Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-70842

ipsec showhostkey: RSA public key exponent too long for resource record

XMLWordPrintable

    • libreswan-4.15-8.el9
    • No
    • Important
    • ZStream
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 23
    • 1
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto25Q1
    • Approved Blocker
    • Hide

      AC1) Running ipsec showhostkey under valgrind on any supported architecture doesn't produce any memory access error, except for the intentional memory leak in that command

      Show
      AC1) Running ipsec showhostkey under valgrind on any supported architecture doesn't produce any memory access error, except for the intentional memory leak in that command
    • Pass
    • Enabled
    • Automated
    • Unspecified Release Note Type - Unknown
    • aarch64
    • None

      What were you trying to do that didn't work?

      "ipsec showhostkey" always return "RSA public key exponent too long for resource record"

      [root@ampere-mtsnow-02 ipsec]# ipsec newhostkey
Generated RSA key pair with CKAID ddf83181ee1625ca174be017d7900d1d303d2a2e was stored in the NSS database
The public key can be displayed using: ipsec showhostkey --left --ckaid ddf83181ee1625ca174be017d7900d1d303d2a2e
[root@ampere-mtsnow-02 ipsec]# ipsec showhostkey --left --ckaid ddf83181ee1625ca174be017d7900d1d303d2a2e
ipsec showhostkey: RSA public key exponent too long for resource record

[root@ampere-mtsnow-02 ipsec]# ipsec newhostkey --bits 2192
Generated RSA key pair with CKAID 876492dea537f2c97b23a4fbcf837af8f40ad191 was stored in the NSS database
The public key can be displayed using: ipsec showhostkey --left --ckaid 876492dea537f2c97b23a4fbcf837af8f40ad191
[root@ampere-mtsnow-02 ipsec]# ipsec showhostkey --left --ckaid 876492dea537f2c97b23a4fbcf837af8f40ad191
ipsec showhostkey: RSA public key exponent too long for resource record

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      [root@ampere-mtsnow-02 ipsec]# uname -r
      5.14.0-539.el9.aarch64
      [root@ampere-mtsnow-02 ipsec]# rpm -q libreswan
      libreswan-4.15-5.el9.aarch64

      How reproducible is this bug?:

      always

      Steps to reproduce

      # yum install -y libreswan
# ipsec initnss --nssdir /var/lib/ipsec/nss
# ipsec initnss --nssdir /etc/ipsec.d

[root@ampere-mtsnow-02 ipsec]# ipsec newhostkey
Generated RSA key pair with CKAID ddf83181ee1625ca174be017d7900d1d303d2a2e was stored in the NSS database
The public key can be displayed using: ipsec showhostkey --left --ckaid ddf83181ee1625ca174be017d7900d1d303d2a2e
[root@ampere-mtsnow-02 ipsec]# ipsec showhostkey --left --ckaid ddf83181ee1625ca174be017d7900d1d303d2a2e
ipsec showhostkey: RSA public key exponent too long for resource record

[root@ampere-mtsnow-02 ipsec]# ipsec newhostkey --bits 2192
Generated RSA key pair with CKAID 876492dea537f2c97b23a4fbcf837af8f40ad191 was stored in the NSS database
The public key can be displayed using: ipsec showhostkey --left --ckaid 876492dea537f2c97b23a4fbcf837af8f40ad191
[root@ampere-mtsnow-02 ipsec]# ipsec showhostkey --left --ckaid 876492dea537f2c97b23a4fbcf837af8f40ad191
ipsec showhostkey: RSA public key exponent too long for resource record

      Expected results

      "ipsec showhostkey" returns hostkey correctly

      Actual results

              dueno@redhat.com Daiki Ueno
              rhn-support-liali Liang Li
              Daiki Ueno Daiki Ueno
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: