)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"344be265e8a0f4882ba976a0ddeb7def8a8eba7c","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Some downstream python versions already support this parameter.  To"},{"line_number":21,"context_line":"support these versions, a new encapsulation of md5() his being added to"},{"line_number":22,"context_line":"oslo.utils (secretutils.md5)"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"This patch is to replace the instances of hashlib.md5() with this new"},{"line_number":25,"context_line":"encapsulation, adding an annotation indicating whether the usage is"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"9f560f44_827a80b7","line":22,"updated":"2020-09-15 19:47:29.000000000","message":"Are there other projects that use MD5 in non-security contexts besides swift and its clients, or is it just us?\n\nRegardless, I\u0027d hesitate to add a dependency on oslo.utils just for this, but rather just add the shim to swift/common/utils.py or something.","commit_id":"32faf872fdf7803ccf8496d7aa496167b2d0f812"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"bf02162468224797277cd4deb39e2e9af82e589f","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Some downstream python versions already support this parameter.  To"},{"line_number":21,"context_line":"support these versions, a new encapsulation of md5() his being added to"},{"line_number":22,"context_line":"oslo.utils (secretutils.md5)"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"This patch is to replace the instances of hashlib.md5() with this new"},{"line_number":25,"context_line":"encapsulation, adding an annotation indicating whether the usage is"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"9f560f44_dfd71dee","line":22,"in_reply_to":"9f560f44_827a80b7","updated":"2020-09-16 14:30:44.000000000","message":"There are other projects that do (cinder and glance, for sure), but swift is by far, the most prolific use case.\n\nI can certainly add the shim to swift/common/utils.py if that is preferred instead.  Let me know if thats what we\u0027d like to do.\n\nThere are some useful comments on how best to implement this in the oslo review, so I\u0027ll wait for that to shake out.  I particularly like the idea of doing the check at load time.","commit_id":"32faf872fdf7803ccf8496d7aa496167b2d0f812"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"344be265e8a0f4882ba976a0ddeb7def8a8eba7c","unresolved":false,"context_lines":[{"line_number":32,"context_line":""},{"line_number":33,"context_line":"In fact, in this initial patch, I believe all the uses I have flagged are"},{"line_number":34,"context_line":"non-security related.  The only ones I had concerns about -- and which"},{"line_number":35,"context_line":"are not in this patch are in swift/common/middleware/crypto/decrypter.py"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"As the oslo patch is not expected to be released soon, I have added"},{"line_number":38,"context_line":"oslo.utils to the required_projects in the zuul config to try to run the"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"9f560f44_a204e419","line":35,"range":{"start_line":35,"start_character":60,"end_line":35,"end_character":69},"updated":"2020-09-15 19:47:29.000000000","message":"encrypter.py, yeah? Even for the encryption middleware, md5 is only being used to preserve our ETag contract; that is to say, it\u0027s a glorified crc and not security-related.","commit_id":"32faf872fdf7803ccf8496d7aa496167b2d0f812"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"bf02162468224797277cd4deb39e2e9af82e589f","unresolved":false,"context_lines":[{"line_number":32,"context_line":""},{"line_number":33,"context_line":"In fact, in this initial patch, I believe all the uses I have flagged are"},{"line_number":34,"context_line":"non-security related.  