openstack/nova
Code Issues Proposed changes
nova/requirements.txt
Ade Lee c82ce37635 Replace md5 with oslo version 
md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.

md5 is allowed when in a non-security context.  There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.

In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.

Some downstream python versions already support this parameter.  To
support these versions, a new encapsulation of md5() has been added to
oslo_utils.  See https://review.opendev.org/#/c/750031/

This patch is to replace the instances of hashlib.md5() with this new
encapsulation, adding an annotation indicating whether the usage is
a security context or not.

The instances being replaced here appear to be used to provide
representations for paths.  There is in fact already a sha256 version
of get_hash_str that is supposed to be used in security sensitive
usages.

With this change (and the related dependent changes), the unit and
functional tests pass when run on a FIPS enabled system.

Change-Id: If0ec11e7b7fcde4dacc57265c4dd77b0f536bfab
Depends-On: https://review.opendev.org/#/c/756432
Depends-On: https://review.opendev.org/#/c/756153
Depends-On: https://review.opendev.org/#/c/760160
2020-10-29 15:58:23 -04:00

75 lines
2.5 KiB
Plaintext
Raw Blame History

# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
pbr!=2.1.0,>=2.0.0 # Apache-2.0
SQLAlchemy>=1.2.19 # MIT
decorator>=4.1.0 # BSD
eventlet>=0.22.0 # MIT
Jinja2>=2.10 # BSD License (3 clause)
keystonemiddleware>=4.20.0 # Apache-2.0
lxml>=4.5.0 # BSD
Routes>=2.3.1 # MIT
cryptography>=2.7 # BSD/Apache-2.0
WebOb>=1.8.2 # MIT
# NOTE(mriedem): greenlet 0.4.14 does not work with older versions of gcc on
# ppc64le systems, see https://github.com/python-greenlet/greenlet/issues/136.
greenlet>=0.4.15 # MIT
PasteDeploy>=1.5.0 # MIT
Paste>=2.0.2 # MIT
PrettyTable<0.8,>=0.7.1 # BSD
sqlalchemy-migrate>=0.13.0 # Apache-2.0
netaddr>=0.7.18 # BSD
netifaces>=0.10.4 # MIT
paramiko>=2.7.1 # LGPLv2.1+
iso8601>=0.1.11 # MIT
jsonschema>=3.2.0 # MIT
python-cinderclient!=4.0.0,>=3.3.0 # Apache-2.0
keystoneauth1>=3.16.0 # Apache-2.0
python-neutronclient>=6.7.0 # Apache-2.0
python-glanceclient>=2.8.0 # Apache-2.0
requests>=2.23.0 # Apache-2.0
six>=1.11.0 # MIT
stevedore>=1.20.0 # Apache-2.0
websockify>=0.9.0 # LGPLv3
oslo.cache>=1.26.0 # Apache-2.0
oslo.concurrency>=3.29.0 # Apache-2.0
oslo.config>=6.8.0 # Apache-2.0
oslo.context>=2.22.0 # Apache-2.0
oslo.log>=3.36.0 # Apache-2.0
oslo.reports>=1.18.0 # Apache-2.0
oslo.serialization!=2.19.1,>=2.21.1 # Apache-2.0
oslo.upgradecheck>=0.1.1
oslo.utils>=4.7.0 # Apache-2.0
oslo.db>=4.44.0 # Apache-2.0
oslo.rootwrap>=5.8.0 # Apache-2.0
oslo.messaging>=10.3.0 # Apache-2.0
oslo.policy>=3.4.0 # Apache-2.0
oslo.privsep>=1.33.2 # Apache-2.0
oslo.i18n>=3.15.3 # Apache-2.0
oslo.service>=1.40.1 # Apache-2.0
rfc3986>=1.2.0 # Apache-2.0
oslo.middleware>=3.31.0 # Apache-2.0
psutil>=3.2.2 # BSD
oslo.versionedobjects>=1.35.0 # Apache-2.0
os-brick>=3.1.0 # Apache-2.0
os-resource-classes>=0.4.0 # Apache-2.0
os-traits>=2.4.0 # Apache-2.0
os-vif>=1.14.0 # Apache-2.0
os-win>=4.2.0 # Apache-2.0
castellan>=0.16.0 # Apache-2.0
microversion-parse>=0.2.1 # Apache-2.0
os-xenapi>=0.3.4 # Apache-2.0
tooz>=1.58.0 # Apache-2.0
cursive>=0.2.1 # Apache-2.0
pypowervm>=1.1.15 # Apache-2.0
retrying>=1.3.3,!=1.3.0 # Apache-2.0
os-service-types>=1.7.0 # Apache-2.0
taskflow>=3.8.0 # Apache-2.0
python-dateutil>=2.5.3 # BSD
zVMCloudConnector>=1.3.0;sys_platform!='win32' # Apache 2.0 License
futurist>=1.8.0 # Apache-2.0
openstacksdk>=0.35.0 # Apache-2.0
dataclasses>=0.7;python_version=='3.6' # Apache 2.0 License
PyYAML>=3.13 # MIT
View Git Blame Copy Permalink