diff options
| author | Artom Lifshitz <alifshit@redhat.com> | 2019-05-09 14:34:35 -0400 |
|---|---|---|
| committer | Artom Lifshitz <alifshit@redhat.com> | 2019-06-27 13:27:56 +0300 |
| commit | 92002c8046ea5f575bb8a7ed6f4e6a8a29fad22d (patch) | |
| tree | 924118aabd7bf123a77ac37d5a205d7f2b0780ca | |
| parent | 94cde08c0e02da0c8d13fc6534cd5cebdfcd3c5f (diff) | |
| download | python-novaclient-92002c8046ea5f575bb8a7ed6f4e6a8a29fad22d.tar.gz | |
Use SHA256 instead of MD5 in completion cache
FIPS 140 are U.S. government computer security standards that specify
requirements for cryptography modules. MD5 is not FIPS compliant [1].
Previously, MD5 was used as the hash algorithm for the bash completion
cache. Hosts running in FIPS mode [2] block execution of the MD5 hash.
This makes python-novaclient unusable on FIPS-enabled machines. This
patch replaces MD5 with SHA256, which is FIPS compliant.
[1] https://csrc.nist.gov/projects/hash-functions
[2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations
Change-Id: Ia8750bc27aa9a2cfafb6f4f49252f5bd81bc1a40
(cherry picked from commit 2595bac2294ce05e389eaab6636977963d5fc66c)
(cherry picked from commit e15cc789d9428cd03c2c5fbd6f5023522f2290cc)
| -rw-r--r-- | novaclient/base.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/novaclient/base.py b/novaclient/base.py index 3bf61856..afb500c8 100644 --- a/novaclient/base.py +++ b/novaclient/base.py @@ -310,8 +310,8 @@ class Manager(HookableMixin): # endpoint pair username = utils.env('OS_USERNAME', 'NOVA_USERNAME') url = utils.env('OS_URL', 'NOVA_URL') - uniqifier = hashlib.md5(username.encode('utf-8') + - url.encode('utf-8')).hexdigest() + uniqifier = hashlib.sha256(username.encode('utf-8') + + url.encode('utf-8')).hexdigest() cache_dir = os.path.expanduser(os.path.join(base_dir, uniqifier)) |