rpms
/
libstoragemgmt
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'i9c'
${ noResults }
libstoragemgmt/SOURCES/0001-Correction-for-fips-er...

64 lines
2.2 KiB
Raw Permalink Blame History

From bbb13a7970c4d82d2e7bace5e96056ef469eb7b3 Mon Sep 17 00:00:00 2001
From: Tony Asleson <tasleson@redhat.com>
Date: Fri, 14 Apr 2023 10:43:27 -0500
Subject: [PATCH] Correction for fips error
When running on a fips enabled system we encounter the following
error:
PLUGIN_BUG(2): [digital envelope routines] unsupported Data: Traceback (most recent call last):
...
File "/usr/lib64/python3.9/site-packages/lsm/_common.py", line 348, in md5
h = hashlib.md5()
ValueError: [digital envelope routines] unsupported
Utilize the usedforsecurity=False parameter to md5 to indicate that our
use is not for security related purposes.
Signed-off-by: Tony Asleson <tasleson@redhat.com>
---
plugin/nfs_plugin/nfs.py | 8 +++++++-
python_binding/lsm/_common.py | 7 ++++++-
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/plugin/nfs_plugin/nfs.py b/plugin/nfs_plugin/nfs.py
index 8a87652..11ce3c2 100644
--- a/plugin/nfs_plugin/nfs.py
+++ b/plugin/nfs_plugin/nfs.py
@@ -55,7 +55,13 @@ def _export_id(path, auth_type, anon_uid, anon_gid, options):
if auth_type is None:
auth_type = 'sec'
- hsh = hashlib.md5()
+ try:
+ # The use of md5 is not used for security, indicate
+ # this to hashlib so that we can run when fips is enabled
+ hsh = hashlib.md5(usedforsecurity=False)
+ except Exception:
+ hsh = hashlib.md5()
+
hsh.update(path.encode('utf-8'))
hsh.update(auth_type.encode('utf-8'))
if anon_uid is not None and anon_uid != NfsExport.ANON_UID_GID_NA:
diff --git a/python_binding/lsm/_common.py b/python_binding/lsm/_common.py
index 1220381..163f726 100644
--- a/python_binding/lsm/_common.py
+++ b/python_binding/lsm/_common.py
@@ -345,7 +345,12 @@ def uri_parameters(uri):
# @param t Item to generate signature on.
# @returns md5 hex digest.
def md5(t):
- h = hashlib.md5()
+ try:
+ # The use of md5 is not used for security, indicate
+ # this to hashlib so that we can run when fips is enabled
+ h = hashlib.md5(usedforsecurity=False)
+ except Exception:
+ h = hashlib.md5()
h.update(t.encode("utf-8"))
return h.hexdigest()
--
2.39.2
Reference in new issue View Git Blame Copy Permalink