Replace md5 with oslo version
md5 is not an approved algorithm in FIPS mode, and trying to instantiate a hashlib.md5() will fail when the system is running in FIPS mode. md5 is allowed when in a non-security context. There is a plan to add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether or not the instance is being used in a security context. In the case where it is not, the instantiation of md5 will be allowed. See https://bugs.python.org/issue9216 for more details. Some downstream python versions already support this parameter. To support these versions, a new encapsulation of md5() has been added to oslo_utils. See https://review.opendev.org/#/c/750031/ This patch is to replace the instances of hashlib.md5() with this new encapsulation, adding an annotation indicating whether the usage is a security context or not. In this case, we use md5 in a single case, when creating an identifier for a mount point. Change-Id: I08226895818185337425ebffc2464db05f3969c9 Depends-On: https://review.opendev.org/#/c/760160
This commit is contained in:
parent
ddcd4c9d16
commit
1425a834dd
|
@ -37,7 +37,7 @@ oslo.log==3.44.0
|
|||
oslo.privsep==1.32.0
|
||||
oslo.serialization==2.29.0
|
||||
oslo.service==1.24.0
|
||||
oslo.utils==3.34.0
|
||||
oslo.utils==4.7.0
|
||||
oslo.vmware==2.17.0
|
||||
oslotest==3.2.0
|
||||
Paste==2.0.2
|
||||
|
|
|
@ -15,13 +15,13 @@
|
|||
|
||||
"""Remote filesystem client utilities."""
|
||||
|
||||
import hashlib
|
||||
import os
|
||||
import re
|
||||
import tempfile
|
||||
|
||||
from oslo_concurrency import processutils
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils.secretutils import md5
|
||||
import six
|
||||
|
||||
from os_brick import exception
|
||||
|
@ -70,7 +70,8 @@ class RemoteFsClient(executor.Executor):
|
|||
"""Return a string that represents hash of base_str (hex format)."""
|
||||
if isinstance(base_str, six.text_type):
|
||||
base_str = base_str.encode('utf-8')
|
||||
return hashlib.md5(base_str).hexdigest()
|
||||
return md5(base_str,
|
||||
usedforsecurity=False).hexdigest()
|
||||
|
||||
def get_mount_point(self, device_name):
|
||||
"""Get Mount Point.
|
||||
|
|
|
@ -11,7 +11,7 @@ oslo.i18n>=3.24.0 # Apache-2.0
|
|||
oslo.privsep>=1.32.0 # Apache-2.0
|
||||
oslo.serialization>=2.29.0 # Apache-2.0
|
||||
oslo.service!=1.28.1,>=1.24.0 # Apache-2.0
|
||||
oslo.utils>=3.34.0 # Apache-2.0
|
||||
oslo.utils>=4.7.0 # Apache-2.0
|
||||
requests>=2.14.2 # Apache-2.0
|
||||
six>=1.10.0 # MIT
|
||||
tenacity>=6.0.0 # Apache-2.0
|
||||
|
|
Loading…
Reference in New Issue