Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rgw: under fips & openssl 3.x allow md5 iusage in select rgw ops #49533

Merged
merged 1 commit into from Jan 17, 2023
Merged

rgw: under fips & openssl 3.x allow md5 iusage in select rgw ops #49533

merged 1 commit into from Jan 17, 2023

Conversation

mkogan1
Copy link
Contributor

@mkogan1 mkogan1 commented Dec 21, 2022
edited

openssl 3.x (ex:RHEL9) requires a different override mechanism for MD5 usage under FIPS for non-cryptographic putposes than openssl 1.x (RHEL8)

fixes: https://tracker.ceph.com/issues/58332

Signed-off-by: Mark Kogan mkogan@redhat.com

Contribution Guidelines

Checklist

  • Tracker (select at least one)
    • References tracker ticket
    • Very recent bug; references commit where it was introduced
    • New feature (ticket optional)
    • Doc update (no ticket needed)
    • Code cleanup (no ticket needed)
  • Component impact
    • Affects Dashboard, opened tracker ticket
    • Affects Orchestrator, opened tracker ticket
    • No impact that needs to be tracked
  • Documentation (select at least one)
    • Updates relevant documentation
    • No doc update is appropriate
  • Tests (select at least one)
Show available Jenkins commands
  • jenkins retest this please
  • jenkins test classic perf
  • jenkins test crimson perf
  • jenkins test signed
  • jenkins test make check
  • jenkins test make check arm64
  • jenkins test submodules
  • jenkins test dashboard
  • jenkins test dashboard cephadm
  • jenkins test api
  • jenkins test docs
  • jenkins render docs
  • jenkins test ceph-volume all
  • jenkins test ceph-volume tox
  • jenkins test windows

@mkogan1 mkogan1 self-assigned this Dec 21, 2022
mattbenjamin
mattbenjamin approved these changes Dec 21, 2022
View reviewed changes
Copy link
Contributor

@mattbenjamin mattbenjamin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know the api but it looks sane

@mkogan1
rgw: under fips & openssl 3.x allow md5 iusage in select rgw ops
69cf179 
openssl 3.x (ex:RHEL9) requires a different override mechanism for MD5 usage under FIPS
for non-cryptographic putposes than openssl 1.x (RHEL8)

fixes: https://tracker.ceph.com/issues/58332

Signed-off-by: Mark Kogan <mkogan@redhat.com>
@mkogan1
Copy link
Contributor Author

mkogan1 commented Jan 17, 2023

teuthology run of the rgw:verify suite: https://pulpito.ceph.com/mkogan-2023-01-15_13:20:51-rgw:verify-wip-fips-openssl3_i01-distro-default-smithi/
failures are not related to this FIPS change

@cbodley cbodley merged commit 728e8ac into ceph:main Jan 17, 2023
This was referenced Apr 27, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattbenjamin mattbenjamin mattbenjamin approved these changes

@cbodley cbodley Awaiting requested review from cbodley

Assignees

@mkogan1 mkogan1

Labels
bug-fix common needs-qa rgw security
Projects
None yet
Milestone
No milestone
3 participants
@mkogan1 @mattbenjamin @cbodley