diff options
| author | Ade Lee <alee@redhat.com> | 2021-08-10 18:13:54 -0400 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-10-12 08:58:27 +0200 |
| commit | d10c7bfe56f025ccc690721c9f13e7029b777b9c (patch) | |
| tree | 0f3cab5666f8cd69c99f3b91822e2f28b8dcf609 /django/core | |
| parent | b1b26b37aff0c80d6abdf15c5ffdf0440a9a1d6a (diff) | |
| download | django-d10c7bfe56f025ccc690721c9f13e7029b777b9c.tar.gz | |
Fixed #28401 -- Allowed hashlib.md5() calls to work with FIPS kernels.
md5 is not an approved algorithm in FIPS mode, and trying to instantiate
a hashlib.md5() will fail when the system is running in FIPS mode.
md5 is allowed when in a non-security context. There is a plan to add a
keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether
or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added.
This encapsulation will pass through the usedforsecurity parameter in
the case where the parameter is supported, and strip it if it is not.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Diffstat (limited to 'django/core')
| -rw-r--r-- | django/core/cache/backends/filebased.py | 8 | ||||
| -rw-r--r-- | django/core/cache/utils.py | 4 |
2 files changed, 7 insertions, 5 deletions
diff --git a/django/core/cache/backends/filebased.py b/django/core/cache/backends/filebased.py index dcba36610e..fc99d11687 100644 --- a/django/core/cache/backends/filebased.py +++ b/django/core/cache/backends/filebased.py @@ -1,6 +1,5 @@ "File-based cache backend" import glob -import hashlib import os import pickle import random @@ -11,6 +10,7 @@ import zlib from django.core.cache.backends.base import DEFAULT_TIMEOUT, BaseCache from django.core.files import locks from django.core.files.move import file_move_safe +from django.utils.crypto import md5 class FileBasedCache(BaseCache): @@ -128,8 +128,10 @@ class FileBasedCache(BaseCache): root cache path joined with the md5sum of the key and a suffix. """ key = self.make_and_validate_key(key, version=version) - return os.path.join(self._dir, ''.join( - [hashlib.md5(key.encode()).hexdigest(), self.cache_suffix])) + return os.path.join(self._dir, ''.join([ + md5(key.encode(), usedforsecurity=False).hexdigest(), + self.cache_suffix, + ])) def clear(self): """ diff --git a/django/core/cache/utils.py b/django/core/cache/utils.py index 2aead84d60..d41960f6e4 100644 --- a/django/core/cache/utils.py +++ b/django/core/cache/utils.py @@ -1,10 +1,10 @@ -import hashlib +from django.utils.crypto import md5 TEMPLATE_FRAGMENT_KEY_TEMPLATE = 'template.cache.%s.%s' def make_template_fragment_key(fragment_name, vary_on=None): - hasher = hashlib.md5() + hasher = md5(usedforsecurity=False) if vary_on is not None: for arg in vary_on: hasher.update(str(arg).encode()) |