Bug ID 740957: 'fips_get_key_attr(): mod_err = 0xa9' message seen in /var/log/ltm

Last Modified: Apr 19, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Opened: Aug 17, 2018
Severity: 4-Minor

Symptoms

When a newly created FIPS key with long name (greater than 32 characters) gets synced over an FIPS high availability (HA) setup, the daemon.log shows that the name gets truncated: key_label '/Common/testtmsh.with.long.name.and.config.sync.ran.with.TMSH.version1' exceed max len of 32, truncating to 'nfig.sync.ran.with.TMSH.version1). And the ltm log shows the following message: fips_get_key_attr(): mod_err = 0xa9.

Impact

The newly created FIPS key's name gets truncated to 32 characters. The truncated FIPS key is config-sync'd to the peer system, however, so there is no other impact.

Conditions

The issue is intermittent. -- HA setup with FIPS. -- Perform a config sync operation after creating FIPS keys with names longer than 32 characters.

Workaround

There is no workaround, limit FIPS key names to 32 characters or fewer to prevent truncating.

Fix Information

None

Behavior Change