Actions
Task #3674
closed
Story #3637: As a user, I can run pulp in a FIPS-enabled environment
Pulp uses md5 which is not FIPS compatible
Start date:
Due date:
% Done:
0%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Sprint 38
Quarter:
Description
Probably need to just use the usedforsecurity flag.
https://github.com/pulp/pulp/search?utf8=%E2%9C%93&q=md5&type=
Updated by daviddavis over 6 years ago
For now, this seems to work as a temporary fix.
diff --git a/server/pulp/server/util.py b/server/pulp/server/util.py
index f19c66f..9dfe629 100644
--- a/server/pulp/server/util.py
+++ b/server/pulp/server/util.py
@@ -20,7 +20,7 @@ _logger = logging.getLogger(__name__)
CHECKSUM_CHUNK_SIZE = 8 * 1024 * 1024
# Constants to pass in as the checksum type in verify_checksum
-TYPE_MD5 = hashlib.md5().name
+TYPE_MD5 = hashlib.md5(usedforsecurity=False).name
TYPE_SHA = 'sha'
TYPE_SHA1 = hashlib.sha1().name
TYPE_SHA256 = hashlib.sha256().name
The usedforsecurity flag isn't available on non-RHEL/CentOS builds though so we'll need to figure out a more permanent solution.
Updated by daviddavis over 6 years ago
Here is spacewalk's solution:
Updated by daviddavis over 6 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to daviddavis
Updated by daviddavis over 6 years ago
- Status changed from ASSIGNED to POST
Updated by daviddavis over 6 years ago
- Status changed from MODIFIED to CLOSED - COMPLETE
Actions
.