Hide Forgot
Description of problem: FIPS support has been dropped from the kernel configuration. It had been present since Fedora 13. Version-Release number of selected component (if applicable): Fedora 15 How reproducible: Always Steps to Reproduce: 1. As root execute: ipsec setup start Actual results: ipsec_setup: Stopping Openswan IPsec... ipsec_setup: Starting Openswan IPsec U2.6.33/K2.6.38.8-32.fc15.i686... ipsec_setup: no default routes detected ipsec_setup: /usr/libexec/ipsec/addconn Not able to open /proc/sys/crypto/fips_enabled, returning non-fips mode Expected results: Pluto should have been able to find /proc/sys/crypto/fips_enabled, and seen a 1 if the kernel was configured with FIPS support, or 0 if configured without it, as was the case with Fedora 14. Passing fips=1 (or fips=0) is a documented parameter to the kernel that a user in single user mode could pass it early in the boot process. Additional info: This is troubling to because several of our security packages, such as openssl, openswan, and nss-sofokn, depend on code such as f = fopen("/proc/sys/crypto/fips_enabled", "r"); to determine whether the kernel has been compiled with FIPS enabled or not and act accordingly.
ugh, this has been accidentally disabled because we don't enable an option that it's dependant on. (CRYPTO_MANAGER_DISABLE_TESTS)
kernel-2.6.38.8-35.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/kernel-2.6.38.8-35.fc15
Package kernel-2.6.38.8-35.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing kernel-2.6.38.8-35.fc15' as soon as you are able to, then reboot. Please go to the following url: https://admin.fedoraproject.org/updates/kernel-2.6.38.8-35.fc15 then log in and leave karma (feedback).
kernel-2.6.38.8-35.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.