Bug 977819 - python-twisted core failures in fips mode
python-twisted core failures in fips mode
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: python-twisted-core (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Python Maintainers
Depends On:
Blocks: 839624
  Show dependency treegraph
Reported: 2013-06-25 08:13 EDT by Bohuslav "Slavek" Kabrda
Modified: 2014-06-17 08:45 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-06-17 08:45:24 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bohuslav "Slavek" Kabrda 2013-06-25 08:13:50 EDT
python-twisted-core experiences some failures in fips mode due to usage of md5:
- twisted/persisted/sob.py - md5 is used to create hash of password, this hash is then encrypted using AES
- twisted/internet/_sslverify.py - md5 is used to create signature of ssl certificate - this seems to be dangerous and should fail
- twisted/cred/credentials.py - md5 is used to "unique string that can be returned to us and verified" which seems dangerous to do, this should fail or be replaced by different hash function
- twisted/protocols/sip.py - this is obsolete implementation of the above and experiences the same problems
- twisted/spread/respond.py - md5 used for password hashing, should be replaced or left raising the error
Comment 3 Bohuslav "Slavek" Kabrda 2014-06-17 08:45:24 EDT
As per the original bug report, the mentioned functions should be failing in FIPS mode, so I'm closing this bug as wontfix.

Note You need to log in before you can comment on or make changes to this bug.