Bug 1020932 - System registration to a FIPS enabled Satellite failes with ISE
System registration to a FIPS enabled Satellite failes with ISE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Milan Zázrivec
Jan Hutař
Depends On:
Blocks: 843620
  Show dependency treegraph
Reported: 2013-10-18 10:27 EDT by Milan Zázrivec
Modified: 2015-01-26 06:57 EST (History)
4 users (show)

See Also:
Fixed In Version: spacewalk-backend-2.2.11-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-01-26 06:57:38 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Milan Zázrivec 2013-10-18 10:27:10 EDT
Description of problem:
Registration of a RHEL client to a FIPS enabled Satellite fails
with the following server-side exception:

Exception Handler Information
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/spacewalk/server/apacheRequest.py", line 123, in call_function
    response = apply(func, params)
  File "/usr/share/rhn/server/handlers/xmlrpc/registration.py", line 504, in new_system
    architecture, data)
  File "/usr/share/rhn/server/handlers/xmlrpc/registration.py", line 431, in create_system
    newserv.save(1, channel)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnServer/server_class.py", line 573, in save
  File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnServer/server_class.py", line 498, in __save
  File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnServer/server_class.py", line 455, in gen_secret
    self.server["secret"] = gen_secret()
  File "/usr/lib/python2.6/site-packages/spacewalk/server/rhnServer/server_certificate.py", line 35, in gen_secret
    sum = hashlib.new('md5', seed)
  File "/usr/lib64/python2.6/hashlib.py", line 83, in __hash_new
    return _hashlib.new(name, string, usedforsecurity)
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

Version-Release number of selected component (if applicable):
Satellite 5.6

How reproducible:

Steps to Reproduce:
1. Install Satellite 5.6 on a FIPS enabled RHEL system
2. Register a client system to your Satellite

Actual results:
Above exception

Expected results:
No errors, registration succeeds.

Additional info:
Comment 2 Milan Zázrivec 2014-03-27 10:18:30 EDT
spacewalk.git master: 43b1647827497d04f337707f5ec85e0ab238977f

Note You need to log in before you can comment on or make changes to this bug.