Hide Forgot
Description of problem: This should raise a ValueError in FIPS mode but it doesn't: python -c "import hashlib; print(hashlib.md5())" Looks like python36 hasn't been patched with FIPS support. Version-Release number of selected component (if applicable): python36-3.6.8-1.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Enable fips mode in Centos 7 2. Check that fips is enabled (eg sysctl crypto.fips_enabled) 3. Run the command above Actual results: No exception. Expected results: ValueError Additional info:
Given the soon to be added python3 package in RHEL, this EPEL package will be retired soon. Hence reassigning.
In RHEL-7 we only cared for the crypto libraries' FIPS validation. In RHEL-8 we stepped up the game to make the whole distribution FIPS compliant, with as few exceptions as possible. So the current status is fine by us, no sync is needed, and it is actually unwanted as it may break working customer installations.
Filed a new bug for comment#15: https://bugzilla.redhat.com/show_bug.cgi?id=1811170
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1132