Ubuntu
ipsec-tools package

camellia cipher does not work in racoon - enable camellia in openssl

Bug #289367 reported by Matt LaPlante
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ipsec-tools (Ubuntu)
Invalid
Wishlist
Unassigned
openssl (Debian)
Fix Released
Unknown
openssl (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Binary package hint: racoon

Version 0.7 of ipsec-tools should have added support for the camellia cipher. Indeed, if you man racoon.conf in Intrepid, you'll see that camellia has been added for encryption_algorithm under the proposal and sainfo sections. Unfortunately, trying to enable it is not working as expected.

I have the camellia kernel module built and loaded (2.6.26).

By changing my encryption_algorithm to "camellia", racoon fails parsing the config file:

Oct 25 17:58:20 firewall racoon: DEBUG: reading config file /etc/racoon/racoon.conf
Oct 25 17:58:20 firewall racoon: ERROR: /etc/racoon/racoon.conf:21: ";" algorithm mismatched 1

where line 21 is
encryption_algorithm camellia;

Tags: patch
Revision history for this message
Matt LaPlante (cybrmatt) wrote :

This issue is still present in Jaunty.

Revision history for this message
Satoru Kanno (kanno-satoru) wrote :

Hi,

I think that these error were caused by an included OpenSSL with non 'enable-camellia'.
Therefor I think that we will be able to solve by modifying to enable-camellia as Ubuntu distribution.

Thank you in advance,

--
Satoru Kanno

Revision history for this message
Chuck Short (zulcss) wrote :

Setting as a wishlish.

Thanks
chuck

Changed in ipsec-tools (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Stefan Bauer (stefan-bauer) wrote :

Please see attached the trivial openssl-Patch to enable the camellia cipher in openssl.
Patch is against the openssl Configure-file.

Cheers

Stefan
(debian ipsec-tools maintainer)

Brian Murray (brian-murray)
tags: added: patch
Mathias Gug (mathiaz)
Changed in openssl (Ubuntu):
status: New → Confirmed
importance: Undecided → Wishlist
Changed in ipsec-tools (Ubuntu):
status: Confirmed → Invalid
summary: - camellia cipher does not work in racoon
+ camellia cipher does not work in racoon - enable camellia in openssl
Bug Watch Updater (bug-watch-updater)
Changed in openssl (Debian):
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in openssl (Debian):
status: New → Fix Released
Revision history for this message
Simon IJskes (sim-nyx) wrote :

Still not arrived in ubuntu natty.

Package: openssl
Versions: 0.9.8o-5ubuntu1

$ openssl ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5

$ openssl ciphers CAMELLIA
Error in cipher list
25670:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1222:

Revision history for this message
Steve Beattie (sbeattie) wrote :

This was fixed in oneiric with the introduction of openssl 1.0.0. On precise:

$ openssl ciphers CAMELLIA
DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ADH-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ADH-CAMELLIA128-SHA:CAMELLIA128-SHA

Marking this bug report closed. Thanks!

Changed in openssl (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.