From fd87af871937c6ef57b15e24cb69c35670b3a1f9 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 31 Jan 2024 16:56:35 +0900 Subject: [PATCH] Replace md5 with oslo version This follows what was already done in the other projects like [1]. In FIPS mode, md5 is allowed only in non-security contexts. This change disables the security context in the md5 call to determine the hash for workload partitioning, because this usage does not involve any security risks. [1] 8027d907109b6b3c96623f9793aff752cec8ed12 Change-Id: I7d622a6e7d324a765760819c024295b57990f95c --- aodh/coordination.py | 6 +++--- requirements.txt | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/aodh/coordination.py b/aodh/coordination.py index 4dc00f886..ab88d1ad8 100644 --- a/aodh/coordination.py +++ b/aodh/coordination.py @@ -13,12 +13,12 @@ # License for the specific language governing permissions and limitations # under the License. import bisect -import hashlib import struct from oslo_config import cfg from oslo_log import log from oslo_utils import encodeutils +from oslo_utils.secretutils import md5 from oslo_utils import uuidutils import tenacity import tooz.coordination @@ -78,8 +78,8 @@ class HashRing(object): @staticmethod def _hash(key): - return struct.unpack_from('>I', - hashlib.md5(str(key).encode()).digest())[0] + return struct.unpack_from( + '>I', md5(str(key).encode(), usedforsecurity=False).digest())[0] def _get_position_on_ring(self, key): hashed_key = self._hash(key) diff --git a/requirements.txt b/requirements.txt index 551d6a0af..cc0d11931 100644 --- a/requirements.txt +++ b/requirements.txt @@ -17,7 +17,7 @@ pbr>=2.0.0 # Apache-2.0 pecan>=0.8.0 oslo.messaging>=5.2.0 # Apache-2.0 oslo.middleware>=3.22.0 # Apache-2.0 -oslo.utils>=3.5.0 # Apache-2.0 +oslo.utils>=4.7.0 # Apache-2.0 python-keystoneclient>=1.6.0 pytz>=2013.6 requests>=2.5.2