Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title John Duarte updated an issue Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Change By: John Duarte QA Risk Assessment: Needs Assessment No Action Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.232354.1516727375000.9261.1571669881887%40Atlassian.JIRA.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Eric Delaney commented on PUP-8378 Re: Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Tested on master(5.4.0) SHA=26b954ef6f9806161284bc57dcf5b71900889349 SUITE_VERSION=5.3.3.679.g26b954e Add Comment This message was sent by Atlassian JIRA (v7.5.1#75006-sha1:7df2574) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Eric Delaney assigned an issue to Eric Delaney Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Change By: Eric Delaney Assignee: Eric Delaney Add Comment This message was sent by Atlassian JIRA (v7.5.1#75006-sha1:7df2574) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Eric Delaney assigned an issue to Unassigned Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Change By: Eric Delaney Assignee: Kris Bosland Add Comment This message was sent by Atlassian JIRA (v7.5.1#75006-sha1:7df2574) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Josh Cooper commented on PUP-8378 Re: Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Merged to master in https://github.com/puppetlabs/puppet/commit/5e35d043ae0458e38a0aa3cf749113b0b8e5433b Add Comment This message was sent by Atlassian JIRA (v7.5.1#75006-sha1:7df2574) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Josh Cooper updated an issue Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Change By: Josh Cooper Release Notes Summary: When running on a FIPS enabled host, puppet will change the default values for digest_algorithm and supported_checksum_types to use SHA256 instead of MD5, as the latter is not FIPS compliant. Puppet will also emit errors and gracefully exit if configured to use MD5 algorithms. Release Notes: New Feature Add Comment This message was sent by Atlassian JIRA (v7.5.1#75006-sha1:7df2574) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Craig Gomes assigned an issue to Kris Bosland Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Change By: Craig Gomes Assignee: Josh Cooper Kris Bosland Add Comment This message was sent by Atlassian JIRA (v7.5.1#75006-sha1:7df2574) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Kenn Hussey commented on PUP-8378 Re: Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Josh Cooper please add release notes for this issue, if needed. Thanks! Add Comment This message was sent by Atlassian JIRA (v7.5.1#75006-sha1:7df2574) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Josh Cooper updated an issue Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Change By: Josh Cooper Acceptance Criteria: Puppet acceptance test pass against the redhat fips image in vmpooler. Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Josh Cooper updated an issue Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Change By: Josh Cooper Sub-team: Coremunity Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Josh Cooper assigned an issue to Josh Cooper Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Change By: Josh Cooper Assignee: Josh Cooper Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Josh Cooper updated an issue Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Change By: Josh Cooper Sprint: Platform Core KANBAN Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Josh Cooper updated an issue Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Change By: Josh Cooper Team: Security Platform Core Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Josh Cooper commented on PUP-8378 Re: Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Moving to Platform Core team for visibility Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Jayant Sane commented on PUP-8378 Re: Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Submitted PR: https://github.com/puppetlabs/puppet/pull/6581 Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8378) Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages
Title: Message Title Jayant Sane created an issue Puppet / PUP-8378 Intercept use of any prohibited algorithms/operations in FIPS mode to provide graceful error messages Issue Type: Task Assignee: Jayant Sane Components: Platform Created: 2018/01/23 9:09 AM Fix Versions: PUP 5.4.0 Priority: Normal Reporter: Jayant Sane Puppet 5.4.0: N/A: Redhat7- FIPS mode: FIPS mode prohibits use of certain algorithms e.g. MD5 (as applicable to puppet currently) and any attempt to use them results in abrupt program termination or abort. While customers using Puppet agents on FIPS mode platforms should be aware of such limitations there might be un-intentional usages which will result in user un-friendly errors. We need to intercept any such prohibited usages at runtime and provide graceful error messages. Create a manifest with a file resource while setting its checksum attribute to md5 and attempt applying it on agent in fips mode. Expected: Provide a graceful error while disallowing the operation. Actual: Error "md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode! Aborted"
