Yum fails with SHA-1 RPM signature and digest under FIPS

Issue

A Red Hat Enterprise Linux 6 system that is FIPS enabled is unable to yum install SHA-1 packages and fails with a traceback:

Total download size: 394 k
Installed size: 0  
Downloading Packages:
(1/3): kmod-vmware-tools-pvscsi-1.1.1.0-2.6.32.71.el6.x86_64.3.x86_64.rpm                          |  46 kB     00:00     
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in <module>
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 285, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 219, in main
    return_code = base.doTransaction()
  File "/usr/share/yum-cli/cli.py", line 498, in doTransaction
    problems = self.downloadPkgs(downloadpkgs, callback_total=self.download_callback_total_cb) 
  File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 2035, in downloadPkgs
    cache=po.repo.http_caching != 'none',
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 858, in getPackage
    size=package.size,
  File "/usr/share/yum-plugins/rhnplugin.py", line 347, in _getFile
    start, end, copy_local, checkfunc, text, reget, cache, size)
  File "/usr/share/yum-plugins/rhnplugin.py", line 449, in _noExceptionWrappingGet
    size = size
  File "/usr/lib/python2.6/site-packages/urlgrabber/grabber.py", line 985, in urlgrab
    return self._retry(opts, retryfunc, url, filename)
  File "/usr/lib/python2.6/site-packages/urlgrabber/grabber.py", line 886, in _retry
    r = apply(func, (opts,) + args, {})
  File "/usr/lib/python2.6/site-packages/urlgrabber/grabber.py", line 980, in retryfunc
    apply(cb_func, (obj, )+cb_args, cb_kwargs)
  File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 1881, in verifyPkg
    if not po.verifyLocalPkg():
  File "/usr/lib/python2.6/site-packages/yum/packages.py", line 879, in verifyLocalPkg
    datasize=self.packagesize)
  File "/usr/lib/python2.6/site-packages/yum/misc.py", line 327, in checksum
    data = Checksums([sumtype])
  File "/usr/lib/python2.6/site-packages/yum/misc.py", line 241, in __init__
    sumalgo = hashlib.new(sumtype)
  File "/usr/lib64/python2.6/hashlib.py", line 83, in __hash_new
    return _hashlib.new(name, string, usedforsecurity)
ValueError: error:060800A0:digital envelope routines:EVP_DigestInit_ex:unknown cipher

Environment

Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories