| Summary: | missing /proc/sys/crypto/fips_enabled in 3.0.9 causes openssh errors | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | evcz | |
| Component: | realtime-kernel | Assignee: | John Kacur <jkacur> | |
| Status: | CLOSED ERRATA | QA Contact: | David Sommerseth <davids> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 2.1 | CC: | bhu, jkacur, jkastner, lgoncalv, ovasik, williams | |
| Target Milestone: | 2.1.4 | |||
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 814689 (view as bug list) | Environment: | ||
| Last Closed: | 2012-02-23 20:24:39 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 814689 | |||
|
Description
evcz
2012-01-31 15:28:35 UTC
just tried on openssh-5.3p1-70.el6_2.2.x86_64 and can confirm the same behaviour to get CRYPTO_FIPS, we need to disable CRYPTO_MANAGER_DISABLE_TESTS John, I just did that as well as turned on a few CRYPTO_* configs that we were missing. Configs now in dist-git fix this issue (turned on CONFIG_CRYPTO_FIPS). Tested with scratch kernel built by lgoncalv
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: the config option CONFIG_CRYPTO_FIPS is disabled.
Consequence: some services such as sshd and ipsec complain about the lacking config during start up, but work fine.
Fix: the config option has been enabled.
Result: no more complaints when starting the services.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Diffed Contents:
@@ -1,4 +1 @@
-Cause: the config option CONFIG_CRYPTO_FIPS is disabled.
+When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario.-Consequence: some services such as sshd and ipsec complain about the lacking config during start up, but work fine.
-Fix: the config option has been enabled.
-Result: no more complaints when starting the services.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0333.html |