FIPS validation: OpenSSL::Digest::MD5 cannot be used #3544

jochenehret · 2023-12-07T10:25:06Z

Issue

On a FIPS enabled stemcell, the OpenSSL::Digest::MD5 algorithm cannot be used.

Context

We are validating CF on a FIPS enabled stemcell, see cloudfoundry/cf-deployment#1140 for more details and a list of other issues. We are using a development capi-release which already includes the openssl v3.2.0 bump: ee95901

Steps to Reproduce

If you have access to a FIPS enabled stemcell, you can bosh ssh into an "api" node and run this simple test:

require 'openssl'
puts OpenSSL::Digest::MD5.hexdigest 'abc'

You can also push a test app and it will fail in the staging step.

Expected result

Staging should succeed.

Current result

Staging fails, in the cloud_controller_ng.log you see:

 "test_mode_info"=>{"detail"=>"Stager error: Digest initialization failed: initialization error"
 "title"=>"CF-StagerError"
 "backtrace"=>["/cloud_controller_ng/lib/cloud_controller/diego/stager.rb:36:in `rescue in send_stage_package_request'"
 "/cloud_controller_ng/lib/cloud_controller/diego/stager.rb:31:in `send_stage_package_request'"
 "/cloud_controller_ng/lib/cloud_controller/diego/stager.rb:9:in `stage'"
 "/cloud_controller_ng/app/actions/build_create.rb:87:in `create_and_stage'"
 "/cloud_controller_ng/app/controllers/v3/builds_controller.rb:51:in `create'"

Possible Fix

Replace OpenSSL::Digest::MD5 with OpenSSL::Digest::SHA256. I've found these locations:

cloud_controller_ng/lib/cloud_controller/diego/buildpack/staging_action_builder.rb

Line 78 in ee95901

    
           destination_path: "/tmp/buildpacks/#{OpenSSL::Digest::MD5.hexdigest(buildpack[:key])}",

cloud_controller_ng/lib/cloud_controller/diego/buildpack/staging_action_builder.rb

Line 110 in ee95901

to: "/tmp/buildpacks/#{OpenSSL::Digest::MD5.hexdigest(buildpack[:key])}",

cloud_controller_ng/app/controllers/runtime/stagings_controller.rb

Line 156 in ee95901

digester = Digester.new(algorithm: OpenSSL::Digest::MD5, type: :base64digest)

cloud_controller_ng/middleware/mixins/user_reset_interval.rb

Line 6 in ee95901

offset = OpenSSL::Digest::MD5.hexdigest(user_guid).hex.remainder(interval)

I've tried this in a dev capi-release. The hash function is used for generating temporary folders for the buildpacks. After a cf redeployment, the buildpacks could not be located anymore. The solution probably needs a migration path (clear buildpack cache?).

The text was updated successfully, but these errors were encountered:

rkoster · 2023-12-12T08:54:14Z

cc @Gerg

rkoster · 2023-12-12T13:32:51Z

Changing the digest will also affect the diego executor: https://github.com/cloudfoundry/executor/blob/main/depot/uploader/uploader.go#L145

cc @ameowlia

philippthun · 2023-12-12T13:49:43Z

This will be fun...

Diego sets the Content-MD5 HTTP header (here)
The cc-uploader forwards the header (here)
CC validates the content against this header (here)

So we need to change this api in a compatible way...

rkoster · 2023-12-12T13:59:43Z

If CC gets updated first and it starts accepting both Content-MD5 and Content-SHA1 or Content-SHA256 headers.
Then the other components can be updated.

rkoster · 2023-12-12T14:01:21Z

control/63c060f1-48eb-444b-8190-f89ed835d962:~$ /var/vcap/jobs/cloud_controller_ng/bin/console
[1] pry(VCAP::CloudController)> require 'openssl'
=> false
[2] pry(VCAP::CloudController)> OpenSSL::Digest::MD5.hexdigest 'abc'
OpenSSL::Digest::DigestError: Digest initialization failed: initialization error
from /var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/openssl-3.2.0/lib/openssl/digest.rb:31:in `initialize'
[3] pry(VCAP::CloudController)> OpenSSL::Digest::SHA1.hexdigest 'abc'
=> "a9993e364706816aba3e25717850c26c9cd0d89d"
[4] pry(VCAP::CloudController)> OpenSSL::Digest::SHA256.hexdigest 'abc'
=> "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"

Not sure on future versions of FIPS but on the jammy FIPS stemcell sha1 seems to work. ^

rkoster · 2023-12-12T14:33:11Z

The staging_action_builder.rb changes is probably also need changes here: https://github.com/cloudfoundry/buildpackapplifecycle/blob/main/buildpackrunner/runner.go#L476

rkoster · 2023-12-12T17:56:19Z

{
  "errors": [
    {
      "title": "UnknownError",
      "detail": "An unknown error occurred.",
      "code": 10001,
      "test_mode_info": {
        "detail": "Process Guid: d1693c75-dfb8-45f6-82a3-9b551e40ab64: EVP_PKEY_keygen: invalid modulus",
        "title": "CF-PKeyError",
        "backtrace": [
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/openssl-3.2.0/lib/openssl/pkey.rb:344:in `generate_key'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/openssl-3.2.0/lib/openssl/pkey.rb:344:in `generate'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/openssl-3.2.0/lib/openssl/pkey.rb:354:in `new'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/ssh_key.rb:29:in `key'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/ssh_key.rb:12:in `private_key'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/app_recipe_builder.rb:61:in `app_lrp_arguments'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/app_recipe_builder.rb:29:in `build_app_lrp'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/bbs_apps_client.rb:13:in `block in desire_app'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/bbs_apps_client.rb:107:in `handle_diego_errors'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/bbs_apps_client.rb:12:in `desire_app'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/desire_app_handler.rb:10:in `create_or_update_app'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/messenger.rb:25:in `send_desire_request'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/runner.rb:23:in `block in start'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/runner.rb:47:in `with_logging'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/runner.rb:23:in `start'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/process_observer.rb:40:in `react_to_state_change'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/process_observer.rb:23:in `block in updated'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/process_observer.rb:48:in `with_diego_communication_handling'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/process_observer.rb:21:in `updated'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/app/models/runtime/process_model.rb:530:in `block in after_save'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/transactions.rb:480:in `each'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/transactions.rb:480:in `remove_transaction'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/transactions.rb:288:in `_transaction'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/transactions.rb:239:in `block in transaction'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/connection_pool/threaded.rb:92:in `hold'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/connecting.rb:293:in `synchronize'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/transactions.rb:197:in `transaction'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/app/actions/app_start.rb:9:in `start'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/app/controllers/v3/apps_controller.rb:166:in `start'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/abstract_controller/base.rb:228:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/rendering.rb:30:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/abstract_controller/callbacks.rb:42:in `block in process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:106:in `run_callbacks'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/abstract_controller/callbacks.rb:41:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/rescue.rb:22:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/notifications.rb:203:in `block in instrument'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/notifications/instrumenter.rb:24:in `instrument'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/notifications.rb:203:in `instrument'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/instrumentation.rb:33:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/params_wrapper.rb:249:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/abstract_controller/base.rb:165:in `process'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionview-6.1.7.6/lib/action_view/rendering.rb:39:in `process'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal.rb:190:in `dispatch'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal.rb:254:in `dispatch'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb:50:in `dispatch'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb:33:in `serve'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb:50:in `block in serve'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb:32:in `each'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb:32:in `serve'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb:842:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/tempfile_reaper.rb:15:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/http/permissions_policy.rb:22:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/http/content_security_policy.rb:19:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:98:in `run_callbacks'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/callbacks.rb:26:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/runtime.rb:22:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/executor.rb:14:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/sendfile.rb:110:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/host_authorization.rb:142:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/urlmap.rb:74:in `block in call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/urlmap.rb:58:in `each'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/urlmap.rb:58:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/cef_logs.rb:18:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/request_logs.rb:13:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/zipkin.rb:22:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/security_context_setter.rb:41:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/vcap_request_id.rb:16:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/cors.rb:49:in `call_app'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/cors.rb:14:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/request_metrics.rb:12:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/builder.rb:244:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/thin-1.8.2/lib/thin/connection.rb:86:in `block in pre_process'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/thin-1.8.2/lib/thin/connection.rb:84:in `catch'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/thin-1.8.2/lib/thin/connection.rb:84:in `pre_process'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/thin-1.8.2/lib/thin/connection.rb:50:in `block in process'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:1077:in `block in spawn_threadpool'"
        ]
      }
    }
  ]
}

Related to bits: https://github.com/cloudfoundry/cloud_controller_ng/blob/main/lib/cloud_controller/diego/ssh_key.rb#L7-L9

