Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-85038

gnutls-cli -l lists GOST algorithms in FIPS mode

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-8.10.z, rhel-9.4.z, rhel-10.0, rhel-10.1
    • gnutls
    • None
    • No
    • Low
    • rhel-security-crypto-spades
    • ssg_security
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      list available ciphers

      What is the impact of this issue to you?

      none, but it's odd

      Please provide the package NVR for which the bug is seen:

      gnutls-3.8.9-9.el10.x86_64

      How reproducible is this bug?:

      reliably

      Steps to reproduce

      1. env GNUTLS_FORCE_FIPS_MODE=1 gnutls-cli -l | grep -E '(GOST|MAGMA|KUZN.*CHIK|STREEBOG)'

      Expected results

      nothing (same as without GNUTLS_FORCE_FIPS_MODE)

      Actual results

      MACs: SHA1, MD5+SHA1, SHA256, SHA384, SHA512, SHA224, UMAC-96, UMAC-128, AEAD, MD5, MD2, RIPEMD160, GOSTR341194, STREEBOG-256, STREEBOG-512, AES-CMAC-128, AES-CMAC-256, AES-GMAC-128, AES-GMAC-192, AES-GMAC-256, GOST28147-TC26Z-IMIT, OMAC-MAGMA, OMAC-KUZNYECHIK, PBMAC1, MAC-NULL
      Digests: SHA1, SHA256, SHA384, SHA512, SHA224, MD5, MD2, RIPEMD160, GOSTR341194, STREEBOG-256, STREEBOG-512

              dueno@redhat.com Daiki Ueno
              asosedki@redhat.com Alexander Sosedkin
              Daiki Ueno Daiki Ueno
              Alexander Sosedkin Alexander Sosedkin
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: