Description of problem: While using 3.0.9-rt26.46.el6rt.x86_64 issuing a: service sshd restart reports some errors due to missing "fps_enabled" Version-Release number of selected component (if applicable): openssh-5.3p1-70.el6.x86_64 kernel-rt-3.0.9-rt26.46.el6rt.x86_64 How reproducible: issuing service sshd restart Steps to Reproduce: 1. install 3.0.9-rt26.46.el6rt.x86_64 2. do a: "service sshd restart" Actual results: [root@silver ~]# service sshd restart Stopping sshd: [ OK ] cat: /proc/sys/crypto/fips_enabled: No such file or directory /etc/init.d/sshd: line 50: [: too many arguments Starting sshd: [ OK ] Expected results: [root@silver ~]# service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ] Additional info: on kernel-rt-2.6.33.9-rt31.75.el6rt it is working ok
just tried on openssh-5.3p1-70.el6_2.2.x86_64 and can confirm the same behaviour
to get CRYPTO_FIPS, we need to disable CRYPTO_MANAGER_DISABLE_TESTS
John, I just did that as well as turned on a few CRYPTO_* configs that we were missing.
Configs now in dist-git fix this issue (turned on CONFIG_CRYPTO_FIPS). Tested with scratch kernel built by lgoncalv
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: the config option CONFIG_CRYPTO_FIPS is disabled. Consequence: some services such as sshd and ipsec complain about the lacking config during start up, but work fine. Fix: the config option has been enabled. Result: no more complaints when starting the services.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,4 +1 @@ -Cause: the config option CONFIG_CRYPTO_FIPS is disabled. +When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario.-Consequence: some services such as sshd and ipsec complain about the lacking config during start up, but work fine. -Fix: the config option has been enabled. -Result: no more complaints when starting the services.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0333.html