8027d90710
md5 is not an approved algorithm in FIPS mode, and trying to instantiate a hashlib.md5() will fail when the system is running in FIPS mode. md5 is allowed when in a non-security context. There is a plan to add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether or not the instance is being used in a security context. In the case where it is not, the instantiation of md5 will be allowed. See https://bugs.python.org/issue9216 for more details. Some downstream python versions already support this parameter. To support these versions, a new encapsulation of md5() has been added to oslo_utils. See https://review.opendev.org/#/c/750031/ This patch is to replace the instances of hashlib.md5() with this new encapsulation, adding an annotation indicating whether the usage is a security context or not. Reviewers need to pay particular attention as to whether the keyword parameter (usedforsecurity) is set correctly. It looks like the usage of md5() here is solely to determine a checksum of an image. With this patch and the dependent patch for glance_store, all the unit and functional tests pass on a FIPS enabled system. Depends-On: https://review.opendev.org/#/c/756157 Depends-On: https://review.opendev.org/#/c/760160 Change-Id: I3b6d78d9792d4655bf0f4989cf82aced3f27491b |
||
|---|---|---|
| .. | ||
| drivers | ||
| __init__.py | ||
| base.py | ||
| cleaner.py | ||
| client.py | ||
| prefetcher.py | ||
| pruner.py | ||