Qualified the use of ``hashlib.md5()`` within the DDL compiler, which is
used to generate deterministic four-character suffixes for long index and
constraint names in DDL statements, to include the Python 3.9+
``usedforsecurity=False`` parameter so that Python interpreters built for
restricted environments such as FIPS do not consider this call to be
related to security concerns.
Fixes: #10342
Change-Id: I3af0d3de3d140663c70921ab1ed4b66ad9512ec4
--- /dev/null
+.. change::
+ :tags: bug, sql
+ :tickets: 10342
+
+ Qualified the use of ``hashlib.md5()`` within the DDL compiler, which is
+ used to generate deterministic four-character suffixes for long index and
+ constraint names in DDL statements, to include the Python 3.9+
+ ``usedforsecurity=False`` parameter so that Python interpreters built for
+ restricted environments such as FIPS do not consider this call to be
+ related to security concerns.
import base64
import dataclasses
+import hashlib
import inspect
import operator
import platform
return gen.athrow(typ, value, traceback)
+if py39:
+ # python stubs don't have a public type for this. not worth
+ # making a protocol
+ def md5_not_for_security() -> Any:
+ return hashlib.md5(usedforsecurity=False)
+
+else:
+
+ def md5_not_for_security() -> Any:
+ return hashlib.md5()
+
+
if typing.TYPE_CHECKING or py38:
from importlib import metadata as importlib_metadata
else:
import collections
import enum
from functools import update_wrapper
-import hashlib
import inspect
import itertools
import operator
def md5_hex(x: Any) -> str:
x = x.encode("utf-8")
- m = hashlib.md5()
+ m = compat.md5_not_for_security()
m.update(x)
- return m.hexdigest()
+ return cast(str, m.hexdigest())
class safe_reraise:
projects / thirdparty / sqlalchemy / sqlalchemy.git / commitdiff
