diff mbox series

[1/1] insane.bbclass: Update insane.bbclass to work on FIPS enabled hosts

Message ID 20220301013726.1381053-2-mark.hatle@kernel.crashing.org
State Accepted, archived
Commit 7f7eb82ce47ede6ec6f50cbcb56cbfbe10e8d20c
Headers show
Series FIPS host support | expand

Commit Message

Mark Hatle March 1, 2022, 1:37 a.m. UTC 
hashlib.md5() is not permitted on a FIPS enabled host system.  This is due
to md5 not being an approved hash algorithm.

Instead use:
 hashlib.new('MD5', usedforsecurity=False)

This is allowed, as it's clear the hash is used for a non-security purpose.

Using an md5 to identify when a license has changed is permitted, as we're
not using it for file integrity.

Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
---
 meta/classes/insane.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index 890e865a8f..29b9b3d466 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -549,7 +549,7 @@  python populate_lic_qa_checksum() {
                 import hashlib
                 lineno = 0
                 license = []
-                m = hashlib.md5()
+                m = hashlib.new('MD5', usedforsecurity=False)
                 for line in f:
                     lineno += 1
                     if (lineno >= beginline):