bitbake: utils/ply: Change md5 usages to work on FIPS enabled hosts

hashlib.md5() is not permitted on a FIPS enabled host system.  This is due
to md5 not being an approved hash algorithm.

Instead use:
 hashlib.new('MD5', usedforsecurity=False)

This is allowed, as it's clear the hash is used for a non-security purpose.

Note: utils.py version should never be used to verify file integrity, but
instead be used to identify if the file may have changed.  sha256 should be
used for integrity purposes.

(Bitbake rev: af866dd077867cba0129757bfcc689551445e9d7)

Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2 files changed, 3 insertions, 6 deletions

diff --git a/bitbake/lib/bb/utils.py b/bitbake/lib/bb/utils.py
index 2e8256101a..fcaeb99162 100644
--- a/bitbake/lib/bb/utils.py
+++ b/bitbake/lib/bb/utils.py
@@ -538,7 +538,7 @@ def md5_file(filename):
     Return the hex string representation of the MD5 checksum of filename.
     """
     import hashlib
-    return _hasher(hashlib.md5(), filename)
+    return _hasher(hashlib.new('MD5', usedforsecurity=False), filename)
 
 def sha256_file(filename):
     """
diff --git a/bitbake/lib/ply/yacc.py b/bitbake/lib/ply/yacc.py
index 46e7dc96f6..767c4e4674 100644
--- a/bitbake/lib/ply/yacc.py
+++ b/bitbake/lib/ply/yacc.py
@@ -2797,11 +2797,8 @@ class ParserReflect(object):
     # Compute a signature over the grammar
     def signature(self):
         try:
-            from hashlib import md5
-        except ImportError:
-            from md5 import md5
-        try:
-            sig = md5()
+            import hashlib
+            sig = hashlib.new('MD5', usedforsecurity=False)
             if self.start:
                 sig.update(self.start.encode('latin-1'))
             if self.prec: