From owner-freebsd-bugs@FreeBSD.ORG  Thu Nov 16 20:30:15 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AA72416A47B
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 16 Nov 2006 20:30:15 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0D83B43D68
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 16 Nov 2006 20:30:05 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kAGKU1Zh086195
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 16 Nov 2006 20:30:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kAGKU1Wr086194;
	Thu, 16 Nov 2006 20:30:01 GMT (envelope-from gnats)
Resent-Date: Thu, 16 Nov 2006 20:30:01 GMT
Resent-Message-Id: <200611162030.kAGKU1Wr086194@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Jan Mikael Melen<jan@melen.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5DBC016A415
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 16 Nov 2006 20:23:53 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 131B043D72
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 16 Nov 2006 20:23:35 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id kAGKNZx9063384
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 16 Nov 2006 20:23:35 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id kAGKNZor063383;
	Thu, 16 Nov 2006 20:23:35 GMT (envelope-from nobody)
Message-Id: <200611162023.kAGKNZor063383@www.freebsd.org>
Date: Thu, 16 Nov 2006 20:23:35 GMT
From: Jan Mikael Melen<jan@melen.org>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.0
Cc: 
Subject: bin/105614: Creating NULL encryption ESP SAs with setkey fails
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2006 20:30:15 -0000


>Number:         105614
>Category:       bin
>Synopsis:       Creating NULL encryption ESP SAs with setkey fails
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 16 20:30:01 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Jan Mikael Melen
>Release:        CURRENT
>Organization:
>Environment:
FreeBSD n-current.nomadiclab.com 7.0-CURRENT FreeBSD 7.0-CURRENT #9: Thu Nov 16 19:54:26 UTC 2006     root@n51-current.nomadiclab.com:/usr/beet/sys/i386/compile/IPSEC_BEET  i386

>Description:

The setkey manual says that the null encryption mode is supported, but when trying to create a SA with -E null it will result in a Invalid Argument. This is because the SADB_EXT_KEY_ENCRYPT is not included in to the PF_KEY message, if the null is defined. Although it should be included in case the mode is ESP because the kernel expects to receive it whenever the SA type is ESP even if the null encryption is to be used.


>How-To-Repeat:
# ./setkey -c
add 10.10.19.50 10.10.19.100 esp 1680464666 -m transport -E null -A hmac-md5 "authentication!!" ;
The result of line 1: Invalid argument.

>Fix:

Index: parse.y
===================================================================
RCS file: /opt/beet/src/sbin/setkey/parse.y,v
retrieving revision 1.3
diff -u -r1.3 parse.y
--- parse.y     14 Nov 2006 13:10:24 -0000      1.3
+++ parse.y     16 Nov 2006 11:28:28 -0000
@@ -1029,7 +1029,8 @@
        l = sizeof(struct sadb_msg);

        /* set encryption algorithm, if present. */
-       if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) {
+       if (satype != SADB_X_SATYPE_IPCOMP &&
+        (p_key_enc || satype == SADB_SATYPE_ESP)) {
                struct sadb_key m_key;

                m_key.sadb_key_len =

>Release-Note:
>Audit-Trail:
>Unformatted: