Bug 150552 - ipsec limited to ascii only keys
ipsec limited to ascii only keys
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: initscripts (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
:
: 150579 153723 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-08 03:58 EST by Steven Whitehouse
Modified: 2014-03-16 22:52 EDT (History)
3 users (show)

See Also:
Fixed In Version: 8.06-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-28 17:19:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
a patch for this (3.93 KB, patch)
2005-03-28 17:18 EST, Bill Nottingham
no flags Details | Diff

  None (edit)
Description Steven Whitehouse 2005-03-08 03:58:09 EST
Description of problem:

If you create a ifcfg-ipsec0 file, you can only specify keys
using ascii, not hex, due to quoting which is done in the ifup-ipsec
script. The ipsec HOWTO shows how to create random hex keys, but not
how to create random ascii keys. The online Red Hat docs (for
RHEL4, at:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-ipsec-generalconf.html
and the next two pages) don't mention how to create secure ascii keys
and refers to the ipsec HOWTO as well.

Version-Release number of selected component (if applicable):

FC3 and RHEL4

How reproducible:

Every time

Steps to Reproduce:
1. Put a hex key in the config file (with or without 0x prefix)
2.
3.
  
Actual results:

Failure due to key length mismatch

Expected results:

Should realise that its a hex key from its length and then
format it correctly for setkey to parse.

Additional info:
Comment 1 Bill Nottingham 2005-03-28 17:18:23 EST
Created attachment 112401 [details]
a patch for this

This assumes any key prefixed with '0x' is hex, otherwise, it's ASCII.

Should be backwards-compatible.
Comment 2 Bill Nottingham 2005-03-28 17:19:05 EST
Will be in initscripts-8.06-1.
Comment 3 Bill Nottingham 2005-03-31 16:01:09 EST
*** Bug 150579 has been marked as a duplicate of this bug. ***
Comment 4 Bill Nottingham 2005-04-05 14:06:14 EDT
*** Bug 153723 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.