search

awslabs / kinesis-aggregation

AWS libraries/modules for working with Kinesis aggregated record data
Apache License 2.0
376 stars 154 forks source link

aws_kinesis_agg fails to run on FIPS compliant python images #181

Open mnunna-broadcom opened 6 months ago

mnunna-broadcom commented 6 months ago

DIGEST_SIZE = hashlib.md5().digest_size code fails to run in FIPS compliant images with the below error because md5 is no longer trusted. 

/app/.venv/lib/python3.10/site-packages/aws_kinesis_agg/__init__.py:21: in <module>
    DIGEST_SIZE = hashlib.md5().digest_size
E   ValueError: [digital envelope routines] unsupported

Since it is only being used to find the DIGETS and not for for cryptographic purpose, the recommendation in hash lib docs is to use DIGEST_SIZE = hashlib.md5(usedforsecurity=True).digest_size

This issue to fix exactly that

mnunna-broadcom commented 6 months ago

Here is the pull request; https://github.com/awslabs/kinesis-aggregation/pull/182

Can you please review?