bin/56658: Plain RSA keys are not loaded by racoon IKE daemon

[nbsd%hck.sk@localhost]

>Number:         56658
>Category:       bin
>Synopsis:       Plain RSA keys are not loaded by racoon IKE daemon
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 23 13:25:00 +0000 2022
>Originator:     Juraj Hercek
>Release:        NetBSD 9.2, stable branch
>Organization:
HCK, s.r.o.
>Environment:
NetBSD gaia 9.2_STABLE NetBSD 9.2_STABLE (GENERIC) #0: Fri Jan  7 09:58:54 CET 2022  joe@doe:/home/joe/netbsd/build/netbsd-9/obj/sys/arch/amd64/compile/GENERIC amd64
>Description:
After updating to NetBSD 9.2 from 6.5, racoon IKE daemon refuses to load plain RSA key files and shuts down. Log files contains:

Jan 16 16:10:05 elf racoon: INFO: @(#)ipsec-tools cvs (http://ipsec-tools.sourceforge.net)
Jan 16 16:10:05 elf racoon: INFO: @(#)This product linked OpenSSL 1.1.1k  25 Mar 2021 (http://www.openssl.org/)
Jan 16 16:10:05 elf racoon: INFO: Reading configuration from "/etc/racoon/racoon.conf"
Jan 16 16:10:05 elf racoon: ERROR: /etc/racoon/priv.rsa:2-13: Incomplete key. Mandatory parameters are missing!
Jan 16 16:10:05 elf racoon: ERROR: /etc/racoon/racoon.conf:22: ""priv.rsa" Couldn't parse keyfile /etc/racoon/priv.rsa
Jan 16 16:10:05 elf racoon: ERROR: fatal parse failure (1 errors)
>How-To-Repeat:
On NetBSD 9.2, configure racoon.conf(5) with plain RSA key type, i.e.:

...
certificate_type plain_rsa "priv.rsa";
...

And start the racoon daemon.
>Fix:
Patch that fixes the problem is available at:

http://www.hck.sk/noindex/plain-rsa-gen-fixes-redacted/0003-Fix-parsing-of-RSA-keys-of-plainrsa-type.patch