Merge pull request #481 from enfold/master

FIPS Support
zodb · Jul 20, 2021 · 3c7b765 · 3c7b765
2 parents e182363 + 9fcd526
commit 3c7b765
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 3 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -5,6 +5,9 @@
 3.5.0a5 (unreleased)
 ====================
 
+- Allow RelStorage to be used in a FIPS enabled environment. See
+  :issue:`480`
+
 - Fix ``RelStorage.zap_all()`` and ``zodbconvert --clear`` against
   existing PostgreSQL databases with very large numbers of Blobs and
   relatively small amounts of shared memory (e.g., default values for

diff --git a/src/relstorage/_compat.py b/src/relstorage/_compat.py
@@ -15,6 +15,9 @@
 import platform
 import sys
 
+from functools import partial
+from hashlib import md5 as md5_original
+
 import BTrees
 # XXX: This is a private module in ZODB, but it has a lot
 # of knowledge about how to choose the right implementation
@@ -27,6 +30,7 @@
 from ZODB._compat import dumps
 from ZODB._compat import loads
 
+
 __all__ = [
     # ZODB exports
     'HIGHEST_PROTOCOL',
@@ -358,3 +362,14 @@ def update_wrapper(wrapper, wrapped, *args, **kwargs):
         wrapper = _update_wrapper(wrapper, wrapped, *args, **kwargs)
         wrapper.__wrapped__ = wrapped
         return wrapped
+
+# In FIPS enabled environments, we need to use usedforsecurity=False
+# if we want to use md5() for hashing on non security related usage,
+# like it is the case with RelStorage. More info:
+# - https://bugs.python.org/issue9216
+# - https://bugs.python.org/issue40695
+try:
+    hashed = md5_original(b'test')
+    md5 = md5_original
+except ValueError:  # pragma: no cover
+    md5 = partial(md5_original, usedforsecurity=False)
diff --git a/src/relstorage/adapters/mover.py b/src/relstorage/adapters/mover.py
@@ -17,11 +17,11 @@
 from __future__ import print_function
 
 import os
-from hashlib import md5
 
 from zope.interface import implementer
 
 from .._compat import OID_TID_MAP_TYPE
+from .._compat import md5
 from .._util import metricmethod_sampled
 from .._util import metricmethod
 from ._util import noop_when_history_free

diff --git a/src/relstorage/adapters/schema.py b/src/relstorage/adapters/schema.py
@@ -20,11 +20,11 @@
 import sys
 
 from functools import partial
-from hashlib import md5
 
 from ZODB.POSException import StorageError
 
 from .._compat import ABC
+from .._compat import md5
 from ._util import DatabaseHelpersMixin
 from ._util import query_property
 from ._util import noop_when_history_free

diff --git a/src/relstorage/tests/blob/testblob.py b/src/relstorage/tests/blob/testblob.py
@@ -24,7 +24,6 @@
 import tempfile
 import time
 import unittest
-from hashlib import md5
 
 import transaction
 import ZODB.blob
@@ -35,6 +34,8 @@
 from ZODB.DB import DB
 from ZODB.serialize import referencesf
 
+from relstorage._compat import md5
+
 from relstorage.tests import TestCase
 from relstorage.tests.util import USE_SMALL_BLOBS
 from relstorage.tests.util import MinimalTestLayer as BaseTestLayer