Bug 1912689

Summary: ticket uses SHA-1
Product: [oVirt] ovirt-engine Reporter: Yedidyah Bar David <didi>
Component: Python LibraryAssignee: Yedidyah Bar David <didi>
Status: CLOSED CURRENTRELEASE QA Contact: Qin Yuan <qiyuan>
Severity: medium Docs Contact:
Priority: high    
Version: 4.4.4CC: bugs, qiyuan
Target Milestone: ovirt-4.4.6Keywords: CodeChange
Target Release: 4.4.6.5Flags: pm-rhel: ovirt-4.4+
sbonazzo: devel_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.4.6.5 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-05 05:36:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1912687, 1912691    

Description Yedidyah Bar David 2021-01-05 08:17:08 UTC 
Description of problem:

The ticket.py module uses SHA-1 for signatures/verification.

This should be replaced with SHA-256.

It should be done in coordination with updating the equivalent java code, and users of both of them.
Comment 1 Qin Yuan 2021-04-27 13:10:57 UTC 
Can this bug be verified according to https://bugzilla.redhat.com/show_bug.cgi?id=1912691#c2?
Comment 2 Yedidyah Bar David 2021-04-27 13:52:24 UTC 
(In reply to Qin Yuan from comment #1)
> Can this bug be verified according to
> https://bugzilla.redhat.com/show_bug.cgi?id=1912691#c2?

I think so, yes.

I didn't check the changes for the other bug, which is for Java code.

For current bug, about the python code, we kept the option of using SHA-1 - we generate both SHA-1 and SHA-256, and for signature verification use SHA-256 if it's included, otherwise SHA-1.

We do want to remove SHA-1 eventually, but decided it's safer to not this these in a single step, but separate - add SHA-256 support in one version (current) and remove SHA-1 in a later version (the next one, likely). I now opened bug 1954041 to track this.
Comment 3 Qin Yuan 2021-04-28 07:08:00 UTC 
Didi, thank you for your explanation.

Move this bug to VERIFIED according to comment #2 and https://bugzilla.redhat.com/show_bug.cgi?id=1912691#c2
Comment 4 Sandro Bonazzola 2021-05-05 05:36:22 UTC 
This bugzilla is included in oVirt 4.4.6 release, published on May 4th 2021.

Since the problem described in this bug report should be resolved in oVirt 4.4.6 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.