FIPS Compliance #361
Comments
|
Need to somehow make this lazy, the issue is that |
|
how about moving to sha256? That should be a compliant alternative 🤔 |
|
Changing the default would be a breaking change. I suggest passing a hash method like the FileSystemCache and lazy loading the default. There's no guarantee that any internal function will be FIPS-compliant. Passing the hash function would allow using an external FIPS-compliant hashing function if necessary. |
|
I have a lazy loading fix for flask/itsdangerous, I'll ping here once I get that in there. |
|
I'll get the ball rolling, maybe something simple like: class FileSystemCache(BaseCache):
# ...
def __init__(
...
hash_method: _t.Any = None,
):
# ...
self._hash_method = hash_method
if hash_method is None:
try:
from hashlib import md5
except ImportError as err:
raise RuntimeError(
"could not import hashlib.md5 "
"alternative hashing methods may be used by passing 'hash_method' initialization parameter "
) from err
else:
self._hash_method = md5 |
|
I just did this in Flask, and will add it to itsdangerous as well: https://github.com/pallets/flask/pull/5460/files Basically write a wrapper that accesses def _lazy_md5(string: bytes = b"") -> t.Any:
return hashlib.md5(string)
hash_method=_lazy_md5 |
|
cool, will use this to set the default. Thanks all for the help! |
Leveraging this Library in a FIPS Enforced environment causes the application using this library to be halted. Although the use of md5 here is valid, it is caught by the FIPS Enforced environment.
cachelib/src/cachelib/file.py
Line 50 in 18bb52c
The text was updated successfully, but these errors were encountered: