https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162021-02-24T08:11:12ZpfSense bugtrackerpfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=515402021-02-24T08:11:12ZJim Pingle
<ul></ul><p>Specifically, the hardware from the thread above is a Netgate 5100 running pfSense Plus, but this likely affects both Plus and CE. Needs more data, however.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=515442021-02-24T09:42:44ZJim Pingle
<ul></ul><p>Another potential report at <a class="external" href="https://forum.netgate.com/topic/161354/ipsec-packet-loss-routing-issue-with-21-02-release">https://forum.netgate.com/topic/161354/ipsec-packet-loss-routing-issue-with-21-02-release</a> but for the Netgate 7100. Waiting on more data/confirmation that moving off AES-NI helps there yet.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=516062021-02-25T20:26:07ZKris Phillips
<ul></ul><p>This also affects Site to Site VPN tunnels. Please reference internal ticket 76224 for another example of this bug causing issues.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=516072021-02-25T20:31:11ZKris Phillips
<ul></ul><p>Interesting point to mention related to IPSec: If you lower the subnet size to something like a /30 this issue takes longer to rear its head. If you up the subnet size on a tunnel to something bigger like a /17 and then restart the IPsec service packets will pass for about 2-3 seconds and then die. With a /30 it can take upwards of a few minutes before traffic stops passing.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=516082021-02-25T20:34:15ZChris Linstruth
<ul></ul><p>To addto the above: looks like TAC had one that was Plus 21.02 on an XG-7100 on one side and Azure VPN on the other. Disabling AES-NI stopped it from failing after "some traffic."</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=521052021-03-09T13:49:52ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>CE-Next</i> to <i>2.5.1</i></li></ul> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=522672021-03-12T07:24:38ZJim Pingle
<ul></ul><p>There have been multiple additional confirmations of this from customers and forum users, and in each case thus far, switching to QAT or switching the hash has stabilized the IPsec behavior.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=523512021-03-13T22:00:22ZMichael Spears
<ul></ul><p>Jim Pingle wrote:</p>
<blockquote>
<p>Based on at least one report, it appears AES-NI on Plus 21.02/2.5.0 has an issue with SHA-256 and some clients, notably Android and Apple clients.</p>
<p><a class="external" href="https://forum.netgate.com/topic/161268/ipsec-tunnels-using-sha256-may-not-connect">https://forum.netgate.com/topic/161268/ipsec-tunnels-using-sha256-may-not-connect</a></p>
<p>If the tunnel is switched to a different hash or if AES-NI is disabled, the problems do not occur. There is no problem when using other accelerators such as QAT, only AES-NI appears to be affected.</p>
<p>Per Mark J the AES-NI driver in Plus 21.02/2.5.0 now supports accelerating SHA, so it's possible there is a difference in the implementation of SHA-256 in AES-NI than in the OS.</p>
<p>Historically there were differences with SHA-256 on FreeBSD which could lead to similar problems. It was standardized on the RFC 4868 implementation about 10 years ago (ref: <a class="external" href="http://lists.freebsd.org/pipermail/svn-src-head/2011-February/025040.html">http://lists.freebsd.org/pipermail/svn-src-head/2011-February/025040.html</a> )</p>
</blockquote>
<p>Assisted a customer with this today on a 5100</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=526302021-03-22T04:15:04ZYury Zaytsev
<ul></ul><p>We've hit this after upgrade from 2.4.5 to 2.5.0 on our two SG-5100 - was terribly difficult to figure it out, but thanks to NetGate to pointing us in the right direction!</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=527662021-03-30T14:46:31ZRenato Botelhorenato@netgate.com
<ul><li><strong>Target version</strong> changed from <i>2.5.1</i> to <i>CE-Next</i></li></ul><p>Not enough time for 2.5.1</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=529102021-04-09T09:32:05ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>Using SHA256 with AES-NI may fail for some clients</i> to <i>Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing</i></li></ul><p>Updating subject.</p>
<p>Note that this problem only affects CPUs which report the ability to accelerate SHA1 and SHA256.</p>
<p>When AES-NI is active the System Information widget on the Dashboard indicates whether or not acceleration for the affected hashes is supported. For example:</p>
<p>Unsupported:</p>
<blockquote>
<p>Hardware crypto AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS</p>
</blockquote>
<p>Supported:</p>
<blockquote>
<p>Hardware crypto AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,SHA1,SHA256</p>
</blockquote>
<p>In the latter case, to avoid problems with SHA1 or SHA256 the cryptographic support option should be changed to QAT for those on pfSense Plus. On pfSense CE, change to an AEAD cipher such as AES-GCM which does not utilize hashes or switch to a different hash (e.g. SHA-512).</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=530262021-04-16T13:48:20ZJan de Groot
<ul><li><strong>File</strong> <a href="/attachments/3569">disable-sha.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/3569/disable-sha.patch">disable-sha.patch</a> added</li></ul><p>This hit me after migrating a pfSense CE firewall for a customer. The Atom C3000 series CPU in the new firewall has SHA1/SHA256 offload, the old CPU didn't have any offloading at all but was faster than the Atom. The customer has Windows VPN clients, Windows can't do AES-GCM, only 3DES or AES-CBC.</p>
<p>I applied a hotfix by disabling sha support in the AESNI module. This requires a kernel recompile, but after that the /boot/kernel/aesni.ko module can be replaced.</p>
<p>Attached is the quickfix patch.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=530902021-04-20T12:53:43ZJim Pingle
<ul></ul><p>After inspecting the code, disabling the SHA functionality in AES-NI is the best course of action.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=530952021-04-20T20:58:01ZLuiz Souzaluiz@netgate.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li></ul><p>Regression fixed in 2.6 devel.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=532182021-04-27T14:27:00ZRenato Botelhorenato@netgate.com
<ul></ul><p>Another fix [1] was imported from FreeBSD and will be present on tomorrow's snapshots</p>
<p>[1] <a class="external" href="https://cgit.freebsd.org/src/commit/?id=62e32cf9140e6c13663dcd69ec3b3c7ca4579782">https://cgit.freebsd.org/src/commit/?id=62e32cf9140e6c13663dcd69ec3b3c7ca4579782</a></p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=534532021-05-11T12:24:24ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>CE-Next</i> to <i>2.6.0</i></li></ul> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=535302021-05-11T15:42:40ZJim Pingle
<ul><li><strong>Plus Target Version</strong> set to <i>21.05</i></li></ul> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=536352021-05-12T07:30:00ZJim Pingle
<ul></ul><p>Already in 21.05 builds.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=540842021-05-27T07:55:28ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>2.6.0</i> to <i>2.5.2</i></li></ul> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=542152021-06-01T20:56:24ZMarcos M
<ul></ul><p>Tested with SHA256 on IPsec P1 and SHA1 on P2 on <code>21.05-RC built on Wed May 26 18:11:31 EDT 2021</code> with AES-NI selected in system settings. Traffic passed correctly.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=542272021-06-02T10:11:12ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li></ul> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=547922021-06-29T12:46:42ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Closed</i> to <i>Feedback</i></li></ul><p>Due to changes in the freebsd-src branch used to build 2.5.2 snapshots, this needs re-tested on a build dated <strong>after</strong> this comment.</p> pfSense - Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashinghttps://redmine.pfsense.org/issues/11524?journal_id=549142021-07-06T15:54:29ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li></ul>