From d895863af12e15bebd9fa0640290d9a649ece82b Mon Sep 17 00:00:00 2001 From: Mark Hatle Date: Mon, 28 Feb 2022 19:30:53 -0600 Subject: bitbake: utils/ply: Change md5 usages to work on FIPS enabled hosts hashlib.md5() is not permitted on a FIPS enabled host system. This is due to md5 not being an approved hash algorithm. Instead use: hashlib.new('MD5', usedforsecurity=False) This is allowed, as it's clear the hash is used for a non-security purpose. Note: utils.py version should never be used to verify file integrity, but instead be used to identify if the file may have changed. sha256 should be used for integrity purposes. (Bitbake rev: af866dd077867cba0129757bfcc689551445e9d7) Signed-off-by: Mark Hatle Signed-off-by: Mark Hatle Signed-off-by: Richard Purdie --- bitbake/lib/bb/utils.py | 2 +- bitbake/lib/ply/yacc.py | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/bitbake/lib/bb/utils.py b/bitbake/lib/bb/utils.py index 2e8256101a..fcaeb99162 100644 --- a/bitbake/lib/bb/utils.py +++ b/bitbake/lib/bb/utils.py @@ -538,7 +538,7 @@ def md5_file(filename): Return the hex string representation of the MD5 checksum of filename. """ import hashlib - return _hasher(hashlib.md5(), filename) + return _hasher(hashlib.new('MD5', usedforsecurity=False), filename) def sha256_file(filename): """ diff --git a/bitbake/lib/ply/yacc.py b/bitbake/lib/ply/yacc.py index 46e7dc96f6..767c4e4674 100644 --- a/bitbake/lib/ply/yacc.py +++ b/bitbake/lib/ply/yacc.py @@ -2797,11 +2797,8 @@ class ParserReflect(object): # Compute a signature over the grammar def signature(self): try: - from hashlib import md5 - except ImportError: - from md5 import md5 - try: - sig = md5() + import hashlib + sig = hashlib.new('MD5', usedforsecurity=False) if self.start: sig.update(self.start.encode('latin-1')) if self.prec: -- cgit v1.2.3-54-g00ecf