diff options
| author | Ade Lee <alee@redhat.com> | 2021-08-10 18:13:54 -0400 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-10-12 08:58:27 +0200 |
| commit | d10c7bfe56f025ccc690721c9f13e7029b777b9c (patch) | |
| tree | 0f3cab5666f8cd69c99f3b91822e2f28b8dcf609 /django/contrib/auth/hashers.py | |
| parent | b1b26b37aff0c80d6abdf15c5ffdf0440a9a1d6a (diff) | |
| download | django-d10c7bfe56f025ccc690721c9f13e7029b777b9c.tar.gz | |
Fixed #28401 -- Allowed hashlib.md5() calls to work with FIPS kernels.
md5 is not an approved algorithm in FIPS mode, and trying to instantiate
a hashlib.md5() will fail when the system is running in FIPS mode.
md5 is allowed when in a non-security context. There is a plan to add a
keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether
or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added.
This encapsulation will pass through the usedforsecurity parameter in
the case where the parameter is supported, and strip it if it is not.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Diffstat (limited to 'django/contrib/auth/hashers.py')
| -rw-r--r-- | django/contrib/auth/hashers.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index be42cae3c0..7c865c26ef 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -11,7 +11,7 @@ from django.core.exceptions import ImproperlyConfigured from django.core.signals import setting_changed from django.dispatch import receiver from django.utils.crypto import ( - RANDOM_STRING_CHARS, constant_time_compare, get_random_string, pbkdf2, + RANDOM_STRING_CHARS, constant_time_compare, get_random_string, md5, pbkdf2, ) from django.utils.module_loading import import_string from django.utils.translation import gettext_noop as _ @@ -641,7 +641,7 @@ class MD5PasswordHasher(BasePasswordHasher): def encode(self, password, salt): self._check_encode_args(password, salt) - hash = hashlib.md5((salt + password).encode()).hexdigest() + hash = md5((salt + password).encode()).hexdigest() return "%s$%s$%s" % (self.algorithm, salt, hash) def decode(self, encoded): @@ -736,7 +736,7 @@ class UnsaltedMD5PasswordHasher(BasePasswordHasher): def encode(self, password, salt): if salt != '': raise ValueError('salt must be empty.') - return hashlib.md5(password.encode()).hexdigest() + return md5(password.encode()).hexdigest() def decode(self, encoded): return { |