Change md5 usages to work on FIPS enabled hosts

Message ID
State New
Headers show
Series Change md5 usages to work on FIPS enabled hosts | expand

Commit Message

Mark Hatle March 1, 2022, 1:30 a.m. UTC
hashlib.md5() is not permitted on a FIPS enabled host system.  This is due
to md5 not being an approved hash algorithm.

Instead use:'MD5', usedforsecurity=False)

This is allowed, as it's clear the hash is used for a non-security purpose.

Note: version should never be used to verify file integrity, but
instead be used to identify if the file may have changed.  sha256 should be
used for integrity purposes.

Signed-off-by: Mark Hatle <>
Signed-off-by: Mark Hatle <>
 lib/bb/ | 2 +-
 lib/ply/ | 7 ++-----
 2 files changed, 3 insertions(+), 6 deletions(-)


diff --git a/lib/bb/ b/lib/bb/
index 2e825610..fcaeb991 100644
--- a/lib/bb/
+++ b/lib/bb/
@@ -538,7 +538,7 @@  def md5_file(filename):
     Return the hex string representation of the MD5 checksum of filename.
     import hashlib
-    return _hasher(hashlib.md5(), filename)
+    return _hasher('MD5', usedforsecurity=False), filename)
 def sha256_file(filename):
diff --git a/lib/ply/ b/lib/ply/
index 46e7dc96..767c4e46 100644
--- a/lib/ply/
+++ b/lib/ply/
@@ -2797,11 +2797,8 @@  class ParserReflect(object):
     # Compute a signature over the grammar
     def signature(self):
-            from hashlib import md5
-        except ImportError:
-            from md5 import md5
-        try:
-            sig = md5()
+            import hashlib
+            sig ='MD5', usedforsecurity=False)
             if self.start:
             if self.prec: