diff options
author | Artom Lifshitz <alifshit@redhat.com> | 2019-05-09 14:34:35 -0400 |
---|---|---|
committer | Artom Lifshitz <alifshit@redhat.com> | 2019-05-09 15:32:33 -0400 |
commit | 2595bac2294ce05e389eaab6636977963d5fc66c (patch) | |
tree | bd50b919c5529860bbefaeddbabcd91a66fd4452 | |
parent | f7f5df9c1d7c6304f05fbabc42d57c071a51b5d5 (diff) | |
download | python-novaclient-2595bac2294ce05e389eaab6636977963d5fc66c.tar.gz |
Use SHA256 instead of MD5 in completion cache
FIPS 140 are U.S. government computer security standards that specify
requirements for cryptography modules. MD5 is not FIPS compliant [1].
Previously, MD5 was used as the hash algorithm for the bash completion
cache. Hosts running in FIPS mode [2] block execution of the MD5 hash.
This makes python-novaclient unusable on FIPS-enabled machines. This
patch replaces MD5 with SHA256, which is FIPS compliant.
[1] https://csrc.nist.gov/projects/hash-functions
[2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations
Change-Id: Ia8750bc27aa9a2cfafb6f4f49252f5bd81bc1a40
-rw-r--r-- | novaclient/base.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/novaclient/base.py b/novaclient/base.py index 431ac7d6..821e19bd 100644 --- a/novaclient/base.py +++ b/novaclient/base.py @@ -307,8 +307,8 @@ class Manager(HookableMixin): # endpoint pair username = utils.env('OS_USERNAME', 'NOVA_USERNAME') url = utils.env('OS_URL', 'NOVA_URL') - uniqifier = hashlib.md5(username.encode('utf-8') + - url.encode('utf-8')).hexdigest() + uniqifier = hashlib.sha256(username.encode('utf-8') + + url.encode('utf-8')).hexdigest() cache_dir = os.path.expanduser(os.path.join(base_dir, uniqifier)) |