From: Kotresh HR Date: Wed, 27 Jul 2022 11:09:08 +0000 (+0530) Subject: mgr/volumes: Fix subvolume creation in FIPS enabled system. X-Git-Tag: v16.2.11~377^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=dae7331584a536b1fa13d2d8f0aa868f691264a7;p=ceph.git mgr/volumes: Fix subvolume creation in FIPS enabled system. The md5 checksum is used in the construction of legacy subvolume config filename. It's not used for security reason. Hence marking the 'usedforsecurity' flag to false to make it FIPs compliant. The usage of md5 was always in there. The commit 373a04cf734 made it to get exercised in 'open_subvol' which is pre-requisite for all the subvolume operations and hence subvolume creation has failed. Fixes: https://tracker.ceph.com/issues/56727 Signed-off-by: Kotresh HR (cherry picked from commit ced3fac48d3da2320827c6c86ece3b87953badc7) --- diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py index 42f4e27c98aa..d69f6740f5a0 100644 --- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py +++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py @@ -3,7 +3,7 @@ import stat import uuid import errno import logging -from hashlib import md5 +import hashlib from typing import Dict, Union from pathlib import Path @@ -75,9 +75,16 @@ class SubvolumeBase(object): @property def legacy_config_path(self): - m = md5() - m.update(self.base_path) - meta_config = "{0}.meta".format(m.digest().hex()) + try: + m = hashlib.md5(self.base_path) + except ValueError: + try: + m = hashlib.md5(self.base_path, usedforsecurity=False) # type: ignore + except TypeError: + raise VolumeException(-errno.EINVAL, + "require python's hashlib library to support usedforsecurity flag in FIPS enabled systems") + + meta_config = "{0}.meta".format(m.hexdigest()) return os.path.join(self.legacy_dir, meta_config.encode('utf-8')) @property