The only ones I had concerns about -- and which"},{"line_number":35,"context_line":"are not in this patch are in swift/common/middleware/crypto/decrypter.py"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"As the oslo patch is not expected to be released soon, I have added"},{"line_number":38,"context_line":"oslo.utils to the required_projects in the zuul config to try to run the"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":5,"id":"9f560f44_ff2ca102","line":35,"range":{"start_line":35,"start_character":60,"end_line":35,"end_character":69},"in_reply_to":"9f560f44_a204e419","updated":"2020-09-16 14:30:44.000000000","message":"Agreed.  I\u0027ve had a couple of other security folks look at this and they\u0027ve agreed.  I\u0027ll add those in the next patch set.","commit_id":"32faf872fdf7803ccf8496d7aa496167b2d0f812"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"b0c0025f69bc6f01525a3e7a5684b8250c554987","unresolved":false,"context_lines":[{"line_number":42,"context_line":"This seems to me to be an impermissible use of md5, but it looks like"},{"line_number":43,"context_line":"we can configure the use of a different hash algorithm.  So what should"},{"line_number":44,"context_line":"we do here?"},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"Change-Id: Ibb4917da4c083e1e094156d748708b87387f2d87"},{"line_number":47,"context_line":"Depends-On: https://review.opendev.org/#/c/750031/"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":11,"id":"1f621f24_7db4d435","line":45,"updated":"2020-11-05 20:09:50.000000000","message":"Updating the note on this based on comments with tburke.\n\nWhile its probably better not to use md5 if you are trying to\nprotect user data, this usage is probably not really what fips cares about.  That is, obfuscation !\u003d crytography.  \n\nAnd from the point of view of FIPs, this is probably a non-security context.\n\ntburke did suggest failing when md5 is configured and FIPS is enabled - and suggested how the tests would be written in that case.  I can do that - or I can specify that this is a non-security context ..\n\nWhat do we want to do?","commit_id":"5d096b47d2f987bcb7cc8243ac13cc0156c678fb"}],"swift/common/middleware/s3api/s3request.py":[{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"486de0165a7685043070f7e856cbefab48eeec67","unresolved":true,"context_lines":[{"line_number":123,"context_line":"    def __init__(self, reader, content_length, hasher, expected_hex_hash):"},{"line_number":124,"context_line":"        self._input \u003d reader"},{"line_number":125,"context_line":"        self._to_read \u003d content_length"},{"line_number":126,"context_line":"        if hasher \u003d\u003d md5:"},{"line_number":127,"context_line":"            self._hasher \u003d hasher(usedforsecurity\u003dFalse)"},{"line_number":128,"context_line":"        else:"},{"line_number":129,"context_line":"            self._hasher \u003d hasher()"}],"source_content_type":"text/x-python","patch_set":13,"id":"0db8da4c_c0d404f6","line":126,"updated":"2020-12-03 23:49:02.000000000","message":"Why not switch to passing an pre-made instance instead of the class? Or, make unit tests pass md5_factory() that you already introduced.","commit_id":"5fca45cf1db3ce6ee9f461008d6c385d3c9ceb53"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"b9bd48f6437410dd4c8701e777488f2db94c650c","unresolved":false,"context_lines":[{"line_number":123,"context_line":"    def __init__(self, reader, content_length, hasher, expected_hex_hash):"},{"line_number":124,"context_line":"        self._input \u003d reader"},{"line_number":125,"context_line":"        self._to_read \u003d content_length"},{"line_number":126,"context_line":"        if hasher \u003d\u003d md5:"},{"line_number":127,"context_line":"            self._hasher \u003d hasher(usedforsecurity\u003dFalse)"},{"line_number":128,"context_line":"        else:"},{"line_number":129,"context_line":"            self._hasher \u003d hasher()"}],"source_content_type":"text/x-python","patch_set":13,"id":"fffc6b78_3bd2eb35","line":126,"updated":"2020-12-15 19:01:40.000000000","message":"Yeah, we only use this class with SHA256 -- if we need to make sure the content matches for a Content-MD5, we massage it into an ETag and let the object-server respond 422 (or, if reading some client request XML for processing, we make the comparison in check_md5 defined below).\n\nI think I\u0027d imagined that we might pass an md5 hasher in and simplify or entirely remove check_md5, but never quite got around to it.","commit_id":"5fca45cf1db3ce6ee9f461008d6c385d3c9ceb53"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"b98541f618226de63aa61ea4b44eaab184487c4d","unresolved":true,"context_lines":[{"line_number":123,"context_line":"    def __init__(self, reader, content_length, hasher, expected_hex_hash):"},{"line_number":124,"context_line":"        self._input \u003d reader"},{"line_number":125,"context_line":"        self._to_read \u003d content_length"},{"line_number":126,"context_line":"        if hasher \u003d\u003d md5:"},{"line_number":127,"context_line":"            self._hasher \u003d hasher(usedforsecurity\u003dFalse)"},{"line_number":128,"context_line":"        else:"},{"line_number":129,"context_line":"            self._hasher \u003d hasher()"}],"source_content_type":"text/x-python","patch_set":13,"id":"d35763c0_e73bccaf","line":126,"in_reply_to":"0db8da4c_c0d404f6","updated":"2020-12-11 22:00:17.000000000","message":"I think you\u0027re asking me if we should change the signature of this class.  Not sure if I can answer that - I see that this class is used only once in this code base in this file -- and then to pass in sha256.  But I\u0027m not sure if this class is exposed and instantiated by any other code.  Input from Christian/Tim?","commit_id":"5fca45cf1db3ce6ee9f461008d6c385d3c9ceb53"}],"swift/common/utils.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d297a77e6f872f403dd86629d4c560dffc807d60","unresolved":false,"context_lines":[{"line_number":4832,"context_line":"                                   ctypes.c_int(0))"},{"line_number":4833,"context_line":"        if hash_sockfd \u003c 0:"},{"line_number":4834,"context_line":"            raise IOError(ctypes.get_errno(),"},{"line_number":4835,"context_line":"                          \"Failed to initialize MD5 socket\")"},{"line_number":4836,"context_line":""},{"line_number":4837,"context_line":"        bind_result \u003d _libc_bind(ctypes.c_int(hash_sockfd),"},{"line_number":4838,"context_line":"                                 ctypes.pointer(sockaddr_setup),"}],"source_content_type":"text/x-python","patch_set":8,"id":"9f560f44_66fa7bba","line":4835,"updated":"2020-09-22 00:01:24.000000000","message":"Am I right to think that this function would bomb out here in FIPS mode?","commit_id":"6ed9985a81c1899e76a93e930f3f5571d9197d8e"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"feb49f1fd8eafaa18ec062f4ca6951d09c7d165c","unresolved":false,"context_lines":[{"line_number":4832,"context_line":"                                   ctypes.c_int(0))"},{"line_number":4833,"context_line":"        if hash_sockfd \u003c 0:"},{"line_number":4834,"context_line":"            raise IOError(ctypes.get_errno(),"},{"line_number":4835,"context_line":"                          \"Failed to initialize MD5 socket\")"},{"line_number":4836,"context_line":""},{"line_number":4837,"context_line":"        bind_result \u003d _libc_bind(ctypes.c_int(hash_sockfd),"},{"line_number":4838,"context_line":"                                 ctypes.pointer(sockaddr_setup),"}],"source_content_type":"text/x-python","patch_set":8,"id":"9f560f44_87a17798","line":4835,"in_reply_to":"9f560f44_164bdb86","updated":"2020-09-22 20:47:59.000000000","message":"It\u0027s not really a problem for it to bomb out here -- we\u0027ve got some code around https://github.com/openstack/swift/blob/2.26.0/swift/obj/diskfile.py#L725-L735 to catch the IOError and fall back to something reasonable. As much as anything I wanted to make sure you were aware that we (may, depending on configuration) get an md5 hasher in this other way.","commit_id":"6ed9985a81c1899e76a93e930f3f5571d9197d8e"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"79443cce5ca33c76cf09a6b15aead295100fa208","unresolved":false,"context_lines":[{"line_number":4832,"context_line":"                                   ctypes.c_int(0))"},{"line_number":4833,"context_line":"        