | WARNING: finish_dh_secretiv:160: encryptor 'aes' expects keylen 16/128, SA #1 INITIATOR keylen is 20 | WARNING: finish_dh_secretiv:160: encryptor 'aes' expects keylen 16/128, SA #1 RESPONDER keylen is 0 "point1-to-point2" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 "point1-to-point2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 "point1-to-point2" #1: received Vendor ID payload [CAN-IKEv2] "point1-to-point2" #1: Main mode peer ID is ID_FQDN: '@point2' "point1-to-point2" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 "point1-to-point2" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG oursig= theirsig=AQN2EwF/B cipher=aes_128 prf=oakley_sha group=modp1536} "point1-to-point2" #1: Dead Peer Detection (RFC 3706): enabled "point1-to-point2" #2: initiating Quick Mode RSASIG+ENCRYPT+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:5ddb34c3 proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1536} | creating SPD to 172.17.0.3->spi=00010000@172.17.0.2 proto=4 | creating SPD to 172.17.0.2->spi=6145a640@172.17.0.3 proto=50 "point1-to-point2" #2: Dead Peer Detection (RFC 3706): enabled "point1-to-point2" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 "point1-to-point2" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x6145a640 <0x12e1f57c xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled} "point1-to-point2" #1: received Delete SA payload: replace IPSEC State #2 in 10 seconds "point1-to-point2" #1: received and ignored informational message "point1-to-point2" #1: received Delete SA payload: deleting ISAKMP State #1 "point1-to-point2" #1: deleting state #1 (STATE_MAIN_I4) packet from 172.17.0.3:500: received and ignored informational message pluto_crypto_helper: helper [nonnss] (0) is exiting normally Segmentation fault (core dumped) tail: /dev/shm/openswan.log: file truncated Plutorun started on Wed Dec 2 21:17:18 UTC 2020 `

start point2 docker run -ti --privileged -v ~point1/ipsec.secrets:/etc/ipsec.secrets -v ~/point1/ipsec.conf:/etc/ipsec.conf ipsec ip a 172.17.0.3 /etc/init.d/rsyslog start /etc/init.d/ipsec start ipsec auto --up point2-to-point1 002 "point2-to-point1" #9: initiating Quick Mode RSASIG+ENCRYPT+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#7 msgid:63c13c08 proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1536} 118 "point2-to-point1" #9: STATE_QUICK_I1: initiate 002 "point2-to-point1" #9: Dead Peer Detection (RFC 3706): enabled 002 "point2-to-point1" #9: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 004 "point2-to-point1" #9: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xeaf2c257 <0xc2c84384 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}

now change esp=aes128-sha1 to esp=aes128-sha2 and do ipsec auto --add point2-to-point1 002 loaded key: 83B8 6D2B 6034 C9F5 92A2 AD39 EA51 D832 72EF 94D4 002 loaded key: 1607 9372 7F4F 5273 8EF0 EC16 D213 3C48 B440 9426 002 "point2-to-point1": deleting connection 002 "point2-to-point1" #9: deleting state #9 (STATE_QUICK_I2) 002 "point2-to-point1" #8: deleting state #8 (STATE_QUICK_R2) 002 "point2-to-point1" #7: deleting state #7 (STATE_MAIN_R3) 034 esp string error: hash_alg not found, enc_alg="aes", auth_alg="sha2", modp=""

wait 5 seconds and got Segmentation fault (core dumped) at point1

barf in next message

conf point1 config setup interfaces=%defaultroute uniqueids=yes plutostderrlog=/dev/shm/openswan.log dumpdir=/dev/shm/ nhelpers=1

defaults for subsequent connection descriptions

(these defaults will soon go away)

conn %default keyingtries=0 authby=rsasig keyexchange=ike keylife=20m pfs=yes rekeymargin=5m rekeyfuzz=50% ike=aes-sha1 esp=aes-sha1 dpddelay=30 dpdtimeout=120 dpdaction=restart

conn point1-to-point2 auto=start type=transport

direction=dpt

esp=aes128-sha1       #with E-2144G 3.91    # E-2286G 4.10
    left=172.17.0.2
    leftid=@point1
leftrsasigkey=0sAQPyMQ+ PUB KEY1 ==
right=172.17.0.3
    rightid=@point2
rightrsasigkey=0sAQN2EwF/BJSsHk PUB KEY2  ==
AnatoliChe commented 3 years ago

point1 root@1fe326343f70:/# ipsec barf 1fe326343f70 Wed Dec 2 21:27:48 UTC 2020

name : authenc(hmac(sha1),rfc3686(ctr(aes))) driver : authenc(hmac(sha1-generic),rfc3686(ctr-aes-aesni)) module : authenc priority : 4100 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 8 maxauthsize : 20 geniv :

name : echainiv(authenc(hmac(sha256),cbc(aes))) driver : echainiv(authenc(hmac(sha256-generic),cbc-aes-aesni)) module : echainiv priority : 4100 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 16 ivsize : 16 maxauthsize : 32 geniv :

name : authenc(hmac(sha256),cbc(aes)) driver : authenc(hmac(sha256-generic),cbc-aes-aesni) module : authenc priority : 4100 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 16 ivsize : 16 maxauthsize : 32 geniv :

name : echainiv(authenc(hmac(sha1),cbc(aes))) driver : echainiv(authenc(hmac(sha1-generic),cbc-aes-aesni)) module : echainiv priority : 4100 refcnt : 5 selftest : passed internal : no type : aead async : yes blocksize : 16 ivsize : 16 maxauthsize : 20 geniv :

name : authenc(hmac(sha1),cbc(aes)) driver : authenc(hmac(sha1-generic),cbc-aes-aesni) module : authenc priority : 4100 refcnt : 5 selftest : passed internal : no type : aead async : yes blocksize : 16 ivsize : 16 maxauthsize : 20 geniv :

name : echainiv(authenc(digest_null,cbc(aes))) driver : echainiv(authenc(digest_null-generic,cbc-aes-aesni)) module : echainiv priority : 4000 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 16 ivsize : 16 maxauthsize : 0 geniv :

name : authenc(digest_null,cbc(aes)) driver : authenc(digest_null-generic,cbc-aes-aesni) module : authenc priority : 4000 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 16 ivsize : 16 maxauthsize : 0 geniv :

name : stdrng driver : drbg_nopr_hmac_sha256 module : drbg priority : 207 refcnt : 2 selftest : passed internal : no type : rng seedsize : 0

name : stdrng driver : drbg_nopr_hmac_sha512 module : drbg priority : 206 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0

name : stdrng driver : drbg_nopr_hmac_sha384 module : drbg priority : 205 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0

name : stdrng driver : drbg_nopr_hmac_sha1 module : drbg priority : 204 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0

name : stdrng driver : drbg_pr_hmac_sha256 module : drbg priority : 203 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0

name : stdrng driver : drbg_pr_hmac_sha512 module : drbg priority : 202 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0

name : stdrng driver : drbg_pr_hmac_sha384 module : drbg priority : 201 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0

name : stdrng driver : drbg_pr_hmac_sha1 module : drbg priority : 200 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0

name : fips(ansi_cprng) driver : fips_ansi_cprng module : ansi_cprng priority : 300 refcnt : 1 selftest : passed internal : no type : rng seedsize : 48

name : stdrng driver : ansi_cprng module : ansi_cprng priority : 100 refcnt : 1 selftest : passed internal : no type : rng seedsize : 48

name : seqiv(authenc(digest_null,rfc3686(ctr(aes)))) driver : seqiv(authenc(digest_null-generic,rfc3686(ctr-aes-aesni))) module : seqiv priority : 4000 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 8 maxauthsize : 0 geniv :

name : authenc(digest_null,rfc3686(ctr(aes))) driver : authenc(digest_null-generic,rfc3686(ctr-aes-aesni)) module : authenc priority : 4000 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 8 maxauthsize : 0 geniv :

name : rfc3686(ctr(aes)) driver : rfc3686(ctr-aes-aesni) module : ctr priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 20 max keysize : 36 ivsize : 8 chunksize : 16 walksize : 16

name : cbc(twofish) driver : cbc(twofish-asm) module : cbc priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : twofish driver : twofish-generic module : twofish_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32

