From b5dfd8dfde46dfce203d517b7b4c28e9d81823cd Mon Sep 17 00:00:00 2001
From: Raildo Mascena <rmascena@redhat.com>
Date: Thu, 1 Nov 2018 11:03:55 -0300
Subject: Enabling FIPS mode by using sha256 instead of md5

FIPS does not allow md5, some systems like RHEL needs to have FIPS
compliance, in order to execute some routines like when try to
use keystone-manage. As a general rule, we should avoid using md5
if we can and move over to SHA wherever possible.

Change-Id: Icaeb3305c788db2913fe99792ea6311d218b3410
Closes-Bug: #1767024
---
 pycadf/identifier.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pycadf/identifier.py b/pycadf/identifier.py
index c3ed918..fe4410b 100644
--- a/pycadf/identifier.py
+++ b/pycadf/identifier.py
@@ -30,8 +30,8 @@ CONF.register_opts(opts, group='audit')
 
 AUDIT_NS = None
 if CONF.audit.namespace:
-    md5_hash = hashlib.md5(CONF.audit.namespace.encode('utf-8'))
-    AUDIT_NS = uuid.UUID(md5_hash.hexdigest())
+    sha256_hash = hashlib.sha256(CONF.audit.namespace.encode('utf-8'))
+    AUDIT_NS = uuid.UUID(sha256_hash.hexdigest()[0:32])
 
 VALID_EXCEPTIONS = ['default', 'initiator', 'observer', 'target']
 
-- 
cgit v1.2.1