A fix is available
APAR status
Closed as program error.
Error description
ikev2d core dumps when attempting negotiation using EC Certificates. The stack from dbx is: LoadECCerts__8CertRepoFv(??) at 0x101243cc IsCacheCurrent__8CertRepoFv(??) at 0x101270ec GetCAsubjectDNs__8CertRepoFPP18CAsubjectDN_Node_T(??, ??) at 0x1012a338 GetCAsubjectDNs__FPP18CAsubjectDN_Node_T(??) at 0x10121d94 mode_specific_start__17inet_OAKLEY_pksigFP10isakmp_bufPP1 0isakmp_bufRUiiN24(??, ??, ??, ??, ??, ??, ??) at 0x10190448 start__16inet_OAKLEY_baseFPP10isakmp_buf(??, ??) at 0x10106c2c R_reply__16inet_OAKLEY_baseFPP10isakmp_bufUii(??, ??, ??, ??) at 0x10110620 process_msg_with_resume__16inet_OAKLEY_baseFP10isakmp_buf PP10isakmp_bufT2RiiT5(??, ??, ??, ??, ??, ??, ??) at 0x10109f04 process_msg__16inet_OAKLEY_baseFP10isakmp_bufPP10isakmp_b ufT2iRi(??, ??, ??, ??, ??, ??) at 0x10107180 process_phase1_msg__9isakmp_saFP10isakmp_bufPP10isakmp_bu fT2iUi(??, ??, ??, ??, ??, ??) at 0x100a3f2c process_msg__9isakmp_saFP10isakmp_bufR9deleteBag(??, ??, ??) at 0x1009c1e0 msg_handler__13isakmp_anchorFP10isakmp_bufR7sa_addrT2(??, ??, ??, ??) at 0x100b6460 deliver_events__13isakmp_anchorFR12anchor_eventR8Bit_Mask (??, ??, ??) at 0x100b1634 main(??, ??) at 0x10000b5c There appears to be no way for EC certificates to be successfully used.
Local fix
Problem summary
ikev2d crashes with following core dump while using ecdsa certificate for authentication. LoadECCerts__8CertRepoFv(??) at 0x101243cc IsCacheCurrent__8CertRepoFv(??) at 0x101270ec GetCAsubjectDNs__8CertRepoFPP18CAsubjectDN_Node_T(??, ??) at 0x1012a338 GetCAsubjectDNs__FPP18CAsubjectDN_Node_T(??) at 0x10121d94 mode_specific_start__17inet_OAKLEY_pksigFP10isakmp_bufPP1 0isakmp_bufRUiiN24(??, ??, ??, ??, ??, ??, ??) at 0x10190448 start__16inet_OAKLEY_baseFPP10isakmp_buf(??, ??) at 0x10106c2c R_reply__16inet_OAKLEY_baseFPP10isakmp_bufUii(??, ??, ??, ??) at 0x10110620 process_msg_with_resume__16inet_OAKLEY_baseFP10isakmp_buf PP10isakmp_bufT2RiiT5(??, ??, ??, ??, ??, ??, ??) at 0x10109f04 process_msg__16inet_OAKLEY_baseFP10isakmp_bufPP10isakmp_b ufT2iRi(??, ??, ??, ??, ??, ??) at 0x10107180 process_phase1_msg__9isakmp_saFP10isakmp_bufPP10isakmp_bu fT2iUi(??, ??, ??, ??, ??, ??) at 0x100a3f2c process_msg__9isakmp_saFP10isakmp_bufR9deleteBag(??, ??, ??) at 0x1009c1e0 msg_handler__13isakmp_anchorFP10isakmp_bufR7sa_addrT2(??, ??, ??, ??) at 0x100b6460 deliver_events__13isakmp_anchorFR12anchor_eventR8Bit_Mask (??, ??, ??) at 0x100b1634 main(??, ??) at 0x10000b5c
Problem conclusion
Have fixed the ec-dsa certificate load function.
Temporary fix
Comments
6100-09 - use AIX APAR IV62741 7100-03 - use AIX APAR IV62751
APAR Information
APAR number
IV62751
Reported component name
AIX V7.1
Reported component ID
5765H4000
Reported release
710
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2014-07-21
Closed date
2014-07-21
Last modified date
2016-05-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX V7.1
Fixed component ID
5765H4000
Applicable component levels
R710 PSY U865827
UP15/05/19 I 1000
PTF to Fileset Mapping
U865827 bos.net.ipsec.keymgt 7.1.3.45
U861155 bos.net.ipsec.keymgt 7.1.3.30
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX 6.1 Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11R","label":"AIX 7.1 HIPERS, APARs and Fixes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
11 May 2016