Bug 1025781 - Creating a config file revision with rhncfg-manager fails with a FIPS-enabled Satellite
Creating a config file revision with rhncfg-manager fails with a FIPS-enabled...
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Configuration Management (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Milan Zázrivec
Pavel Studeník
Depends On:
Blocks: 843620
  Show dependency treegraph
Reported: 2013-11-01 10:45 EDT by Milan Zázrivec
Modified: 2015-01-26 06:58 EST (History)
4 users (show)

See Also:
Fixed In Version: spacewalk-backend-2.2.14-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-01-26 06:58:19 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Milan Zázrivec 2013-11-01 10:45:57 EDT
Description of problem:
Uploading a new / updated config file revision using rhncfg-manager
to a FIPS - enabled Satellite fails with the following client side error:

# rhncfg-manager update -c config-channel-01 /etc/config-file 
Using server name whatever.com
Pushing to channel config-channel-01:
Error pushing file:  (1, "While running 'config.management.put_file':
caught\n<type 'exceptions.ValueError'> : error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips\n")

And the following server-side error:

Exception Handler Information
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/spacewalk/server/apacheRequest.py", line 123, in call_function
    response = apply(func, params)
  File "/usr/share/rhn/server/handlers/config_mgmt/rhn_config_management.py", line 374, in management_put_file
    result = self.push_file(conf_channel_id, dict)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 230, in push_file
    result = self._push_file(config_channel_id, file)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 201, in _push_file
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 294, in _push_contents
    file['checksum'] = getStringChecksum(checksum_type, file_contents or '')
  File "/usr/lib/python2.6/site-packages/spacewalk/common/checksum.py", line 74, in getStringChecksum
    ctx = hashlib.new(hashtype, s)
  File "/usr/lib64/python2.6/hashlib.py", line 83, in __hash_new
    return _hashlib.new(name, string, usedforsecurity)
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

Version-Release number of selected component (if applicable):
Satellite 5.6

How reproducible:

Steps to Reproduce:
1. Satellite 5.6 running on a FIPS - enabled RHEL system
2. rhncfg-manager update ... ran from client

Actual results:
Above errors.

Expected results:
The thing works.

Additional info:
We store MD5 checksum for all config file content. Computing MD5 is not possible in FIPS mode -> the above error.
Comment 1 Milan Zázrivec 2014-04-01 12:02:46 EDT
Fixed in spacewalk.git master: 96001b0914a2c9772f2fe28e3603535a5fac5cec

Note You need to log in before you can comment on or make changes to this bug.