Bug 1619649

Summary: [RFE] Use SHA256 to validate checksum in SSHClient
Product: [oVirt] ovirt-engine Reporter: Yuval Turgeman <yturgema>
Component: ovirt-host-deploy-ansibleAssignee: Martin Perina <mperina>
Status: CLOSED DUPLICATE QA Contact: Lucie Leistnerova <lleistne>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.3.0CC: bugs, didi, lleistne, lsurette, srevivo
Target Milestone: ovirt-4.4.5Keywords: FutureFeature
Target Release: ---Flags: sbonazzo: ovirt-4.4?
rule-engine: planning_ack?
sbonazzo: devel_ack?
rule-engine: testing_ack?
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-14 09:49:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yuval Turgeman 2018-08-21 11:53:04 UTC 
Description of problem:
Using md5sum on FIPS enabled system is not allowed, we should switch the send and receive commands to use sha256sum
Comment 1 Sandro Bonazzola 2019-01-21 08:28:28 UTC 
re-targeting to 4.3.1 since this BZ has not been proposed as blocker for 4.3.0.
If you think this bug should block 4.3.0 please re-target and set blocker flag.
Comment 2 Sandro Bonazzola 2019-02-18 07:54:49 UTC 
Moving to 4.3.2 not being identified as blocker for 4.3.1.
Comment 3 Sandro Bonazzola 2019-11-20 12:52:24 UTC 
Missed 4.4 feature freeze, re-targeting to 4.5
Comment 4 Yedidyah Bar David 2021-01-04 10:39:04 UTC 
Yuval, can you clarify what you meant that needs fixing here? Thanks.

I am not aware of anything that uses md5sum in either old ovirt-host-deploy or the ansible re-implementation.
Comment 5 Sandro Bonazzola 2021-04-14 07:17:20 UTC 
Yuval is not around anymore, Didi if you can't see any other use of md5sum let's close.
Comment 6 Yedidyah Bar David 2021-04-14 09:49:58 UTC 
I think perhaps he meant using of sha1 fingerprints for verification of hosts' public keys.

Should be handled in bug 1934129 (just keep full public key instead of just fingerprint) - done as part of bug 1837221. Closing as duplicate of latter.

*** This bug has been marked as a duplicate of bug 1837221 ***