1025781 – Creating a config file revision with rhncfg-manager fails with a FIPS-enabled Satellite

Bug 1025781 - Creating a config file revision with rhncfg-manager fails with a FIPS-enabled Satellite

Summary: Creating a config file revision with rhncfg-manager fails with a FIPS-enabled...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	Configuration Management
Sub Component:
Version:	560
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Milan Zázrivec
QA Contact:	Pavel Studeník
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	843620
TreeView+	depends on / blocked

Reported:	2013-11-01 14:45 UTC by Milan Zázrivec
Modified:	2015-01-26 11:58 UTC (History)
CC List:	4 users (show)
Fixed In Version:	spacewalk-backend-2.2.14-1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-01-26 11:58:19 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Milan Zázrivec 2013-11-01 14:45:57 UTC

Description of problem:
Uploading a new / updated config file revision using rhncfg-manager
to a FIPS - enabled Satellite fails with the following client side error:

# rhncfg-manager update -c config-channel-01 /etc/config-file 
Using server name whatever.com
Pushing to channel config-channel-01:
Error pushing file:  (1, "While running 'config.management.put_file':
caught\n<type 'exceptions.ValueError'> : error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips\n")

And the following server-side error:

Exception Handler Information
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/spacewalk/server/apacheRequest.py", line 123, in call_function
    response = apply(func, params)
  File "/usr/share/rhn/server/handlers/config_mgmt/rhn_config_management.py", line 374, in management_put_file
    result = self.push_file(conf_channel_id, dict)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 230, in push_file
    result = self._push_file(config_channel_id, file)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 201, in _push_file
    self._push_contents(file)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 294, in _push_contents
    file['checksum'] = getStringChecksum(checksum_type, file_contents or '')
  File "/usr/lib/python2.6/site-packages/spacewalk/common/checksum.py", line 74, in getStringChecksum
    ctx = hashlib.new(hashtype, s)
  File "/usr/lib64/python2.6/hashlib.py", line 83, in __hash_new
    return _hashlib.new(name, string, usedforsecurity)
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips



Version-Release number of selected component (if applicable):
Satellite 5.6

How reproducible:
Always

Steps to Reproduce:
1. Satellite 5.6 running on a FIPS - enabled RHEL system
2. rhncfg-manager update ... ran from client

Actual results:
Above errors.

Expected results:
The thing works.

Additional info:
We store MD5 checksum for all config file content. Computing MD5 is not possible in FIPS mode -> the above error.

Comment 1 Milan Zázrivec 2014-04-01 16:02:46 UTC

Fixed in spacewalk.git master: 96001b0914a2c9772f2fe28e3603535a5fac5cec

Note You need to log in before you can comment on or make changes to this bug.