Bug 479817 - Do not call pairwise tests in non-FIPS mode
Summary: Do not call pairwise tests in non-FIPS mode
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssl
Version: 5.3
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: BaseOS QE
Depends On:
Blocks: FIPS-140-Tracker
TreeView+ depends on / blocked
Reported: 2009-01-13 11:19 UTC by Tomas Mraz
Modified: 2009-09-02 11:00 UTC (History)
3 users (show)

Fixed In Version: openssl-0.9.8e-8.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-09-02 11:00:51 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1335 0 normal SHIPPED_LIVE Moderate: openssl security, bug fix, and enhancement update 2009-09-01 10:41:25 UTC

Description Tomas Mraz 2009-01-13 11:19:00 UTC
The openssl package in RHEL-5.3 does not allow generating RSA keys smaller than about 384 bits. Such small keys are not practical so the bug severity is low but nevertheless in the non-FIPS mode the pairwise tests on newly generated RSA keys should not be called as they are not necessary and they always fail with very small key lengths.

So strictly speaking this is a regression but not a serious one.

Comment 5 errata-xmlrpc 2009-09-02 11:00:51 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.