if hash_sockfd \u003c 0:"},{"line_number":4834,"context_line":"            raise IOError(ctypes.get_errno(),"},{"line_number":4835,"context_line":"                          \"Failed to initialize MD5 socket\")"},{"line_number":4836,"context_line":""},{"line_number":4837,"context_line":"        bind_result \u003d _libc_bind(ctypes.c_int(hash_sockfd),"},{"line_number":4838,"context_line":"                                 ctypes.pointer(sockaddr_setup),"}],"source_content_type":"text/x-python","patch_set":8,"id":"9f560f44_164bdb86","line":4835,"in_reply_to":"9f560f44_66fa7bba","updated":"2020-09-22 18:00:22.000000000","message":"Thats very plausible.  I\u0027ll confirm when I run the functional tests.  This wasn\u0027t flagged before because bandit didn\u0027t detect this.  If it does bomb out, we\u0027ll address in a follow-on patch.","commit_id":"6ed9985a81c1899e76a93e930f3f5571d9197d8e"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"214e233b52254b1a1f82dc2bcfcbd07f70b121e9","unresolved":false,"context_lines":[{"line_number":679,"context_line":"                h.update(six.b(self.salt))"},{"line_number":680,"context_line":"            h.update(six.b(self))"},{"line_number":681,"context_line":"            return \u0027{%s%s}%s\u0027 % (\u0027S\u0027 if self.salt else \u0027\u0027, self.method.upper(),"},{"line_number":682,"context_line":"                                 h.hexdigest())"},{"line_number":683,"context_line":""},{"line_number":684,"context_line":""},{"line_number":685,"context_line":"class StrFormatTime(object):"}],"source_content_type":"text/x-python","patch_set":11,"id":"9f560f44_e8940839","line":682,"updated":"2020-09-29 20:19:01.000000000","message":"Do you view this as being materially different from what Swift does in hash_path() below? If so, in what ways? I just want to make sure I have a reasonable idea of when to feel comfortable setting usedforsecurity\u003dFalse.\n\nUp in __new__, I think we\u0027d be justified in raising that \"Unsupported hashing method: ...\" error if you try to configure log anonymization with md5 and FIPS mode enabled. As for tests, I could see something like http://paste.openstack.org/show/798543/ being reasonable.","commit_id":"5d096b47d2f987bcb7cc8243ac13cc0156c678fb"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"b036b75d13e55400c10253c308dadc75d8358e7a","unresolved":false,"context_lines":[{"line_number":679,"context_line":"                h.update(six.b(self.salt))"},{"line_number":680,"context_line":"            h.update(six.b(self))"},{"line_number":681,"context_line":"            return \u0027{%s%s}%s\u0027 % (\u0027S\u0027 if self.salt else \u0027\u0027, self.method.upper(),"},{"line_number":682,"context_line":"                                 h.hexdigest())"},{"line_number":683,"context_line":""},{"line_number":684,"context_line":""},{"line_number":685,"context_line":"class StrFormatTime(object):"}],"source_content_type":"text/x-python","patch_set":11,"id":"1f621f24_fa490a8b","line":682,"in_reply_to":"9f560f44_e8940839","updated":"2020-11-05 20:01:47.000000000","message":"Tim, I\u0027m going to defer to whatever you decide is the best behavior here.\n\nWhile its probably better not to use md5 if you are trying to protect user data, this probably isn\u0027t really what fips cares about.  \n\nThat is, obfuscation !\u003d crytography.  So, in this case, it isn\u0027t materially different from what we do in hash_path.\n\nFrom the point of view of FIPS, this is probably a non-security context.","commit_id":"5d096b47d2f987bcb7cc8243ac13cc0156c678fb"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"b9bd48f6437410dd4c8701e777488f2db94c650c","unresolved":true,"context_lines":[{"line_number":4883,"context_line":""},{"line_number":4884,"context_line":""},{"line_number":4885,"context_line":"def md5_factory():"},{"line_number":4886,"context_line":"    return md5(usedforsecurity\u003dFalse)"},{"line_number":4887,"context_line":""},{"line_number":4888,"context_line":""},{"line_number":4889,"context_line":"class