Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 786145 - missing /proc/sys/crypto/fips_enabled in 3.0.9 causes openssh errors
missing /proc/sys/crypto/fips_enabled in 3.0.9 causes openssh errors
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel (Show other bugs)
2.1
x86_64 Linux
unspecified Severity medium
: 2.1.4
: ---
Assigned To: John Kacur
David Sommerseth
:
Depends On:
Blocks: 814689
  Show dependency treegraph
 
Reported: 2012-01-31 10:28 EST by evcz
Modified: 2016-05-22 19:34 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario.
Story Points: ---
Clone Of:
: 814689 (view as bug list)
Environment:
Last Closed: 2012-02-23 15:24:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0333 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2012-02-23 20:21:35 EST

  None (edit)
Description evcz 2012-01-31 10:28:35 EST 
Description of problem:
While using 3.0.9-rt26.46.el6rt.x86_64 issuing a:

service sshd restart

reports some errors due to missing "fps_enabled"

Version-Release number of selected component (if applicable):
openssh-5.3p1-70.el6.x86_64
kernel-rt-3.0.9-rt26.46.el6rt.x86_64

How reproducible:
issuing service sshd restart

Steps to Reproduce:
1. install 3.0.9-rt26.46.el6rt.x86_64
2. do a: "service sshd restart"
  
Actual results:
[root@silver ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
cat: /proc/sys/crypto/fips_enabled: No such file or directory
/etc/init.d/sshd: line 50: [: too many arguments
Starting sshd:                                             [  OK  ]


Expected results:
[root@silver ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]


Additional info:
on kernel-rt-2.6.33.9-rt31.75.el6rt it is working ok
Comment 1 evcz 2012-01-31 10:32:30 EST 
just tried on

openssh-5.3p1-70.el6_2.2.x86_64

and can confirm the same behaviour
Comment 2 John Kacur 2012-01-31 12:31:52 EST 
to get CRYPTO_FIPS, we need to disable CRYPTO_MANAGER_DISABLE_TESTS
Comment 3 Clark Williams 2012-01-31 15:25:19 EST 
John,

I just did that as well as turned on a few CRYPTO_* configs that we were missing.
Comment 4 Clark Williams 2012-01-31 21:31:35 EST 
Configs now in dist-git fix this issue (turned on CONFIG_CRYPTO_FIPS). Tested with scratch kernel built by lgoncalv@redhat.com
Comment 9 Luis Claudio R. Goncalves 2012-02-13 10:36:28 EST 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: the config option CONFIG_CRYPTO_FIPS is disabled. 
Consequence: some services such as sshd and ipsec complain about the lacking config during start up, but work fine.
Fix: the config option has been enabled.
Result: no more complaints when starting the services.
Comment 11 Tomas Capek 2012-02-22 11:10:15 EST 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,4 +1 @@
-Cause: the config option CONFIG_CRYPTO_FIPS is disabled. 
+When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario.-Consequence: some services such as sshd and ipsec complain about the lacking config during start up, but work fine.
-Fix: the config option has been enabled.
-Result: no more complaints when starting the services.
Comment 12 errata-xmlrpc 2012-02-23 15:24:39 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0333.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.