Closed runyaga closed 1 year ago
What benefit is there to running RelStorage in FIPS mode? I'm not aware of any, so I would just recommend not doing that 😄
A quick review of relstorage+deps it seems nothing at runtime is using hashlib.md5.
The MD5 checksum is stored as part of the state for an object in history preserving storages. It is used during (at least) undo operations.
FIPS mode is enabled at the OS level. We can not opt-out of it. In our case we are running containers on FIPS enabled RHEL server's and at runtime the md5 call blows up.
Thanks, the context is helpful.
Fixed in 3.5.0a5.
Hi Jason / zodb-dev,
On platforms which have FIPS enabled hashlib.md5 will blow up:
A proposed way to resolve this is to add a md5 alias/partial in relstorage._util and change relstorage md5 references from hashlib to the relstorage._util module. For platforms which are not FIPS enabled there should be no function call overhead.
A PR will be incoming but I wanted to see if this is interest to you or if you have another solution. A quick review of relstorage+deps it seems nothing at runtime is using hashlib.md5.