openstack
/
pycadf
Code Issues Proposed changes

Enabling FIPS mode by using sha256 instead of md5 

FIPS does not allow md5, some systems like RHEL needs to have FIPS
compliance, in order to execute some routines like when try to
use keystone-manage. As a general rule, we should avoid using md5
if we can and move over to SHA wherever possible.

Change-Id: Icaeb3305c788db2913fe99792ea6311d218b3410
Closes-Bug: #1767024
This commit is contained in:
Raildo Mascena 2018-11-01 11:03:55 -03:00
parent e74e074c5a
commit b5dfd8dfde
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pycadf/identifier.py
View File

@ -30,8 +30,8 @@ CONF.register_opts(opts, group='audit')
AUDIT_NS = None
if CONF.audit.namespace:
md5_hash = hashlib.md5(CONF.audit.namespace.encode('utf-8'))
AUDIT_NS = uuid.UUID(md5_hash.hexdigest())
sha256_hash = hashlib.sha256(CONF.audit.namespace.encode('utf-8'))
AUDIT_NS = uuid.UUID(sha256_hash.hexdigest()[0:32])
VALID_EXCEPTIONS = ['default', 'initiator', 'observer', 'target']