Bug 977702 - python-paste failures in fips mode
python-paste failures in fips mode
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: python-paste (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Python Maintainers
BaseOS QE - Apps
Depends On:
Blocks: 839624
  Show dependency treegraph
Reported: 2013-06-25 03:39 EDT by Bohuslav "Slavek" Kabrda
Modified: 2014-06-17 08:48 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-06-17 08:48:01 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bohuslav "Slavek" Kabrda 2013-06-25 03:39:15 EDT
python-paste code can fail in few places in fips code due to usage of md5:
- paste/auth/auth_tkt.py - confirming digest of auth ticket - imho this is ok to fail, since md5 is not entirely secure for this purpose
- paste/auth/digest.py - used for authentication purposes - again, seems to be ok to fail, since md5 shouldn't be used for secure authentication
- /paste/session.py - generating session id - again, this seems to be ok to fail, since generating session id should be super secure
Comment 3 Bohuslav "Slavek" Kabrda 2014-06-17 08:48:01 EDT
As per the original bug report, the mentioned functions should be failing in FIPS mode, so I'm closing this bug as wontfix.

Note You need to log in before you can comment on or make changes to this bug.