From 8982ef574f28992c4622d98660998fab77ae0238 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Tue, 18 Feb 2020 14:59:55 +0100 Subject: [PATCH] Use FIPS-compatible SHA256 for comparing files On systems in FIPS mode MD5 is not available, just use SHA256. NOTE: I'm not sure if this changes makes ironic fully operational in FIPS mode, merely fixing an immediate issue. Story: 2007306 Task: 38792 Change-Id: I9a9e0286c88ed5a1a05e405d251b46a4708dd556 --- ironic/common/utils.py | 4 ++-- releasenotes/notes/fips-hashlib-bca9beacc2b48fe7.yaml | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/fips-hashlib-bca9beacc2b48fe7.yaml diff --git a/ironic/common/utils.py b/ironic/common/utils.py index 16453d74e7..b4ec7751f2 100644 --- a/ironic/common/utils.py +++ b/ironic/common/utils.py @@ -228,12 +228,12 @@ def _get_hash_object(hash_algo_name): return getattr(hashlib, hash_algo_name)() -def file_has_content(path, content, hash_algo='md5'): +def file_has_content(path, content, hash_algo='sha256'): """Checks that content of the file is the same as provided reference. :param path: path to file :param content: reference content to check against - :param hash_algo: hashing algo from hashlib to use, default is 'md5' + :param hash_algo: hashing algo from hashlib to use, default is 'sha256' :returns: True if the hash of reference content is the same as the hash of file's content, False otherwise """ diff --git a/releasenotes/notes/fips-hashlib-bca9beacc2b48fe7.yaml b/releasenotes/notes/fips-hashlib-bca9beacc2b48fe7.yaml new file mode 100644 index 0000000000..1c96a16009 --- /dev/null +++ b/releasenotes/notes/fips-hashlib-bca9beacc2b48fe7.yaml @@ -0,0 +1,4 @@ +fixes: + - | + Use SHA256 for comparing file contents instead of MD5. This improves FIPS + compatibility.