Replace md5 for fips
md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.
md5 is allowed when in a non-security context. There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added to
oslo_utils. See https://review.opendev.org/#/c/750031/
In this case, md5 is used to calculate the hash of a database record
to ensure record uniqueness.
Change-Id: Ic2571caa71dc99c417ea0933d5d4947287cbe312
(cherry picked from commit 7ea5643290
)
This commit is contained in:
parent
914b55a631
commit
e1ee648fc0
|
@ -14,9 +14,9 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
import time
|
||||
import hashlib
|
||||
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils.secretutils import md5
|
||||
from sqlalchemy import select, distinct, func
|
||||
from sqlalchemy.sql.expression import or_
|
||||
|
||||
|
@ -799,11 +799,11 @@ class SQLAlchemyStorage(sqlalchemy_base.SQLAlchemy, storage_base.Storage):
|
|||
"""
|
||||
Calculates the hash of the record, used to ensure record uniqueness.
|
||||
"""
|
||||
md5 = hashlib.md5()
|
||||
md5.update(("%s:%s" % (record.recordset_id,
|
||||
record.data)).encode('utf-8'))
|
||||
md5sum = md5(usedforsecurity=False)
|
||||
md5sum.update(("%s:%s" % (record.recordset_id,
|
||||
record.data)).encode('utf-8'))
|
||||
|
||||
return md5.hexdigest()
|
||||
return md5sum.hexdigest()
|
||||
|
||||
def create_record(self, context, zone_id, recordset_id, record):
|
||||
# Fetch the zone as we need the tenant_id
|
||||
|
|
|
@ -83,7 +83,7 @@ oslo.rootwrap==5.8.0
|
|||
oslo.serialization==2.25.0
|
||||
oslo.service==1.31.0
|
||||
oslo.upgradecheck==1.3.0
|
||||
oslo.utils==4.5.0
|
||||
oslo.utils==4.7.0
|
||||
oslo.versionedobjects==1.31.2
|
||||
oslotest==3.2.0
|
||||
packaging==20.4
|
||||
|
|
|
@ -20,7 +20,7 @@ oslo.rootwrap>=5.8.0 # Apache-2.0
|
|||
oslo.serialization>=2.25.0 # Apache-2.0
|
||||
oslo.service>=1.31.0 # Apache-2.0
|
||||
oslo.upgradecheck>=1.3.0
|
||||
oslo.utils>=4.5.0 # Apache-2.0
|
||||
oslo.utils>=4.7.0 # Apache-2.0
|
||||
oslo.versionedobjects>=1.31.2 # Apache-2.0
|
||||
Paste>=2.0.2 # MIT
|
||||
PasteDeploy>=1.5.0 # MIT
|
||||
|
|
Loading…
Reference in New Issue