Replace md5 with oslo version

md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.

md5 is allowed when in a non-security context.  There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.

In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.

Some downstream python versions already support this parameter.  To
support these versions, a new encapsulation of md5() has been added to
oslo_utils.  See https://review.opendev.org/#/c/750031/

This patch is to replace the instances of hashlib.md5() with this new
encapsulation, adding an annotation indicating whether the usage is
a security context or not.

The instances being replaced here appear to be used to provide
representations for paths.  There is in fact already a sha256 version
of get_hash_str that is supposed to be used in security sensitive
usages.

With this change (and the related dependent changes), the unit and
functional tests pass when run on a FIPS enabled system.

Change-Id: If0ec11e7b7fcde4dacc57265c4dd77b0f536bfab
Depends-On: https://review.opendev.org/#/c/756432
Depends-On: https://review.opendev.org/#/c/756153
Depends-On: https://review.opendev.org/#/c/760160

1 files changed, 1 insertions, 1 deletions

diff --git a/requirements.txt b/requirements.txt
index e62366561e..ccf10aa7b9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -40,7 +40,7 @@ oslo.log>=3.36.0 # Apache-2.0
 oslo.reports>=1.18.0 # Apache-2.0
 oslo.serialization!=2.19.1,>=2.21.1 # Apache-2.0
 oslo.upgradecheck>=0.1.1
-oslo.utils>=4.5.0 # Apache-2.0
+oslo.utils>=4.7.0 # Apache-2.0
 oslo.db>=4.44.0 # Apache-2.0
 oslo.rootwrap>=5.8.0 # Apache-2.0
 oslo.messaging>=10.3.0 # Apache-2.0