Red Hat Bugzilla – Bug 966058
self-test fails when FIPS mode is enabled
Last modified: 2014-02-14 09:46:29 EST
Description of problem:
Self-test of gnupg2 (also known as 'make check') fails when the rest of the system works in FIPS 140-2 approved mode (ie. when "FIPS mode is enabled").
Version-Release number of selected component (if applicable):
100% (in FIPS mode)
Steps to Reproduce:
1. enable FIPS mode (https://access.redhat.com/site/solutions/137833)
2. build the source rpm package of gnupg2
3. execute self-test (make check in build directory)
make: Entering directory `/root/rpmbuild/BUILD/gnupg-2.0.14/tests/openpgp'
gpg (GnuPG) 2.0.14
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Pubkey: RSA, ELG, DSA
Cipher: 3DES, AES, AES192, AES256
Hash: MD5, SHA1, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
MD5 SHA1 SHA256 SHA384 SHA512 SHA224 | PASS: sigs.test
3DES AES AES192 AES256 | PASS: encrypt.test
3DES AES AES192 AES256 | PASS: encrypt-dsa.test
3DES AES AES192 AES256 | PASS: conventional.test
3DES AES AES192 AES256 | PASS: conventional-mdc.test
3 of 28 tests failed
Please report to http://bugs.gnupg.org
All tests pass.
This means that either self-test is not "FIPS-friendly" or that there are issues in gnugp2 itself.
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.
Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
It is not FIPS mode friendly. I do not think it is worth fixing it at this point given the resource constraints.