Bug 1064844
| Summary: | python-pymongo uses FIPS unsafe md5 function | |||
|---|---|---|---|---|
| Product: | Red Hat Software Collections | Reporter: | Robert Kuska <rkuska> | |
| Component: | python-pymongo | Assignee: | Bohuslav "Slavek" Kabrda <bkabrda> | |
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | python27 | CC: | jberan | |
| Target Milestone: | beta | |||
| Target Release: | 2.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1064849 (view as bug list) | Environment: | ||
| Last Closed: | 2014-12-05 09:40:44 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1064849 | |||
This bug is here only for purpose of documenting missing FIPS functionality, but as mentioned in the original report, this won't be fixed. |
PyMongo uses md5 hash for authentification and md5 is not safe to use while FIPS mode is on. Using PyMongo authentification will result in failures with FIPS mode. From pymongo/auth.py: try: import hashlib _MD5 = hashlib.md5 except ImportError: # for Python < 2.5 import md5 _MD5 = md5.new .... def __password_digest(username, password): .... md5hash = _MD5() data = "%s:mongo:%s" % (username, password) md5hash.update(data.encode('utf-8')) return unicode(md5hash.hexdigest()) I do not recommend to fix this issue, changing hash function to e.g sha256 may result into backward incompatible change.