ShardRange(object):"}],"source_content_type":"text/x-python","patch_set":15,"id":"dac521e5_97662f45","line":4886,"updated":"2020-12-15 19:01:40.000000000","message":"This seems like a dangerous sort of a helper, as it moves the annotation of usedforsecurity\u003dFalse away from the context we would need to judge whether that\u0027s true or not. I was going to ask if it would be better to just use\n\n defaultdict(lambda: md5(usedforsecurity\u003dFalse))\n\nin those couple places that would use this... but we\u0027ve already found another place that it\u0027s useful... hmm...","commit_id":"191a686a62683b6d5e35bb3c130b66a7a350b116"}],"swift/obj/server.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"b9bd48f6437410dd4c8701e777488f2db94c650c","unresolved":false,"context_lines":[{"line_number":579,"context_line":"        except ChunkReadTimeout:"},{"line_number":580,"context_line":"            raise HTTPRequestTimeout()"},{"line_number":581,"context_line":""},{"line_number":582,"context_line":"        footer_md5 \u003d footer_hdrs.get(\u0027Content-MD5\u0027)"},{"line_number":583,"context_line":"        if not footer_md5:"},{"line_number":584,"context_line":"            raise HTTPBadRequest(body\u003d\"no Content-MD5 in footer\")"},{"line_number":585,"context_line":"        if footer_md5 !\u003d md5(footer_body, usedforsecurity\u003dFalse).hexdigest():"}],"source_content_type":"text/x-python","patch_set":16,"id":"d3223865_f4a2d9a9","line":582,"updated":"2020-12-15 19:01:40.000000000","message":"Off-topic: the RFC-noncompliance makes me twitchy... but that\u0027s on us, and unlikely to ever get fixed.","commit_id":"5320ecbaf2c0e77842ab1ee3eb8106948dc06704"}],"test/unit/common/test_utils.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"feb49f1fd8eafaa18ec062f4ca6951d09c7d165c","unresolved":false,"context_lines":[{"line_number":4471,"context_line":"        self.assertRaises("},{"line_number":4472,"context_line":"            TypeError, md5, \u0027foo\u0027, usedforsecurity\u003dTrue)"},{"line_number":4473,"context_line":"        self.assertRaises("},{"line_number":4474,"context_line":"            TypeError, md5, \u0027foo\u0027, usedforsecurity\u003dFalse)"},{"line_number":4475,"context_line":""},{"line_number":4476,"context_line":"    def test_none_data_raises_type_error(self):"},{"line_number":4477,"context_line":"        self.assertRaises(TypeError, hashlib.md5, None)"}],"source_content_type":"text/x-python","patch_set":8,"id":"9f560f44_c7c08f2e","line":4474,"updated":"2020-09-22 20:47:59.000000000","message":"We\u0027ll want these to use\n\n u\u0027foo\u0027\n\nSorry, we\u0027re still writing py2/py3 polyglot code.","commit_id":"6ed9985a81c1899e76a93e930f3f5571d9197d8e"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"5af8e627f3ae9912da01e08e21c29baee3ca0021","unresolved":false,"context_lines":[{"line_number":4468,"context_line":"    @unittest.skipIf(sys.version_info.major \u003d\u003d 2,"},{"line_number":4469,"context_line":"                     \"hashlib.md5 does not raise TypeError here in py2\")"},{"line_number":4470,"context_line":"    def test_string_data_raises_type_error(self):"},{"line_number":4471,"context_line":"        self.assertRaises(TypeError, hashlib.md5, u\u0027foo\u0027)"},{"line_number":4472,"context_line":"        self.assertRaises(TypeError, md5, u\u0027foo\u0027)"},{"line_number":4473,"context_line":"        self.assertRaises("},{"line_number":4474,"context_line":"            TypeError, md5, u\u0027foo\u0027, usedforsecurity\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":10,"id":"9f560f44_81d02b55","line":4471,"updated":"2020-09-23 19:40:48.000000000","message":"I think I\u0027d prefer to just skip this one assertion -- or even drop it all together. I very much prefer how this new shim raises a TypeError on unicode data over how py2 will \"helpfully\" try to encode it -- demonstrating the TypeErrors on py2 seems worthwhile.","commit_id":"7c5e5786fd2f2cbf83a275b8c9ce4757a2a1757f"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"564b92cb67c1478e356be068e0eb29c66e0037e8","unresolved":false,"context_lines":[{"line_number":4468,"context_line":"    @unittest.skipIf(sys.version_info.major \u003d\u003d 2,"},{"line_number":4469,"context_line":"                     \"hashlib.md5 does not raise TypeError here in py2\")"},{"line_number":4470,"context_line":"    def test_string_data_raises_type_error(self):"},{"line_number":4471,"context_line":"        self.assertRaises(TypeError, hashlib.md5, u\u0027foo\u0027)"},{"line_number":4472,"context_line":"        self.assertRaises(TypeError, md5, u\u0027foo\u0027)"},{"line_number":4473,"context_line":"        self.assertRaises("},{"line_number":4474,"context_line":"            TypeError, md5, u\u0027foo\u0027, usedforsecurity\u003dTrue)"}],"source_content_type":"text/x-python","patch_set":10,"id":"9f560f44_d4365fe7","line":4471,"in_reply_to":"9f560f44_81d02b55","updated":"2020-09-23 20:16:12.000000000","message":"I don\u0027t think (and I confirmed) the new shim raises a TypeError here in py2 either, and I think it shouldn\u0027t.\n\nThe shim is designed to do exactly what hashlib.md5 would do - except that it handles the extra keyword parameter.\n\nIf hashlib.md5 raises a TypeError on the data, then so should the shim.  If it doesn\u0027t, then the shim shouldn\u0027t either.\n\nThis test invokes the same call on both the shim and hashlib.md5 to confirm that the behavior is the same.","commit_id":"7c5e5786fd2f2cbf83a275b8c9ce4757a2a1757f"},{"author":{"_account_id":597,"name":"Pete Zaitcev","email":"zaitcev@kotori.zaitcev.us","username":"zaitcev"},"change_message_id":"486de0165a7685043070f7e856cbefab48eeec67","unresolved":true,"context_lines":[{"line_number":4510,"context_line":"    except TypeError:"},{"line_number":4511,"context_line":"        _md5_digest \u003d hashlib.md5(_test_data).digest()"},{"line_number":4512,"context_line":"        _fips_enabled \u003d False"},{"line_number":4513,"context_line":""},{"line_number":4514,"context_line":"    def test_md5_with_data(self):"},{"line_number":4515,"context_line":"        if not self._fips_enabled:"},{"line_number":4516,"context_line":"            digest \u003d md5(self._test_data).digest()"}],"source_content_type":"text/x-python","patch_set":13,"id":"a9a2eca0_a2d5c3cd","line":4513,"updated":"2020-12-03 23:49:02.000000000","message":"I think you\u0027re not devious enough here. You must also check that the actual MD5 digest of the source string matches what the hacked-up hashlib returned just now.\n\nAlso... Although setting class variables is a cute trick, I\u0027d prefer this to be in setUp() in this case. Or at least the assertEqual(_md5_digest.hexdigest(), \"0d6dc3c588ae71a04ce9a6beebbbba06\") needs to be, I think.","commit_id":"5fca45cf1db3ce6ee9f461008d6c385d3c9ceb53"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"8c89ee4969a1d03dd937e789f23066d226432cfa","unresolved":true,"context_lines":[{"line_number":4510,"context_line":"    except TypeError:"},{"line_number":4511,"context_line":"        _md5_digest \u003d hashlib.md5(_test_data).digest()"},{"line_number":4512,"context_line":"        _fips_enabled \u003d False"},{"line_number":4513,"context_line":""},{"line_number":4514,"context_line":"    def test_md5_with_data(self):"},{"line_number":4515,"context_line":"        if not self._fips_enabled:"},{"line_number":4516,"context_line":"            digest \u003d md5(self._test_data).digest()"}],"source_content_type":"text/x-python","patch_set":13,"id":"65e02b17_6d55e204","line":4513,"in_reply_to":"a9a2eca0_a2d5c3cd","updated":"2020-12-11 21:22:31.000000000","message":"Nice catch.\n\nActually, I think the problem here is that this test code is wrong.  I think I just need to do this to confirm that FIPS is enabled:\n\ntry:\n    _md5_digest \u003d hashlib.md5(_test_data).hexdigest()\n    _fips_enabled \u003d False\nexcept ValueError:\n    _fips_enabled \u003d True\n    _md5_digest \u003d \u00270d6dc3c588ae71a04ce9a6beebbbba06\u0027\n\nAnd yeah, I can do this in setup().  The checking of the hacked up md5 as compared to the hashlib.md5 will happen in the tests.  I\u0027ll fix it.","commit_id":"5fca45cf1db3ce6ee9f461008d6c385d3c9ceb53"}]}