Bug 1025781 - Creating a config file revision with rhncfg-manager fails with a FIPS-enabled Satellite
Summary: Creating a config file revision with rhncfg-manager fails with a FIPS-enabled...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Configuration Management
Version: 560
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Milan Zázrivec
QA Contact: Pavel Studeník
URL:
Whiteboard:
Depends On:
Blocks: 843620
TreeView+ depends on / blocked
 
Reported: 2013-11-01 14:45 UTC by Milan Zázrivec
Modified: 2015-01-26 11:58 UTC (History)
4 users (show)

Fixed In Version: spacewalk-backend-2.2.14-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-26 11:58:19 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Milan Zázrivec 2013-11-01 14:45:57 UTC
Description of problem:
Uploading a new / updated config file revision using rhncfg-manager
to a FIPS - enabled Satellite fails with the following client side error:

# rhncfg-manager update -c config-channel-01 /etc/config-file 
Using server name whatever.com
Pushing to channel config-channel-01:
Error pushing file:  (1, "While running 'config.management.put_file':
caught\n<type 'exceptions.ValueError'> : error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips\n")

And the following server-side error:

Exception Handler Information
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/spacewalk/server/apacheRequest.py", line 123, in call_function
    response = apply(func, params)
  File "/usr/share/rhn/server/handlers/config_mgmt/rhn_config_management.py", line 374, in management_put_file
    result = self.push_file(conf_channel_id, dict)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 230, in push_file
    result = self._push_file(config_channel_id, file)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 201, in _push_file
    self._push_contents(file)
  File "/usr/lib/python2.6/site-packages/spacewalk/server/configFilesHandler.py", line 294, in _push_contents
    file['checksum'] = getStringChecksum(checksum_type, file_contents or '')
  File "/usr/lib/python2.6/site-packages/spacewalk/common/checksum.py", line 74, in getStringChecksum
    ctx = hashlib.new(hashtype, s)
  File "/usr/lib64/python2.6/hashlib.py", line 83, in __hash_new
    return _hashlib.new(name, string, usedforsecurity)
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips



Version-Release number of selected component (if applicable):
Satellite 5.6

How reproducible:
Always

Steps to Reproduce:
1. Satellite 5.6 running on a FIPS - enabled RHEL system
2. rhncfg-manager update ... ran from client

Actual results:
Above errors.

Expected results:
The thing works.

Additional info:
We store MD5 checksum for all config file content. Computing MD5 is not possible in FIPS mode -> the above error.

Comment 1 Milan Zázrivec 2014-04-01 16:02:46 UTC
Fixed in spacewalk.git master: 96001b0914a2c9772f2fe28e3603535a5fac5cec


Note You need to log in before you can comment on or make changes to this bug.