Bug 1098473

Summary:	ipsec newhostkey returns 0 even if it fails and allows new RSA keys < 2048
Product:	Red Hat Enterprise Linux 6	Reporter:	Aleš Mareček <amarecek>
Component:	openswan	Assignee:	Paul Wouters <pwouters>
Status:	CLOSED ERRATA	QA Contact:	Aleš Mareček <amarecek>
Severity:	low	Docs Contact:
Priority:	unspecified
Version:	6.5	CC:	pwouters
Target Milestone:	rc
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2014-10-14 08:19:32 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Aleš Mareček 2014-05-16 10:07:32 UTC

Description of problem:
ipsec newhostkey returns 0 value even if it fails in generating keys of less bits than default (2192) and number indivisible by 16.

Version-Release number of selected component (if applicable):
openswan-2.6.32-27.el6, openswan-2.6.32-27.4.el6_5

How reproducible:
Always

Steps to Reproduce:
1. ipsec newhostkey --bits 1234 --output /etc/ipsec.secrets --random /dev/urandom ; echo $?


Actual results:
ipsec rsasigkey: bit count (1234) not multiple of 16
0

Expected results:
ipsec rsasigkey: bit count (1234) not multiple of 16
1

Additional info:

Comment 2 Paul Wouters 2014-05-16 13:21:57 UTC

this is fixed in libreswan already. I guess we can fix it in openswan too.

Comment 4 Paul Wouters 2014-07-22 17:48:29 UTC

Let's pull it in, as we're still a few days away from having a new build for rhel 6.6

Comment 7 errata-xmlrpc 2014-10-14 08:19:32 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1588.html