Skip to content
This repository has been archived by the owner on Dec 7, 2022. It is now read-only.

Commit

Permalink
FIPS: Setting the usedforsecurity flag to False if available
Browse files Browse the repository at this point in the history 
In some builds of Python, a usedforsecurity flag is available to declare
that md5 is not being used for security purposes. Set this flag if it's
available. This is required for FIPS environments.
  • Loading branch information
@daviddavis
David Davis authored and daviddavis committed May 24, 2018
1 parent 44e2993 commit e00e959
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 3 deletions.
14 changes: 12 additions & 2 deletions server/pulp/server/util.py
View file
Expand Up @@ -4,6 +4,7 @@
from contextlib import contextmanager
from gettext import gettext as _
import hashlib
import inspect
import logging
import os
from shutil import copy, Error
Expand All @@ -16,19 +17,28 @@
_logger = logging.getLogger(__name__)


# support md5 for fips
def md5(*args, **kwargs):
if 'usedforsecurity' in inspect.getargspec(hashlib.new)[0]:
kwargs['usedforsecurity'] = False
return hashlib.md5(*args, **kwargs)
else:
return hashlib.md5(*args, **kwargs)


# Number of bytes to read into RAM at a time when validating the checksum
CHECKSUM_CHUNK_SIZE = 8 * 1024 * 1024

# Constants to pass in as the checksum type in verify_checksum
TYPE_MD5 = hashlib.md5().name
TYPE_MD5 = md5().name
TYPE_SHA = 'sha'
TYPE_SHA1 = hashlib.sha1().name
TYPE_SHA256 = hashlib.sha256().name

HASHLIB_ALGORITHMS = (TYPE_MD5, TYPE_SHA, TYPE_SHA1, TYPE_SHA256)

CHECKSUM_FUNCTIONS = {
TYPE_MD5: hashlib.md5,
TYPE_MD5: md5,
TYPE_SHA: hashlib.sha1,
TYPE_SHA1: hashlib.sha1,
TYPE_SHA256: hashlib.sha256,
Expand Down
2 changes: 1 addition & 1 deletion server/test/unit/server/test_util.py
View file
Expand Up @@ -260,7 +260,7 @@ def test_invalid_type_raises_coded_exception(self):
class TestGlobal(unittest.TestCase):
def test_checksum_algorithm_mappings(self):
self.assertEqual(4, len(util.CHECKSUM_FUNCTIONS))
self.assertEqual(util.CHECKSUM_FUNCTIONS[util.TYPE_MD5], hashlib.md5)
self.assertEqual(util.CHECKSUM_FUNCTIONS[util.TYPE_MD5]().name, 'md5')
self.assertEqual(util.CHECKSUM_FUNCTIONS[util.TYPE_SHA1], hashlib.sha1)
self.assertEqual(util.CHECKSUM_FUNCTIONS[util.TYPE_SHA], hashlib.sha1)
self.assertEqual(util.CHECKSUM_FUNCTIONS[util.TYPE_SHA256], hashlib.sha256)
Expand Down

0 comments on commit e00e959

Please sign in to comment.