Was able to work around the issue by changing the default to 2048.

rkoster · 2023-12-12T19:51:31Z

{
  "errors": [
    {
      "title": "UnknownError",
      "detail": "An unknown error occurred.",
      "code": 10001,
      "test_mode_info": {
        "detail": "Process Guid: d1693c75-dfb8-45f6-82a3-9b551e40ab64: Digest initialization failed: initialization error",
        "title": "CF-DigestError",
        "backtrace": [
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/openssl-3.2.0/lib/openssl/digest.rb:26:in `initialize'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/openssl-3.2.0/lib/openssl/digest.rb:26:in `digest'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/openssl-3.2.0/lib/openssl/digest.rb:26:in `digest'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/net-ssh-7.2.0/lib/net/ssh/authentication/pub_key_fingerprint.rb:33:in `hexdigest'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/net-ssh-7.2.0/lib/net/ssh/authentication/pub_key_fingerprint.rb:33:in `fingerprint'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/net-ssh-7.2.0/lib/net/ssh/authentication/pub_key_fingerprint.rb:27:in `fingerprint'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/ssh_key.rb:24:in `fingerprint'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/app_recipe_builder.rb:62:in `app_lrp_arguments'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/app_recipe_builder.rb:29:in `build_app_lrp'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/bbs_apps_client.rb:13:in `block in desire_app'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/bbs_apps_client.rb:107:in `handle_diego_errors'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/bbs_apps_client.rb:12:in `desire_app'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/desire_app_handler.rb:10:in `create_or_update_app'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/messenger.rb:25:in `send_desire_request'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/runner.rb:23:in `block in start'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/runner.rb:47:in `with_logging'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/diego/runner.rb:23:in `start'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/process_observer.rb:40:in `react_to_state_change'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/process_observer.rb:23:in `block in updated'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/process_observer.rb:48:in `with_diego_communication_handling'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/lib/cloud_controller/process_observer.rb:21:in `updated'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/app/models/runtime/process_model.rb:530:in `block in after_save'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/transactions.rb:480:in `each'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/transactions.rb:480:in `remove_transaction'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/transactions.rb:288:in `_transaction'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/transactions.rb:239:in `block in transaction'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/connection_pool/threaded.rb:92:in `hold'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/connecting.rb:293:in `synchronize'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/sequel-5.75.0/lib/sequel/database/transactions.rb:197:in `transaction'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/app/actions/app_start.rb:9:in `start'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/app/controllers/v3/apps_controller.rb:166:in `start'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/abstract_controller/base.rb:228:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/rendering.rb:30:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/abstract_controller/callbacks.rb:42:in `block in process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:106:in `run_callbacks'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/abstract_controller/callbacks.rb:41:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/rescue.rb:22:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/notifications.rb:203:in `block in instrument'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/notifications/instrumenter.rb:24:in `instrument'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/notifications.rb:203:in `instrument'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/instrumentation.rb:33:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/params_wrapper.rb:249:in `process_action'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/abstract_controller/base.rb:165:in `process'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionview-6.1.7.6/lib/action_view/rendering.rb:39:in `process'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal.rb:190:in `dispatch'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_controller/metal.rb:254:in `dispatch'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb:50:in `dispatch'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb:33:in `serve'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb:50:in `block in serve'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb:32:in `each'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb:32:in `serve'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb:842:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/tempfile_reaper.rb:15:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/http/permissions_policy.rb:22:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/http/content_security_policy.rb:19:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb:98:in `run_callbacks'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/callbacks.rb:26:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/runtime.rb:22:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/activesupport-6.1.7.6/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/executor.rb:14:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/sendfile.rb:110:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/actionpack-6.1.7.6/lib/action_dispatch/middleware/host_authorization.rb:142:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/urlmap.rb:74:in `block in call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/urlmap.rb:58:in `each'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/urlmap.rb:58:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/cef_logs.rb:18:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/request_logs.rb:13:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/zipkin.rb:22:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/security_context_setter.rb:41:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/vcap_request_id.rb:16:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/cors.rb:49:in `call_app'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/cors.rb:14:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/cloud_controller_ng/middleware/request_metrics.rb:12:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/rack-2.2.8/lib/rack/builder.rb:244:in `call'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/thin-1.8.2/lib/thin/connection.rb:86:in `block in pre_process'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/thin-1.8.2/lib/thin/connection.rb:84:in `catch'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/thin-1.8.2/lib/thin/connection.rb:84:in `pre_process'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/thin-1.8.2/lib/thin/connection.rb:50:in `block in process'",
          "/var/vcap/data/packages/cloud_controller_ng/931e5b79fec2fdff1b2f0ce4507c65033fa274be/gem_home/ruby/3.2.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:1077:in `block in spawn_threadpool'"
        ]
      }
    }
  ]
}

