Replace md5 for fips
md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.
md5 is allowed when in a non-security context. There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added to
oslo_utils. See https://review.opendev.org/#/c/750031/
In this case, md5 is used to calculate the hash of a database record
to ensure record uniqueness.
Change-Id: Ic2571caa71dc99c417ea0933d5d4947287cbe312
(cherry picked from commit 7ea5643290)
This commit is contained in:
Ade Lee
@@ -14,9 +14,9 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
import time
|
import time
|
||||||
import hashlib
|
|
||||||
|
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
|
from oslo_utils.secretutils import md5
|
||||||
from sqlalchemy import select, distinct, func
|
from sqlalchemy import select, distinct, func
|
||||||
from sqlalchemy.sql.expression import or_
|
from sqlalchemy.sql.expression import or_
|
||||||
|
|
||||||
@@ -799,11 +799,11 @@ class SQLAlchemyStorage(sqlalchemy_base.SQLAlchemy, storage_base.Storage):
|
|||||||
"""
|
"""
|
||||||
Calculates the hash of the record, used to ensure record uniqueness.
|
Calculates the hash of the record, used to ensure record uniqueness.
|
||||||
"""
|
"""
|
||||||
md5 = hashlib.md5()
|
md5sum = md5(usedforsecurity=False)
|
||||||
md5.update(("%s:%s" % (record.recordset_id,
|
md5sum.update(("%s:%s" % (record.recordset_id,
|
||||||
record.data)).encode('utf-8'))
|
record.data)).encode('utf-8'))
|
||||||
|
|
||||||
return md5.hexdigest()
|
return md5sum.hexdigest()
|
||||||
|
|
||||||
def create_record(self, context, zone_id, recordset_id, record):
|
def create_record(self, context, zone_id, recordset_id, record):
|
||||||
# Fetch the zone as we need the tenant_id
|
# Fetch the zone as we need the tenant_id
|
||||||
|
|||||||
@@ -83,7 +83,7 @@ oslo.rootwrap==5.8.0
|
|||||||
oslo.serialization==2.25.0
|
oslo.serialization==2.25.0
|
||||||
oslo.service==1.31.0
|
oslo.service==1.31.0
|
||||||
oslo.upgradecheck==1.3.0
|
oslo.upgradecheck==1.3.0
|
||||||
oslo.utils==4.5.0
|
oslo.utils==4.7.0
|
||||||
oslo.versionedobjects==1.31.2
|
oslo.versionedobjects==1.31.2
|
||||||
oslotest==3.2.0
|
oslotest==3.2.0
|
||||||
packaging==20.4
|
packaging==20.4
|
||||||
|
|||||||
@@ -20,7 +20,7 @@ oslo.rootwrap>=5.8.0 # Apache-2.0
|
|||||||
oslo.serialization>=2.25.0 # Apache-2.0
|
oslo.serialization>=2.25.0 # Apache-2.0
|
||||||
oslo.service>=1.31.0 # Apache-2.0
|
oslo.service>=1.31.0 # Apache-2.0
|
||||||
oslo.upgradecheck>=1.3.0
|
oslo.upgradecheck>=1.3.0
|
||||||
oslo.utils>=4.5.0 # Apache-2.0
|
oslo.utils>=4.7.0 # Apache-2.0
|
||||||
oslo.versionedobjects>=1.31.2 # Apache-2.0
|
oslo.versionedobjects>=1.31.2 # Apache-2.0
|
||||||
Paste>=2.0.2 # MIT
|
Paste>=2.0.2 # MIT
|
||||||
PasteDeploy>=1.5.0 # MIT
|
PasteDeploy>=1.5.0 # MIT
|
||||||
|
|||||||
Reference in New Issue
Block a user