Bug 1544143
Summary: | ipsec newhostkey fails in FIPS mode when RSA key is generated | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Ondrej Moriš <omoris> | |
Component: | libreswan | Assignee: | Paul Wouters <pwouters> | |
Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> | |
Severity: | low | Docs Contact: | ||
Priority: | high | |||
Version: | 7.5 | CC: | jreznik, mgrepl, mthacker, omoris, ravpatil, tmraz | |
Target Milestone: | rc | Keywords: | Regression, ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1573949 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 10:51:34 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1472750, 1573949 |
Description
Ondrej Moriš
2018-02-10 16:39:05 UTC
upstream patch: https://github.com/libreswan/libreswan/commit/a62f6d144e8764f0c18c446a0a173a1a5336ef3c *** Bug 1573898 has been marked as a duplicate of this bug. *** Successfully verified on all supported platforms (RHEL) and architectures (x86_64, ppc64, ppc64le, s390x) in FIPS mode. # rpm -q libreswan libreswan-3.25-2.el7.x86_64 # cat /proc/sys/crypto/fips_enabled 1 # ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.secrets --password "1a2Ikyn0h87OMKS5kNME"' ipsec newhostkey warning: --configdir is obsoleted, use --nssdir Generated RSA key pair with CKAID ec7f19d08a7d07f8150712c72f8f253e8c3600e9 was stored in the NSS database Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:3174 |