This can be fixed by changing: https://github.com/cloudfoundry/cloud_controller_ng/blob/main/lib/cloud_controller/diego/ssh_key.rb#L24

OpenSSL::Digest::SHA256.new(key.public_key.to_der).to_s

rkoster · 2023-12-12T20:02:25Z

With the following Cloud Controller patches I was able to push and start an app on a CF deploy with a fips stemcell:

- path: /instance_groups/name=control/jobs/name=pre-start-script?
  type: replace
  value:
    name: pre-start-script
    release: os-conf
    properties:
      script: |-
        #!/bin/bash
        pushd /var/vcap/packages/cloud_controller_ng/cloud_controller_ng/

        sed -i 's/Rails.env.local?/true/g' app/controllers/runtime/stagings_controller.rb

        sed -i 's/Digest::MD5/Digest::SHA1/g' lib/cloud_controller/diego/buildpack/staging_action_builder.rb

        sed -i 's/Digest::MD5/Digest::SHA1/g' middleware/mixins/user_reset_interval.rb

        sed -i 's/bits=1024/bits=2048/g' lib/cloud_controller/diego/ssh_key.rb

        sed -i 's/delegate :fingerprint, to: :key/def fingerprint\n          OpenSSL::Digest::SHA256.new(key.public_key.to_der).to_s\n        end/g' lib/cloud_controller/diego/ssh_key.rb

philippthun · 2024-01-11T10:14:01Z

All MD5 usages have either been removed or its usage is configurable.

jochenehret mentioned this issue Dec 7, 2023

FIPS validation for cf-deployment cloudfoundry/cf-deployment#1140

Closed

17 tasks

rkoster mentioned this issue Dec 14, 2023

Bump default key length to 2048 and change fingerprint to SHA1 #3555

Merged

This was referenced Dec 15, 2023

Use xxHash in Rate Limiter #3557

Merged

Support Content-Digest header in StagingsController #3558

Merged

philippthun closed this as completed Jan 11, 2024

jochenehret mentioned this issue Oct 11, 2024

Promote Jochen Ehret to CAPI Approver cloudfoundry/community#995

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

FIPS validation: OpenSSL::Digest::MD5 cannot be used #3544

FIPS validation: OpenSSL::Digest::MD5 cannot be used #3544

jochenehret commented Dec 7, 2023 •

edited

Loading

rkoster commented Dec 12, 2023

Uh oh!

rkoster commented Dec 12, 2023

Uh oh!

philippthun commented Dec 12, 2023

Uh oh!

rkoster commented Dec 12, 2023 •

edited

Loading

Uh oh!

rkoster commented Dec 12, 2023 •

edited

Loading

Uh oh!

rkoster commented Dec 12, 2023

Uh oh!

rkoster commented Dec 12, 2023

Uh oh!

rkoster commented Dec 12, 2023

Uh oh!

rkoster commented Dec 12, 2023

Uh oh!

philippthun commented Jan 11, 2024

Uh oh!

FIPS validation: OpenSSL::Digest::MD5 cannot be used #3544

FIPS validation: OpenSSL::Digest::MD5 cannot be used #3544

Comments

jochenehret commented Dec 7, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Issue

Context

Steps to Reproduce

Expected result

Current result

Possible Fix

rkoster commented Dec 12, 2023

Uh oh!

rkoster commented Dec 12, 2023

Uh oh!

philippthun commented Dec 12, 2023

Uh oh!

rkoster commented Dec 12, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rkoster commented Dec 12, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rkoster commented Dec 12, 2023

Uh oh!

rkoster commented Dec 12, 2023

Uh oh!

rkoster commented Dec 12, 2023

Uh oh!

rkoster commented Dec 12, 2023

Uh oh!

philippthun commented Jan 11, 2024

Uh oh!

jochenehret commented Dec 7, 2023 •

edited

Loading

rkoster commented Dec 12, 2023 •

edited

Loading

rkoster commented Dec 12, 2023 •

edited

Loading