Bug 2102208 - Tempurl fails with FIPS enabled on RHEL9
Summary: Tempurl fails with FIPS enabled on RHEL9
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-swift
Version: 17.0 (Wallaby)
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ga
: 17.0
Assignee: Christian Schwede (cschwede)
QA Contact:
Andy Stillman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-06-29 13:12 UTC by Christian Schwede (cschwede)
Modified: 2022-09-21 12:23 UTC (History)
4 users (show)

Fixed In Version: openstack-swift-2.27.1-0.20220701220351.6a1a8ce.el9ost
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-09-21 12:23:05 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 848110 0 None stable/wallaby: MERGED swift: Stop partial()ing hashlib.new (I4fcacc76ab52b45510aee82156a7cbf6ad72467d) 2022-07-01 13:27:53 UTC
OpenStack gerrit 848170 0 None stable/wallaby: MERGED swift: tests: Fix swiftclient/requests log level & Ignore py36 deprecation warnings (I0e0f802fa355060f43f9e63f52897fbcf6... 2022-07-01 13:27:59 UTC
Red Hat Issue Tracker OSP-16144 0 None None None 2022-06-29 13:23:17 UTC
Red Hat Product Errata RHEA-2022:6543 0 None None None 2022-09-21 12:23:41 UTC

Internal Links: 2122574

Description Christian Schwede (cschwede) 2022-06-29 13:12:07 UTC
Using tempurls with Swift running on RHEL9/CS9 and FIPS enabled it will fail with the following error:

Jun 27 11:00:17 controller-2 proxy-server[75347]: Error: An error occurred: #012Traceback (most recent call last):#012  File "/usr/lib/python3.9/site-packages/swift/common/middleware/catch_errors.py", line 75, in handle_request#012    resp = self._app_call(env)#012  File "/usr/lib/python3.9/site-packages/swift/common/wsgi.py", line 1327, in _app_call#012    resp = self.app(env, self._start_response)#012  File "/usr/lib/python3.9/site-packages/swift/common/middleware/gatekeeper.py", line 129, in __call__#012    return self.app(env, gatekeeper_response)#012  File "/usr/lib/python3.9/site-packages/swift/common/middleware/healthcheck.py", line 52, in __call__#012    return self.app(env, start_response)#012  File "/usr/lib/python3.9/site-packages/swift/common/middleware/proxy_logging.py", line 432, in __call__#012    iterable = self.app(env, my_start_response)#012  File "/usr/lib/python3.9/site-packages/swift/common/middleware/memcache.py", line 133, in __call__#012    return self.app(env, start_response)#012  File "/usr/lib/python3.9/site-packages/swift/common/middleware/listing_formats.py", line 157, in __call__#012    return self.app(env, start_response)#012  File "/usr/lib/python3.9/site-packages/swift/common/middleware/ratelimit.py", line 321, in __call__#012    return self.app(env, start_response)#012  File "/usr/lib/python3.9/site-packages/swift/common/swob.py", line 1570, in _wsgify#012    return func(*new_args)(env, start_response)#012  File "/usr/lib/python3.9/site-packages/swift/common/middleware/tempurl.py", line 561, in __call__#012    hmac_vals = self._get_hmacs(#012  File "/usr/lib/python3.9/site-packages/swift/common/middleware/tempurl.py", line 755, in _get_hmacs#012    return [#012  File "/usr/lib/python3.9/site-packages/swift/common/middleware/tempurl.py", line 756, in <listcomp>#012    (get_hmac(#012  File "/usr/lib/python3.9/site-packages/swift/common/utils.py", line 317, in get_hmac#012    return hmac.new(key, message, digest).hexdigest()#012  File "/usr/lib64/python3.9/hmac.py", line 189, in new#012    return HMAC(key, msg, digestmod)#012  File "/usr/lib64/python3.9/hmac.py", line 60, in __init__#012    self._init_hmac(key, msg, digestmod)#012  File "/usr/lib64/python3.9/hmac.py", line 69, in _init_hmac#012    self._hmac = _hashopenssl.hmac_new(key, msg, digestmod=digestmod)#012_hashlib.UnsupportedDigestmodError: Unsupported digestmod functools.partial(<function __hash_new at 0x7f90e78f11f0>, 'sha1') (txn: txca9206232aa1475d832e3-0062b98dc1)

Upstream fix: https://review.opendev.org/q/I4fcacc76ab52b45510aee82156a7cbf6ad72467d

Comment 9 errata-xmlrpc 2022-09-21 12:23:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543


Note You need to log in before you can comment on or make changes to this bug.