name : xts(twofish) driver : cryptd(xts-twofish-avx) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : xts(twofish) driver : xts-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(twofish) driver : cryptd(ctr-twofish-avx) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(twofish) driver : ctr-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(twofish) driver : cryptd(cbc-twofish-avx) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(twofish) driver : cbc-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(twofish) driver : cryptd(ecb-twofish-avx) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : ecb(twofish) driver : ecb-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : xts(twofish) driver : xts-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(twofish) driver : ctr-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(twofish) driver : cbc-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(twofish) driver : ecb-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : ctr(twofish) driver : ctr-twofish-3way module : twofish_x86_64_3way priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(twofish) driver : cbc-twofish-3way module : twofish_x86_64_3way priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(twofish) driver : ecb-twofish-3way module : twofish_x86_64_3way priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : twofish driver : twofish-asm module : twofish_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32

name : cbc(camellia) driver : cbc(camellia-asm) module : cbc priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : camellia driver : camellia-generic module : camellia_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32

name : xts(camellia) driver : cryptd(xts-camellia-aesni-avx2) module : cryptd priority : 550 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : xts(camellia) driver : xts-camellia-aesni-avx2 module : camellia_aesni_avx2 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(camellia) driver : cryptd(ctr-camellia-aesni-avx2) module : cryptd priority : 550 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(camellia) driver : ctr-camellia-aesni-avx2 module : camellia_aesni_avx2 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(camellia) driver : cryptd(cbc-camellia-aesni-avx2) module : cryptd priority : 550 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(camellia) driver : cbc-camellia-aesni-avx2 module : camellia_aesni_avx2 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(camellia) driver : cryptd(ecb-camellia-aesni-avx2) module : cryptd priority : 550 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : ecb(camellia) driver : ecb-camellia-aesni-avx2 module : camellia_aesni_avx2 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : xts(camellia) driver : xts-camellia-aesni-avx2 module : camellia_aesni_avx2 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(camellia) driver : ctr-camellia-aesni-avx2 module : camellia_aesni_avx2 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(camellia) driver : cbc-camellia-aesni-avx2 module : camellia_aesni_avx2 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(camellia) driver : ecb-camellia-aesni-avx2 module : camellia_aesni_avx2 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : xts(camellia) driver : xts-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(camellia) driver : ctr-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(camellia) driver : cbc-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(camellia) driver : ecb-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : xts(camellia) driver : xts-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(camellia) driver : ctr-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(camellia) driver : cbc-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(camellia) driver : ecb-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : ctr(camellia) driver : ctr-camellia-asm module : camellia_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(camellia) driver : cbc-camellia-asm module : camellia_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(camellia) driver : ecb-camellia-asm module : camellia_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : camellia driver : camellia-asm module : camellia_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32

name : cbc(serpent) driver : cbc(serpent-generic) module : cbc priority : 100 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : xts(serpent) driver : cryptd(xts-serpent-avx2) module : cryptd priority : 650 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : xts(serpent) driver : xts-serpent-avx2 module : serpent_avx2 priority : 600 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(serpent) driver : cryptd(ctr-serpent-avx2) module : cryptd priority : 650 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(serpent) driver : ctr-serpent-avx2 module : serpent_avx2 priority : 600 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(serpent) driver : cryptd(cbc-serpent-avx2) module : cryptd priority : 650 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(serpent) driver : cbc-serpent-avx2 module : serpent_avx2 priority : 600 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(serpent) driver : cryptd(ecb-serpent-avx2) module : cryptd priority : 650 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : ecb(serpent) driver : ecb-serpent-avx2 module : serpent_avx2 priority : 600 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : xts(serpent) driver : xts-serpent-avx2 module : serpent_avx2 priority : 600 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(serpent) driver : ctr-serpent-avx2 module : serpent_avx2 priority : 600 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(serpent) driver : cbc-serpent-avx2 module : serpent_avx2 priority : 600 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(serpent) driver : ecb-serpent-avx2 module : serpent_avx2 priority : 600 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : xts(serpent) driver : xts-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(serpent) driver : ctr-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(serpent) driver : cbc-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(serpent) driver : ecb-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : xts(serpent) driver : xts-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(serpent) driver : ctr-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(serpent) driver : cbc-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(serpent) driver : ecb-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : ctr(serpent) driver : ctr-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(serpent) driver : cbc-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(serpent) driver : ecb-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : ctr(serpent) driver : ctr-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(serpent) driver : cbc-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(serpent) driver : ecb-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : tnepres driver : tnepres-generic module : serpent_generic priority : 0 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 0 max keysize : 32

