From 7f4779089538b1687c312024fdae8cf767a012ae Mon Sep 17 00:00:00 2001 From: afariasa Date: Wed, 9 Mar 2022 09:46:57 +0000 Subject: [PATCH] tempurl: Deprecate sha1 signatures We've known this would eventually be necessary for a while [1], and way back in 2017 we started seeing SHA-1 collisions [2]. There's already a patch for Swfit from 2017[3], and this patch will update tempest side. [1] https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html [2] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html [3] https://review.opendev.org/c/openstack/swift/+/525771 Change-Id: I0e9073955604ada493ec64264c6a5932627e1138 --- tempest/api/object_storage/test_object_temp_url.py | 2 +- tempest/api/object_storage/test_object_temp_url_negative.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tempest/api/object_storage/test_object_temp_url.py b/tempest/api/object_storage/test_object_temp_url.py index e75e22a940..4ca7412bd2 100644 --- a/tempest/api/object_storage/test_object_temp_url.py +++ b/tempest/api/object_storage/test_object_temp_url.py @@ -78,7 +78,7 @@ class ObjectTempUrlTest(base.BaseObjectTest): hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new( - key.encode(), hmac_body.encode(), hashlib.sha1 + key.encode(), hmac_body.encode(), hashlib.sha256 ).hexdigest() url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container, diff --git a/tempest/api/object_storage/test_object_temp_url_negative.py b/tempest/api/object_storage/test_object_temp_url_negative.py index 4ad8428bad..e5f4cf23d0 100644 --- a/tempest/api/object_storage/test_object_temp_url_negative.py +++ b/tempest/api/object_storage/test_object_temp_url_negative.py @@ -83,7 +83,7 @@ class ObjectTempUrlNegativeTest(base.BaseObjectTest): hmac_body = '%s\n%s\n%s' % (method, expires, path) sig = hmac.new( - key.encode(), hmac_body.encode(), hashlib.sha1 + key.encode(), hmac_body.encode(), hashlib.sha256 ).hexdigest() url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,