Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restore FIPS compliance when using master_finger #31567

Merged
merged 3 commits into from Mar 1, 2016

Conversation

Projects
None yet
2 participants
@cachedout
Copy link
Collaborator

commented Feb 29, 2016

What does this PR do?

Fixes a crash in the salt-minion and in salt-key when FIPS mode is enabled and the master_finger option is used.

What issues does this PR fix or reference?

#28585

Previous Behavior

[root@mp-fips salt]# salt-key -F
Traceback (most recent call last):
  File "/usr/bin/salt-key", line 10, in <module>
    salt_key()
  File "/usr/lib/python2.6/site-packages/salt/scripts.py", line 181, in salt_key
    client.run()
  File "/usr/lib/python2.6/site-packages/salt/cli/key.py", line 62, in run
    key.run()
  File "/usr/lib/python2.6/site-packages/salt/key.py", line 427, in run
    self.finger_all()
  File "/usr/lib/python2.6/site-packages/salt/key.py", line 313, in finger_all
    matches = self.key.finger('*')
  File "/usr/lib/python2.6/site-packages/salt/key.py", line 862, in finger
    ret[status][key] = salt.utils.pem_finger(path)
  File "/usr/lib/python2.6/site-packages/salt/utils/__init__.py", line 704, in pem_finger
    pre = getattr(hashlib, sum_type)(key).hexdigest()
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

Other similar stacktraces for calls to pem_finger as well, both in the master and minion.

New Behavior

No stacktraces.

Tests written?

  • Yes
  • No

Resolves #28585

@cachedout cachedout force-pushed the cachedout:issue_28585 branch from 9d3ac61 to 7006a1e Mar 1, 2016

rallytime added a commit that referenced this pull request Mar 1, 2016

Merge pull request #31567 from cachedout/issue_28585
Restore FIPS compliance when using master_finger

@rallytime rallytime merged commit 0688075 into saltstack:2015.8 Mar 1, 2016

5 checks passed

default Merged build finished.
Details
jenkins/salt-pr-clone Salt PR - Clone Repository #14193 — SUCCESS
Details
jenkins/salt-pr-lint-n Salt PR - Code Lint #13873 — SUCCESS
Details
jenkins/salt-pr-rs-cent7-n Salt PR - RS CentOS 7 #12939 — SUCCESS
Details
jenkins/salt-pr-rs-ubuntu14.04-n Salt PR - RS Ubuntu 14 #10255 — SUCCESS
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.