diff mbox series

Change md5 usages to work on FIPS enabled hosts

Message ID 20220301013053.1378917-1-mark.hatle@kernel.crashing.org
State New
Headers show
Series Change md5 usages to work on FIPS enabled hosts | expand

Commit Message

Mark Hatle March 1, 2022, 1:30 a.m. UTC 
hashlib.md5() is not permitted on a FIPS enabled host system.  This is due
to md5 not being an approved hash algorithm.

Instead use:
 hashlib.new('MD5', usedforsecurity=False)

This is allowed, as it's clear the hash is used for a non-security purpose.

Note: utils.py version should never be used to verify file integrity, but
instead be used to identify if the file may have changed.  sha256 should be
used for integrity purposes.

Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
---
 lib/bb/utils.py | 2 +-
 lib/ply/yacc.py | 7 ++-----
 2 files changed, 3 insertions(+), 6 deletions(-)
diff mbox series

Patch

diff --git a/lib/bb/utils.py b/lib/bb/utils.py
index 2e825610..fcaeb991 100644
--- a/lib/bb/utils.py
+++ b/lib/bb/utils.py
@@ -538,7 +538,7 @@  def md5_file(filename):
     Return the hex string representation of the MD5 checksum of filename.
     """
     import hashlib
-    return _hasher(hashlib.md5(), filename)
+    return _hasher(hashlib.new('MD5', usedforsecurity=False), filename)
 
 def sha256_file(filename):
     """
diff --git a/lib/ply/yacc.py b/lib/ply/yacc.py
index 46e7dc96..767c4e46 100644
--- a/lib/ply/yacc.py
+++ b/lib/ply/yacc.py
@@ -2797,11 +2797,8 @@  class ParserReflect(object):
     # Compute a signature over the grammar
     def signature(self):
         try:
-            from hashlib import md5
-        except ImportError:
-            from md5 import md5
-        try:
-            sig = md5()
+            import hashlib
+            sig = hashlib.new('MD5', usedforsecurity=False)
             if self.start:
                 sig.update(self.start.encode('latin-1'))
             if self.prec: