-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
rhel-9.7.z
-
None
-
Moderate
-
FutureFeature
-
Customer Facing, Customer Reported
-
rhel-kernel-security
-
0
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
-
x86_64
-
None
What were you trying to do that didn't work?
FIPS mode is enabled.
What is the impact of this issue to you?
Here is customer statement in the Customer Case.
After 9.7 upgrade, "kernel: basic hdkf test(hmac(sha256-ni)): hkdf_extract failed with -22" is logged on boot. Describe the impact to you or the business All updates, including security updates, are on hold pending a resolution. Will not search for additional complications that may be caused by failure of this basic cryto function to work, since it is used for TLS 1.3 In what environment are you experiencing this behavior? Running RHEL 9.7 and using TLS 1.3. How frequently does this behavior occur? Does it occur repeatedly or at certain times? Initial error logged on every boot.
Please provide the package NVR for which the bug is seen:
kernel-5.14.0-611.8.1.el9_7
How reproducible is this bug?:
Seen during a boot
Steps to reproduce
Expected results
hkdf_extract failed with -22
Actual results
No failed on hkdf_extract
