Bug 150552 – ipsec limited to ascii only keys

Bug 150552 - ipsec limited to ascii only keys

Summary:	ipsec limited to ascii only keys

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	initscripts (Show other bugs)
Sub Component:
Version:	3
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Bill Nottingham
QA Contact:	Brock Organ
Docs Contact:

URL:
Whiteboard:
Keywords:

Duplicates:	150579 153723 (view as bug list)
Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2005-03-08 03:58 EST by Steven Whitehouse
Modified:	2014-03-16 22:52 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	8.06-1
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-03-28 17:19:05 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:

Attachments	(Terms of Use)
a patch for this (3.93 KB, patch) 2005-03-28 17:18 EST, Bill Nottingham	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Steven Whitehouse 2005-03-08 03:58:09 EST

Description of problem:

If you create a ifcfg-ipsec0 file, you can only specify keys
using ascii, not hex, due to quoting which is done in the ifup-ipsec
script. The ipsec HOWTO shows how to create random hex keys, but not
how to create random ascii keys. The online Red Hat docs (for
RHEL4, at:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-ipsec-generalconf.html
and the next two pages) don't mention how to create secure ascii keys
and refers to the ipsec HOWTO as well.

Version-Release number of selected component (if applicable):

FC3 and RHEL4

How reproducible:

Every time

Steps to Reproduce:
1. Put a hex key in the config file (with or without 0x prefix)
2.
3.
  
Actual results:

Failure due to key length mismatch

Expected results:

Should realise that its a hex key from its length and then
format it correctly for setkey to parse.

Additional info:

Comment 1 Bill Nottingham 2005-03-28 17:18:23 EST

Created attachment 112401 [details]
a patch for this

This assumes any key prefixed with '0x' is hex, otherwise, it's ASCII.

Should be backwards-compatible.

Comment 2 Bill Nottingham 2005-03-28 17:19:05 EST

Will be in initscripts-8.06-1.

Comment 3 Bill Nottingham 2005-03-31 16:01:09 EST

*** Bug 150579 has been marked as a duplicate of this bug. ***

Comment 4 Bill Nottingham 2005-04-05 14:06:14 EDT

*** Bug 153723 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.