From: Kotresh HR Date: Wed, 27 Jul 2022 11:09:08 +0000 (+0530) Subject: mgr/volumes: Fix subvolume creation in FIPS enabled system. X-Git-Tag: v18.0.0~378^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ced3fac48d3da2320827c6c86ece3b87953badc7;p=ceph.git mgr/volumes: Fix subvolume creation in FIPS enabled system. The md5 checksum is used in the construction of legacy subvolume config filename. It's not used for security reason. Hence marking the 'usedforsecurity' flag to false to make it FIPs compliant. The usage of md5 was always in there. The commit 373a04cf734 made it to get exercised in 'open_subvol' which is pre-requisite for all the subvolume operations and hence subvolume creation has failed. Fixes: https://tracker.ceph.com/issues/56727 Signed-off-by: Kotresh HR --- diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py index bb4605cb16e..9e3ca9e25b2 100644 --- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py +++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py @@ -3,7 +3,7 @@ import stat import errno import logging -from hashlib import md5 +import hashlib from typing import Dict, Union from pathlib import Path @@ -76,9 +76,16 @@ class SubvolumeBase(object): @property def legacy_config_path(self): - m = md5() - m.update(self.base_path) - meta_config = "{0}.meta".format(m.digest().hex()) + try: + m = hashlib.md5(self.base_path) + except ValueError: + try: + m = hashlib.md5(self.base_path, usedforsecurity=False) # type: ignore + except TypeError: + raise VolumeException(-errno.EINVAL, + "require python's hashlib library to support usedforsecurity flag in FIPS enabled systems") + + meta_config = "{0}.meta".format(m.hexdigest()) return os.path.join(self.legacy_dir, meta_config.encode('utf-8')) @property