Bug ID 559110: Luna FIPS request errors are logged as the same generic error.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
13.0.0

Opened: Nov 19, 2015

Severity: 4-Minor

Symptoms

Whenever the Luna FIPS card firmware returns any error resulting from an asynchronous request, it sets the status to ERR_HSM_ERROR (0x40000116) and the FIPS driver logs the error. This behavior hides the true fault as there is no indication of the actual error.

Impact

The actual error reported by the Luna FIPS device firmware is never logged, preventing analysis of FIPS issues on Luna equipped platforms.

Conditions

This occurs whenever an error is returned as the result of an asynchronous FIPS request to the Luna FIPS device.

Workaround

None.

Fix Information

Fixed FIPS module for Luna device to report HSM error when request completion status is ERR_HSM_ERROR and log non-fatal FIPS errors at warning level.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips