IBM Support

IV62751: IKEV2D CORE DUMPS WHEN USING EC CERTIFICATES APPLIES TO AIX 7100-03

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • ikev2d core dumps when attempting negotiation using EC
    Certificates.  The stack from dbx is:
    
    LoadECCerts__8CertRepoFv(??) at 0x101243cc
    IsCacheCurrent__8CertRepoFv(??) at 0x101270ec
    GetCAsubjectDNs__8CertRepoFPP18CAsubjectDN_Node_T(??, ??)
    at 0x1012a338
    GetCAsubjectDNs__FPP18CAsubjectDN_Node_T(??) at
    0x10121d94
    mode_specific_start__17inet_OAKLEY_pksigFP10isakmp_bufPP1
    0isakmp_bufRUiiN24(??, ??, ??, ??, ??, ??, ??) at
    0x10190448
    start__16inet_OAKLEY_baseFPP10isakmp_buf(??, ??) at
    0x10106c2c
    R_reply__16inet_OAKLEY_baseFPP10isakmp_bufUii(??, ??, ??,
    ??) at 0x10110620
    process_msg_with_resume__16inet_OAKLEY_baseFP10isakmp_buf
    PP10isakmp_bufT2RiiT5(??, ??, ??, ??, ??, ??, ??) at
    0x10109f04
    process_msg__16inet_OAKLEY_baseFP10isakmp_bufPP10isakmp_b
    ufT2iRi(??, ??, ??, ??, ??, ??) at 0x10107180
    process_phase1_msg__9isakmp_saFP10isakmp_bufPP10isakmp_bu
    fT2iUi(??, ??, ??, ??, ??, ??) at 0x100a3f2c
    process_msg__9isakmp_saFP10isakmp_bufR9deleteBag(??, ??,
    ??) at 0x1009c1e0
    msg_handler__13isakmp_anchorFP10isakmp_bufR7sa_addrT2(??,
     ??, ??, ??) at 0x100b6460
    deliver_events__13isakmp_anchorFR12anchor_eventR8Bit_Mask
    (??, ??, ??) at 0x100b1634
    main(??, ??) at 0x10000b5c
    
    There appears to be no way for EC certificates to be
    successfully used.
    

Local fix

Problem summary

  • ikev2d crashes with following core dump while using
    ecdsa certificate for authentication.
    LoadECCerts__8CertRepoFv(??) at 0x101243cc
    IsCacheCurrent__8CertRepoFv(??) at 0x101270ec
    GetCAsubjectDNs__8CertRepoFPP18CAsubjectDN_Node_T(??, ??)
    at 0x1012a338
    GetCAsubjectDNs__FPP18CAsubjectDN_Node_T(??) at
    0x10121d94
    mode_specific_start__17inet_OAKLEY_pksigFP10isakmp_bufPP1
    0isakmp_bufRUiiN24(??, ??, ??, ??, ??, ??, ??) at
    0x10190448
    start__16inet_OAKLEY_baseFPP10isakmp_buf(??, ??) at
    0x10106c2c
    R_reply__16inet_OAKLEY_baseFPP10isakmp_bufUii(??, ??, ??,
    ??) at 0x10110620
    process_msg_with_resume__16inet_OAKLEY_baseFP10isakmp_buf
    PP10isakmp_bufT2RiiT5(??, ??, ??, ??, ??, ??, ??) at
    0x10109f04
    process_msg__16inet_OAKLEY_baseFP10isakmp_bufPP10isakmp_b
    ufT2iRi(??, ??, ??, ??, ??, ??) at 0x10107180
    process_phase1_msg__9isakmp_saFP10isakmp_bufPP10isakmp_bu
    fT2iUi(??, ??, ??, ??, ??, ??) at 0x100a3f2c
    process_msg__9isakmp_saFP10isakmp_bufR9deleteBag(??, ??,
    ??) at 0x1009c1e0
    msg_handler__13isakmp_anchorFP10isakmp_bufR7sa_addrT2(??,
     ??, ??, ??) at 0x100b6460
    deliver_events__13isakmp_anchorFR12anchor_eventR8Bit_Mask
    (??, ??, ??) at 0x100b1634
    main(??, ??) at 0x10000b5c
    

Problem conclusion

  • Have fixed the ec-dsa certificate load function.
    

Temporary fix

Comments

  • 6100-09 - use AIX APAR IV62741
    7100-03 - use AIX APAR IV62751
    

APAR Information

  • APAR number

    IV62751

  • Reported component name

    AIX V7.1

  • Reported component ID

    5765H4000

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2014-07-21

  • Closed date

    2014-07-21

  • Last modified date

    2016-05-11

  • APAR is sysrouted FROM one or more of the following:

    IV61973

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX V7.1

  • Fixed component ID

    5765H4000

Applicable component levels

  • R710 PSY U865827

       UP15/05/19 I 1000

PTF to Fileset Mapping

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":""},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":""},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11R","label":"APARs - AIX 7.1 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":""}]

Document Information

Modified date:
11 May 2016