Bug 479817 - Do not call pairwise tests in non-FIPS mode
Do not call pairwise tests in non-FIPS mode
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssl (Show other bugs)
All Linux
low Severity medium
: rc
: ---
Assigned To: Tomas Mraz
Depends On:
Blocks: FIPS-140-Tracker
  Show dependency treegraph
Reported: 2009-01-13 06:19 EST by Tomas Mraz
Modified: 2009-09-02 07:00 EDT (History)
3 users (show)

See Also:
Fixed In Version: openssl-0.9.8e-8.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-02 07:00:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Mraz 2009-01-13 06:19:00 EST
The openssl package in RHEL-5.3 does not allow generating RSA keys smaller than about 384 bits. Such small keys are not practical so the bug severity is low but nevertheless in the non-FIPS mode the pairwise tests on newly generated RSA keys should not be called as they are not necessary and they always fail with very small key lengths.

So strictly speaking this is a regression but not a serious one.
Comment 5 errata-xmlrpc 2009-09-02 07:00:51 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.