name : serpent driver : serpent-generic module : serpent_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 0 max keysize : 32

name : cbc(blowfish) driver : cbc(blowfish-asm) module : cbc priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 8 min keysize : 4 max keysize : 56 ivsize : 8 chunksize : 8 walksize : 8

name : blowfish driver : blowfish-generic module : blowfish_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 4 max keysize : 56

name : ctr(blowfish) driver : ctr-blowfish-asm module : blowfish_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 1 min keysize : 4 max keysize : 56 ivsize : 8 chunksize : 8 walksize : 8

name : cbc(blowfish) driver : cbc-blowfish-asm module : blowfish_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 8 min keysize : 4 max keysize : 56 ivsize : 8 chunksize : 8 walksize : 8

name : ecb(blowfish) driver : ecb-blowfish-asm module : blowfish_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 8 min keysize : 4 max keysize : 56 ivsize : 0 chunksize : 8 walksize : 8

name : blowfish driver : blowfish-asm module : blowfish_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 4 max keysize : 56

name : cbc(cast5) driver : cbc(cast5-generic) module : cbc priority : 100 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8

name : ctr(cast5) driver : cryptd(ctr-cast5-avx) module : cryptd priority : 250 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8

name : ctr(cast5) driver : ctr-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8

name : cbc(cast5) driver : cryptd(cbc-cast5-avx) module : cryptd priority : 250 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8

name : cbc(cast5) driver : cbc-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8

name : ecb(cast5) driver : cryptd(ecb-cast5-avx) module : cryptd priority : 250 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 0 chunksize : 8 walksize : 8

name : ecb(cast5) driver : ecb-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 0 chunksize : 8 walksize : 8

name : ctr(cast5) driver : ctr-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8

name : cbc(cast5) driver : cbc-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8

name : ecb(cast5) driver : ecb-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 0 chunksize : 8 walksize : 8

name : cast5 driver : cast5-generic module : cast5_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 5 max keysize : 16

name : cbc(des3_ede) driver : cbc(des3_ede-generic) module : cbc priority : 100 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 8 min keysize : 24 max keysize : 24 ivsize : 8 chunksize : 8 walksize : 8

name : cbc(des) driver : cbc(des-generic) module : cbc priority : 100 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 8 min keysize : 8 max keysize : 8 ivsize : 8 chunksize : 8 walksize : 8

name : des3_ede driver : des3_ede-generic module : des_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 24 max keysize : 24

name : des driver : des-generic module : des_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 8 max keysize : 8

name : cmac(aes) driver : cmac(aes-aesni) module : cmac priority : 300 refcnt : 1 selftest : passed internal : no type : shash blocksize : 16 digestsize : 16

name : xcbc(aes) driver : xcbc(aes-aesni) module : xcbc priority : 300 refcnt : 1 selftest : passed internal : no type : shash blocksize : 16 digestsize : 16

name : hmac(rmd160) driver : hmac(rmd160-generic) module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 20

name : rmd160 driver : rmd160-generic module : rmd160 priority : 0 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 20

name : hmac(sha512) driver : hmac(sha512-avx2) module : kernel priority : 170 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 64

name : hmac(sha384) driver : hmac(sha384-avx2) module : kernel priority : 170 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 48

name : sha384 driver : sha384-avx2 module : sha512_ssse3 priority : 170 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 48

name : sha512 driver : sha512-avx2 module : sha512_ssse3 priority : 170 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 64

name : sha384 driver : sha384-avx module : sha512_ssse3 priority : 160 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 48

name : sha512 driver : sha512-avx module : sha512_ssse3 priority : 160 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 64

