Bug 1573949 - ipsec newhostkey fails in FIPS mode when RSA key is generated [rhel-7.5.z]
Summary: ipsec newhostkey fails in FIPS mode when RSA key is generated [rhel-7.5.z]
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libreswan
Version: 7.5
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Paul Wouters
QA Contact: Ondrej Moriš
Mirek Jahoda
Depends On: 1544143
TreeView+ depends on / blocked
Reported: 2018-05-02 14:54 UTC by Oneata Mircea Teodor
Modified: 2018-06-26 16:48 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Prior to this update, the `ipsec newhostkey` command incorrectly tried self-test itself expecting a FIPS mode signature to be present. This is no longer required for the `newhostkey` and `rsasigkey` commands, and it caused generating a false positive FIPS error that prevented the commands from executing properly in FIPS mode. With this update, newhostkey and rsasigkey correctly do not look for a FIPS signature when executing in FIPS mode, and Libreswan is now able to generate new RSA keys in FIPS mode.
Clone Of: 1544143
Last Closed: 2018-06-26 16:48:52 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1982 0 None None None 2018-06-26 16:48:58 UTC

Description Oneata Mircea Teodor 2018-05-02 14:54:33 UTC
This bug has been copied from bug #1544143 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 6 errata-xmlrpc 2018-06-26 16:48:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.