Bug 737101
Summary: | start delay and warnings in cups while booting in FIPS mode | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Leon Fauster <leonfauster> |
Component: | gnutls | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED NEXTRELEASE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.7 | CC: | prc |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-03-05 14:46:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Leon Fauster
2011-09-09 16:00:20 UTC
This is due to gnutls calling gcry_set_allocation_handler(). Yes, gnutls could be changed by backporting from the more recent upstream that does not set the allocation handler in libgcrypt. However I am not sure the delay is directly related to the inactivation of the FIPS mode of libgcrypt. It might be that the delay would still be there even if the FIPS mode of libgcrypt would not be inactivated. There are integrity tests and algorithm selftests during the startup of the FIPS mode that might cause the delay. The gcry_set_allocation_handler is not called anymore in the Red Hat Enterprise Linux 6 packages. Thanks - what about RHEL 5? We currently do not plan to fix this issue in Red Hat Enterprise Linux 5. |