summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArtom Lifshitz <alifshit@redhat.com>2019-05-09 14:34:35 -0400
committerArtom Lifshitz <alifshit@redhat.com>2019-05-09 15:32:33 -0400
commit2595bac2294ce05e389eaab6636977963d5fc66c (patch)
treebd50b919c5529860bbefaeddbabcd91a66fd4452
parentf7f5df9c1d7c6304f05fbabc42d57c071a51b5d5 (diff)
downloadpython-novaclient-2595bac2294ce05e389eaab6636977963d5fc66c.tar.gz
Use SHA256 instead of MD5 in completion cache
FIPS 140 are U.S. government computer security standards that specify requirements for cryptography modules. MD5 is not FIPS compliant [1]. Previously, MD5 was used as the hash algorithm for the bash completion cache. Hosts running in FIPS mode [2] block execution of the MD5 hash. This makes python-novaclient unusable on FIPS-enabled machines. This patch replaces MD5 with SHA256, which is FIPS compliant. [1] https://csrc.nist.gov/projects/hash-functions [2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations Change-Id: Ia8750bc27aa9a2cfafb6f4f49252f5bd81bc1a40
-rw-r--r--novaclient/base.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/novaclient/base.py b/novaclient/base.py
index 431ac7d6..821e19bd 100644
--- a/novaclient/base.py
+++ b/novaclient/base.py
@@ -307,8 +307,8 @@ class Manager(HookableMixin):
# endpoint pair
username = utils.env('OS_USERNAME', 'NOVA_USERNAME')
url = utils.env('OS_URL', 'NOVA_URL')
- uniqifier = hashlib.md5(username.encode('utf-8') +
- url.encode('utf-8')).hexdigest()
+ uniqifier = hashlib.sha256(username.encode('utf-8') +
+ url.encode('utf-8')).hexdigest()
cache_dir = os.path.expanduser(os.path.join(base_dir, uniqifier))