name : sha384 driver : sha384-ssse3 module : sha512_ssse3 priority : 150 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 48

name : sha512 driver : sha512-ssse3 module : sha512_ssse3 priority : 150 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 64

name : sha384 driver : sha384-generic module : sha512_generic priority : 100 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 48

name : sha512 driver : sha512-generic module : sha512_generic priority : 100 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 64

name : hmac(md5) driver : hmac(md5-generic) module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 16

name : crct10dif driver : crct10dif-pclmul module : crct10dif_pclmul priority : 200 refcnt : 1 selftest : passed internal : no type : shash blocksize : 1 digestsize : 2

name : crc32 driver : crc32-pclmul module : crc32_pclmul priority : 200 refcnt : 1 selftest : passed internal : no type : shash blocksize : 1 digestsize : 4

name : ghash driver : cryptd(ghash-pclmulqdqni) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : ahash async : yes blocksize : 16 digestsize : 16

name : ghash driver : ghash-clmulni module : ghash_clmulni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : ahash async : yes blocksize : 16 digestsize : 16

name : ghash driver : ghash-pclmulqdqni module : ghash_clmulni_intel priority : 0 refcnt : 1 selftest : passed internal : yes type : shash blocksize : 16 digestsize : 16

name : crc32c driver : crc32c-generic module : crc32c_generic priority : 100 refcnt : 1 selftest : passed internal : no type : shash blocksize : 1 digestsize : 4

name : crc32c driver : crc32c-intel module : crc32c_intel priority : 200 refcnt : 5 selftest : passed internal : no type : shash blocksize : 1 digestsize : 4

name : xts(aes) driver : cryptd(xts-aes-aesni) module : cryptd priority : 451 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : xts(aes) driver : xts-aes-aesni module : aesni_intel priority : 401 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(aes) driver : cryptd(ctr-aes-aesni) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(aes) driver : ctr-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(aes) driver : cryptd(cbc-aes-aesni) module : cryptd priority : 450 refcnt : 5 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(aes) driver : cbc-aes-aesni module : aesni_intel priority : 400 refcnt : 5 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(aes) driver : cryptd(ecb-aes-aesni) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : ecb(aes) driver : ecb-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : generic-gcm-aes-aesni driver : cryptd(driver-generic-gcm-aes-aesni) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : aead async : yes blocksize : 1 ivsize : 12 maxauthsize : 16 geniv :

name : gcm(aes) driver : generic-gcm-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 12 maxauthsize : 16 geniv :

name : generic-gcm-aes-aesni driver : driver-generic-gcm-aes-aesni module : aesni_intel priority : 0 refcnt : 1 selftest : passed internal : yes type : aead async : no blocksize : 1 ivsize : 12 maxauthsize : 16 geniv :

name : gcm-aes-aesni driver : cryptd(driver-gcm-aes-aesni) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : aead async : yes blocksize : 1 ivsize : 8 maxauthsize : 16 geniv :

name : rfc4106(gcm(aes)) driver : rfc4106-gcm-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 8 maxauthsize : 16 geniv :

name : gcm-aes-aesni driver : driver-gcm-aes-aesni module : aesni_intel priority : 0 refcnt : 1 selftest : passed internal : yes type : aead async : no blocksize : 1 ivsize : 8 maxauthsize : 16 geniv :

name : xts(aes) driver : xts-aes-aesni module : aesni_intel priority : 401 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16

name : ctr(aes) driver : ctr-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : cbc(aes) driver : cbc-aes-aesni module : aesni_intel priority : 400 refcnt : 5 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16

name : ecb(aes) driver : ecb-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16

name : aes driver : aes-aesni module : aesni_intel priority : 300 refcnt : 1 selftest : passed internal : yes type : cipher blocksize : 16 min keysize : 16 max keysize : 32

name : aes driver : aes-aesni module : aesni_intel priority : 300 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32

name : aes driver : aes-asm module : aes_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32

name : pkcs1pad(rsa,sha256) driver : pkcs1pad(rsa-generic,sha256) module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : akcipher

name : hmac(sha256) driver : hmac(sha256-generic) module : kernel priority : 100 refcnt : 50 selftest : passed internal : no type : shash blocksize : 64 digestsize : 32

