NetBSD Problem Report #56658
From www@netbsd.org Sun Jan 23 13:20:14 2022
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id B59E11A9239
for <gnats-bugs@gnats.NetBSD.org>; Sun, 23 Jan 2022 13:20:14 +0000 (UTC)
Message-Id: <20220123132013.62E3C1A923A@mollari.NetBSD.org>
Date: Sun, 23 Jan 2022 13:20:13 +0000 (UTC)
From: nbsd@hck.sk
Reply-To: nbsd@hck.sk
To: gnats-bugs@NetBSD.org
Subject: Plain RSA keys are not loaded by racoon IKE daemon
X-Send-Pr-Version: www-1.0
>Number: 56658
>Category: bin
>Synopsis: Plain RSA keys are not loaded by racoon IKE daemon
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jan 23 13:25:00 +0000 2022
>Closed-Date: Sun Jan 23 15:01:02 +0000 2022
>Last-Modified: Sun Jan 23 15:01:02 +0000 2022
>Originator: Juraj Hercek
>Release: NetBSD 9.2, stable branch
>Organization:
HCK, s.r.o.
>Environment:
NetBSD gaia 9.2_STABLE NetBSD 9.2_STABLE (GENERIC) #0: Fri Jan 7 09:58:54 CET 2022 joe@doe:/home/joe/netbsd/build/netbsd-9/obj/sys/arch/amd64/compile/GENERIC amd64
>Description:
After updating to NetBSD 9.2 from 6.5, racoon IKE daemon refuses to load plain RSA key files and shuts down. Log files contains:
Jan 16 16:10:05 elf racoon: INFO: @(#)ipsec-tools cvs (http://ipsec-tools.sourceforge.net)
Jan 16 16:10:05 elf racoon: INFO: @(#)This product linked OpenSSL 1.1.1k 25 Mar 2021 (http://www.openssl.org/)
Jan 16 16:10:05 elf racoon: INFO: Reading configuration from "/etc/racoon/racoon.conf"
Jan 16 16:10:05 elf racoon: ERROR: /etc/racoon/priv.rsa:2-13: Incomplete key. Mandatory parameters are missing!
Jan 16 16:10:05 elf racoon: ERROR: /etc/racoon/racoon.conf:22: ""priv.rsa" Couldn't parse keyfile /etc/racoon/priv.rsa
Jan 16 16:10:05 elf racoon: ERROR: fatal parse failure (1 errors)
>How-To-Repeat:
On NetBSD 9.2, configure racoon.conf(5) with plain RSA key type, i.e.:
...
certificate_type plain_rsa "priv.rsa";
...
And start the racoon daemon.
>Fix:
Patch that fixes the problem is available at:
http://www.hck.sk/noindex/plain-rsa-gen-fixes-redacted/0003-Fix-parsing-of-RSA-keys-of-plainrsa-type.patch
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56658 CVS commit: src/crypto/dist/ipsec-tools/src/racoon
Date: Sun, 23 Jan 2022 09:55:28 -0500
Module Name: src
Committed By: christos
Date: Sun Jan 23 14:55:28 UTC 2022
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: prsa_par.y
Log Message:
PR/56658: Juraj Hercek: Plain RSA keys are not loaded by racoon IKE daemon
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: wiz@NetBSD.org
State-Changed-When: Sun, 23 Jan 2022 15:01:02 +0000
State-Changed-Why:
Committed by christos, thanks!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home