Use of md5 for object IDs makes this module fail on FIPS-enabled machines

[dralley]

    pulp2_dev:   File "/usr/lib/python2.7/site-packages/mongoengine/document.py", line 2, in <module>
    pulp2_dev:     import pymongo
    pulp2_dev:   File "/usr/lib64/python2.7/site-packages/pymongo/__init__.py", line 83, in <module>
    pulp2_dev:     from pymongo.collection import ReturnDocument
    pulp2_dev:   File "/usr/lib64/python2.7/site-packages/pymongo/collection.py", line 21, in <module>
    pulp2_dev:     from bson.code import Code
    pulp2_dev:   File "/usr/lib64/python2.7/site-packages/bson/__init__.py", line 43, in <module>
    pulp2_dev:     from bson.objectid import ObjectId
    pulp2_dev:   File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 55, in <module>
    pulp2_dev:     class ObjectId(object):
    pulp2_dev:   File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 62, in ObjectId
    pulp2_dev:     _machine_bytes = _machine_bytes()
    pulp2_dev:   File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 38, in _machine_bytes
    pulp2_dev:     machine_hash = hashlib.md5()
    pulp2_dev: ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

[Parkayun]

What was your code?

[dralley]

It never even gets to our code -- simply opening up a Python shell on a FIPS system and typing import bson is enough to cause an immediate exception.

[vagrant@pulp2 ~]$ python
Python 2.7.5 (default, Apr 11 2018, 07:36:10) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import bson
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/bson/__init__.py", line 43, in <module>
    from bson.objectid import ObjectId
  File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 55, in <module>
    class ObjectId(object):
  File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 62, in ObjectId
    _machine_bytes = _machine_bytes()
  File "/usr/lib64/python2.7/site-packages/bson/objectid.py", line 38, in _machine_bytes
    machine_hash = hashlib.md5()
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

[daviddavis]

@Parkayun the code is just importing from bson.objectid. The problem is that we're trying to run this in FIPS mode which prevents the use of insecure algorithms. From the Python hashlib docs:

Constructors for hash algorithms that are always present in this module are sha1(), sha224(), sha256(), sha384(), sha512(), blake2b(), and blake2s(). md5() is normally available as well, though it may be missing if you are using a rare “FIPS compliant” build of Python. Additional algorithms may also be available depending upon the OpenSSL library that Python uses on your platform. On most platforms the sha3_224(), sha3_256(), sha3_384(), sha3_512(), shake_128(), shake_256() are also available.

Any chance we could open a PR to change hashlib.md5() to hashlib.sha1()?