Bug 150552 - ipsec limited to ascii only keys
Summary: ipsec limited to ascii only keys
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: initscripts
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Brock Organ
URL:
Whiteboard:
: 150579 153723 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-03-08 08:58 UTC by Steven Whitehouse
Modified: 2014-03-17 02:52 UTC (History)
3 users (show)

Fixed In Version: 8.06-1
Clone Of:
Environment:
Last Closed: 2005-03-28 22:19:05 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
a patch for this (3.93 KB, patch)
2005-03-28 22:18 UTC, Bill Nottingham
no flags Details | Diff

Description Steven Whitehouse 2005-03-08 08:58:09 UTC
Description of problem:

If you create a ifcfg-ipsec0 file, you can only specify keys
using ascii, not hex, due to quoting which is done in the ifup-ipsec
script. The ipsec HOWTO shows how to create random hex keys, but not
how to create random ascii keys. The online Red Hat docs (for
RHEL4, at:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-ipsec-generalconf.html
and the next two pages) don't mention how to create secure ascii keys
and refers to the ipsec HOWTO as well.

Version-Release number of selected component (if applicable):

FC3 and RHEL4

How reproducible:

Every time

Steps to Reproduce:
1. Put a hex key in the config file (with or without 0x prefix)
2.
3.
  
Actual results:

Failure due to key length mismatch

Expected results:

Should realise that its a hex key from its length and then
format it correctly for setkey to parse.

Additional info:

Comment 1 Bill Nottingham 2005-03-28 22:18:23 UTC
Created attachment 112401 [details]
a patch for this

This assumes any key prefixed with '0x' is hex, otherwise, it's ASCII.

Should be backwards-compatible.

Comment 2 Bill Nottingham 2005-03-28 22:19:05 UTC
Will be in initscripts-8.06-1.

Comment 3 Bill Nottingham 2005-03-31 21:01:09 UTC
*** Bug 150579 has been marked as a duplicate of this bug. ***

Comment 4 Bill Nottingham 2005-04-05 18:06:14 UTC
*** Bug 153723 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.