Replace md5 with oslo version

md5 is not an approved algorithm in FIPS mode, and trying to instantiate a hashlib.md5() will fail when the system is running in FIPS mode. md5 is allowed when in a non-security context. There is a plan to add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether or not the instance is being used in a security context. In the case where it is not, the instantiation of md5 will be allowed. See https://bugs.python.org/issue9216 for more details. Some downstream python versions already support this parameter. To support these versions, a new encapsulation of md5() has been added to oslo_utils. See https://review.opendev.org/#/c/750031/ This patch is to replace the instances of hashlib.md5() with this new encapsulation, adding an annotation indicating whether the usage is a security context or not. In this case, we use md5 in a single case, when creating an identifier for a mount point. Change-Id: I08226895818185337425ebffc2464db05f3969c9 Depends-On: https://review.opendev.org/#/c/760160
2020-09-30 16:09:21 -04:00 · 2020-09-30 16:09:21 -04:00 · 1425a834dd
parent ddcd4c9d16
commit 1425a834dd
3 changed files with 5 additions and 4 deletions
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -37,7 +37,7 @@ oslo.log==3.44.0
 oslo.privsep==1.32.0
 oslo.serialization==2.29.0
 oslo.service==1.24.0
-oslo.utils==3.34.0
+oslo.utils==4.7.0
 oslo.vmware==2.17.0
 oslotest==3.2.0
 Paste==2.0.2
--- a/os_brick/remotefs/remotefs.py
+++ b/os_brick/remotefs/remotefs.py
@ -15,13 +15,13 @@

 """Remote filesystem client utilities."""

-import hashlib
 import os
 import re
 import tempfile

 from oslo_concurrency import processutils
 from oslo_log import log as logging
+from oslo_utils.secretutils import md5
 import six

 from os_brick import exception
@ -70,7 +70,8 @@ class RemoteFsClient(executor.Executor):
        """Return a string that represents hash of base_str (hex format)."""
        if isinstance(base_str, six.text_type):
            base_str = base_str.encode('utf-8')
-        return hashlib.md5(base_str).hexdigest()
+        return md5(base_str,
+                   usedforsecurity=False).hexdigest()

    def get_mount_point(self, device_name):
        """Get Mount Point.
--- a/requirements.txt
+++ b/requirements.txt
@ -11,7 +11,7 @@ oslo.i18n>=3.24.0 # Apache-2.0
 oslo.privsep>=1.32.0 # Apache-2.0
 oslo.serialization>=2.29.0 # Apache-2.0
 oslo.service!=1.28.1,>=1.24.0 # Apache-2.0
-oslo.utils>=3.34.0 # Apache-2.0
+oslo.utils>=4.7.0 # Apache-2.0
 requests>=2.14.2 # Apache-2.0
 six>=1.10.0 # MIT
 tenacity>=6.0.0 # Apache-2.0