Bug 1619649 - [RFE] Use SHA256 to validate checksum in SSHClient
Summary: [RFE] Use SHA256 to validate checksum in SSHClient
Keywords:
Status: CLOSED DUPLICATE of bug 1837221
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: ovirt-host-deploy-ansible
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ovirt-4.4.5
: ---
Assignee: Martin Perina
QA Contact: Lucie Leistnerova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-21 11:53 UTC by Yuval Turgeman
Modified: 2021-04-15 15:59 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2021-04-14 09:49:58 UTC
oVirt Team: Integration
Embargoed:
sbonazzo: ovirt-4.4?
rule-engine: planning_ack?
sbonazzo: devel_ack?
rule-engine: testing_ack?

Attachments (Terms of Use)

Description Yuval Turgeman 2018-08-21 11:53:04 UTC 
Description of problem:
Using md5sum on FIPS enabled system is not allowed, we should switch the send and receive commands to use sha256sum
Comment 1 Sandro Bonazzola 2019-01-21 08:28:28 UTC 
re-targeting to 4.3.1 since this BZ has not been proposed as blocker for 4.3.0.
If you think this bug should block 4.3.0 please re-target and set blocker flag.
Comment 2 Sandro Bonazzola 2019-02-18 07:54:49 UTC 
Moving to 4.3.2 not being identified as blocker for 4.3.1.
Comment 3 Sandro Bonazzola 2019-11-20 12:52:24 UTC 
Missed 4.4 feature freeze, re-targeting to 4.5
Comment 4 Yedidyah Bar David 2021-01-04 10:39:04 UTC 
Yuval, can you clarify what you meant that needs fixing here? Thanks.

I am not aware of anything that uses md5sum in either old ovirt-host-deploy or the ansible re-implementation.
Comment 5 Sandro Bonazzola 2021-04-14 07:17:20 UTC 
Yuval is not around anymore, Didi if you can't see any other use of md5sum let's close.
Comment 6 Yedidyah Bar David 2021-04-14 09:49:58 UTC 
I think perhaps he meant using of sha1 fingerprints for verification of hosts' public keys.

Should be handled in bug 1934129 (just keep full public key instead of just fingerprint) - done as part of bug 1837221. Closing as duplicate of latter.

*** This bug has been marked as a duplicate of bug 1837221 ***
Note You need to log in before you can comment on or make changes to this bug.