[Bug 2108884] Re: [SRU] On Jammy FIPS GPG prints "out of core handler ignored in FIPS mode" message on every execution
Bryan Fraschetti
2108884 at bugs.launchpad.net
Fri Apr 25 13:26:20 UTC 2025
** Description changed:
[ Impact ]
* On Jammy FIPS, gpg prints a warning "out of core handler ignored in
FIPS mode" on every single command. Listing keys, exporting keys,
running the help command, and even tabbing to autocomplete commands
produces this warning.
* It's not necessarily a functional issue, as everything works as
intended, but it creates confusion for users/sysadmins who are using gpg
commands and are not aware of the internal memory handling within gpg
and it's dependencies. The intended target audience of this warning
message is developers that are using libgcrypt. The message comes from
libgcrypt20 and cannot be silenced through configuration
- * Based on the upstream at https://dev.gnupg.org/T6515, the maintainers
- decided to resolve this directly in libgcrypt in commit
+ * Based on the upstream discussion at https://dev.gnupg.org/T6515, the
+ maintainers decided to resolve this directly in libgcrypt in commit
https://dev.gnupg.org/rC6c79dcddd151b6b01a760f7aab54e6882ea5a475, which
removed the print line.
* As there is no impact in non-FIPS environments, the patch could be
carried forward as a FIPS-only delta
[ Test Plan ]
* Create a fresh Jammy VM
* Enable FIPS-updates:
* pro attach <token>
* pro enable fips-updates
* reboot
* run any gpg command and see the message
* With the proposed patch, gpg commands won't output the message
[ Where problems could occur ]
* Removing the warning could decrease the visibility/awareness that
_gcry_set_outofcore_handler does not set a memory handler in FIPS mode
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libgcrypt20 in Ubuntu.
https://bugs.launchpad.net/bugs/2108884
Title:
[SRU] On Jammy FIPS GPG prints "out of core handler ignored in FIPS
mode" message on every execution
Status in libgcrypt20 package in Ubuntu:
New
Bug description:
[ Impact ]
* On Jammy FIPS, gpg prints a warning "out of core handler ignored in
FIPS mode" on every single command. Listing keys, exporting keys,
running the help command, and even tabbing to autocomplete commands
produces this warning.
* It's not necessarily a functional issue, as everything works as
intended, but it creates confusion for users/sysadmins who are using
gpg commands and are not aware of the internal memory handling within
gpg and it's dependencies. The intended target audience of this
warning message is developers that are using libgcrypt. The message
comes from libgcrypt20 and cannot be silenced through configuration
* Based on the upstream discussion at https://dev.gnupg.org/T6515,
the maintainers decided to resolve this directly in libgcrypt in
commit
https://dev.gnupg.org/rC6c79dcddd151b6b01a760f7aab54e6882ea5a475,
which removed the print line.
* As there is no impact in non-FIPS environments, the patch could be
carried forward as a FIPS-only delta
[ Test Plan ]
* Create a fresh Jammy VM
* Enable FIPS-updates:
* pro attach <token>
* pro enable fips-updates
* reboot
* run any gpg command and see the message
* With the proposed patch, gpg commands won't output the message
[ Where problems could occur ]
* Removing the warning could decrease the visibility/awareness that
_gcry_set_outofcore_handler does not set a memory handler in FIPS mode
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgcrypt20/+bug/2108884/+subscriptions
More information about the foundations-bugs
mailing list