Fix Ruby MD5 not always being available in FIPS mode
What does this MR do?
If Ruby is compiled against Amazon Linux's OpenSSL v1.0.2,
Digest::MD5.new
fails with:
md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
However, this doesn't happen on RedHat or Ubuntu FIPS because the
OpenSSL MD5_Init()
call isn't disabled in their OpenSSL v1.1 FIPS
libraries. Instead, it is disabled via the EVP_DigestInit_ex()
call,
which is why OpenSSL::Digest::MD5.new
fails but Digest::MD5.new
works.
In either case, we should just use the Ruby MD5 implementation until Chef completely removes the use of MD5 (https://github.com/chef/chef/pull/13186).
Related issues
Relates to #7182 (closed)
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks -
trigger-package
has a green pipeline running against latest commit
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for the GitLab Chart opened
Edited by Stan Hu