Bug 1025781 – Creating a config file revision with rhncfg-manager fails with a FIPS-enabled Satellite

Bug 1025781 - Creating a config file revision with rhncfg-manager fails with a FIPS-enabled Satellite

Summary:	Creating a config file revision with rhncfg-manager fails with a FIPS-enabled...

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	Configuration Management (Show other bugs)
Sub Component:
Version:	560
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	---
Target Release:	---
Assigned To:	Milan Zázrivec
QA Contact:	Pavel Studeník
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	843620
	Show dependency tree / graph

Reported:	2013-11-01 10:45 EDT by Milan Zázrivec
Modified:	2015-01-26 06:58 EST (History)
CC List:	4 users (show)

See Also:
Fixed In Version:	spacewalk-backend-2.2.14-1
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-01-26 06:58:19 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Milan Zázrivec 2013-11-01 10:45:57 EDT

Description of problem:
Uploading a new / updated config file revision using rhncfg-manager
to a FIPS - enabled Satellite fails with the following client side error:

# rhncfg-manager update -c config-channel-01 /etc/config-file 
Using server name whatever.com
Pushing to channel config-channel-01:
Error pushing file:  (1, "While running 'config.management.put_file':
caught\n<type 'exceptions.ValueError'> : error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips\n")

And the following server-side error:

Exception Handler Information
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/spacewalk/server/apacheRequest.py", line 123, in call_function
    response = apply(func, params)
  File "/usr/share/rhn/server/handlers/config_mgmt/rhn_config_management.py", line 374, in management_put_file
    result = self.push_file(conf_channel_id, dict)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 230, in push_file
    result = self._push_file(config_channel_id, file)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 201, in _push_file
    self._push_contents(file)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 294, in _push_contents
    file['checksum'] = getStringChecksum(checksum_type, file_contents or '')
  File "/usr/lib/python2.6/site-packages/spacewalk/common/checksum.py", line 74, in getStringChecksum
    ctx = hashlib.new(hashtype, s)
  File "/usr/lib64/python2.6/hashlib.py", line 83, in __hash_new
    return _hashlib.new(name, string, usedforsecurity)
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips



Version-Release number of selected component (if applicable):
Satellite 5.6

How reproducible:
Always

Steps to Reproduce:
1. Satellite 5.6 running on a FIPS - enabled RHEL system
2. rhncfg-manager update ... ran from client

Actual results:
Above errors.

Expected results:
The thing works.

Additional info:
We store MD5 checksum for all config file content. Computing MD5 is not possible in FIPS mode -> the above error.

Comment 1 Milan Zázrivec 2014-04-01 12:02:46 EDT

Fixed in spacewalk.git master: 96001b0914a2c9772f2fe28e3603535a5fac5cec

Note You need to log in before you can comment on or make changes to this bug.