name : hmac(sha1) driver : hmac(sha1-generic) module : kernel priority : 100 refcnt : 57 selftest : passed internal : no type : shash blocksize : 64 digestsize : 20

name : lzo driver : lzo-scomp module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : scomp

name : lzo driver : lzo-generic module : kernel priority : 0 refcnt : 49 selftest : passed internal : no type : compression

name : crct10dif driver : crct10dif-generic module : kernel priority : 100 refcnt : 2 selftest : passed internal : no type : shash blocksize : 1 digestsize : 2

name : zlib-deflate driver : zlib-deflate-scomp module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : scomp

name : deflate driver : deflate-scomp module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : scomp

name : deflate driver : deflate-generic module : kernel priority : 0 refcnt : 2 selftest : passed internal : no type : compression

name : aes driver : aes-generic module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32

name : sha224 driver : sha224-generic module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 28

name : sha256 driver : sha256-generic module : kernel priority : 100 refcnt : 50 selftest : passed internal : no type : shash blocksize : 64 digestsize : 32

name : sha1 driver : sha1-generic module : kernel priority : 100 refcnt : 55 selftest : passed internal : no type : shash blocksize : 64 digestsize : 20

name : md5 driver : md5-generic module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 16

name : digest_null driver : digest_null-generic module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : shash blocksize : 1 digestsize : 0

name : compress_null driver : compress_null-generic module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : compression

name : ecb(cipher_null) driver : ecb-cipher_null module : kernel priority : 100 refcnt : 3 selftest : passed internal : no type : blkcipher blocksize : 1 min keysize : 0 max keysize : 0 ivsize : 0 geniv :

name : cipher_null driver : cipher_null-generic module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 1 min keysize : 0 max keysize : 0

name : rsa driver : rsa-generic module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : akcipher

name : dh driver : dh-generic module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : kpp

< /etc/ipsec.conf 1

version 2

/etc/ipsec.conf - FreeS/WAN IPsec configuration file

More elaborate and more varied sample configurations can be found

in FreeS/WAN's doc/examples file, and in the HTML documentation.

basic configuration

config setup interfaces=%defaultroute uniqueids=yes plutostderrlog=/dev/shm/openswan.log dumpdir=/dev/shm/ nhelpers=1

defaults for subsequent connection descriptions

(these defaults will soon go away)

conn %default keyingtries=0 authby=rsasig keyexchange=ike keylife=20m pfs=yes rekeymargin=5m rekeyfuzz=50% ike=aes-sha1 esp=aes-sha1 dpddelay=30 dpdtimeout=120 dpdaction=restart

conn point1-to-point2 auto=start type=transport esp=aes128-sha1
left=172.17.0.2 leftid=@point1 leftrsasigkey=[keyid AQPyMQ+eW] right=172.17.0.3 rightid=@point2 rightrsasigkey=[keyid AQN2EwF/B]

< /etc/ipsec.secrets 1

: RSA {

RSA 4096 bits ntz.ipsec.interpipe Tue Sep 20 12:18:47 2005

# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=[keyid AQPyMQ+eW]
Modulus: [...]
PublicExponent: [...]
# everything after this point is secret
PrivateExponent: [...]
Prime1: [...]
Prime2: [...]
Exponent1: [...]
Exponent2: [...]
Coefficient: [...]
}

do not change the indenting of that "[sums to 7d9d...]"

AnatoliChe commented 3 years ago

point2 changes the esp configuration change to wrong hash algo ( from esp=aes128-sha1 to esp=aes128-sha2 ) Is that right? Yes I can see it with intel and amd CPU's with Debian 10 and Gentoo, bare metal and virtual machines.

mohicks commented 3 years ago

Thanks for the great directions. I've got the crash now, based on your docker directions, and will investigate.

shussain commented 3 years ago

@mohicks has implemented a fix in the 2.6.52.3 branch

@AnatoliChe can you please test it at your convenience?

AnatoliChe commented 3 years ago

Thank you for patch. Now it's ok.

shussain commented 3 years ago

Great, thank you for reporting the issue.