c82ce37635
md5 is not an approved algorithm in FIPS mode, and trying to instantiate a hashlib.md5() will fail when the system is running in FIPS mode. md5 is allowed when in a non-security context. There is a plan to add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether or not the instance is being used in a security context. In the case where it is not, the instantiation of md5 will be allowed. See https://bugs.python.org/issue9216 for more details. Some downstream python versions already support this parameter. To support these versions, a new encapsulation of md5() has been added to oslo_utils. See https://review.opendev.org/#/c/750031/ This patch is to replace the instances of hashlib.md5() with this new encapsulation, adding an annotation indicating whether the usage is a security context or not. The instances being replaced here appear to be used to provide representations for paths. There is in fact already a sha256 version of get_hash_str that is supposed to be used in security sensitive usages. With this change (and the related dependent changes), the unit and functional tests pass when run on a FIPS enabled system. Change-Id: If0ec11e7b7fcde4dacc57265c4dd77b0f536bfab Depends-On: https://review.opendev.org/#/c/756432 Depends-On: https://review.opendev.org/#/c/756153 Depends-On: https://review.opendev.org/#/c/760160 |
||
---|---|---|
.. | ||
__init__.py | ||
fs.py | ||
idmapshift.py | ||
libvirt.py | ||
linux_net.py | ||
path.py | ||
qemu.py | ||
utils.py |