From: Jason Ish <jason.ish@oisf.net>
Date: Tue, 8 Apr 2025 22:42:02 +0000 (-0600)
Subject: md5: don't rely on version for usedforsecurity
X-Git-Tag: 1.3.5~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ad0390142a6de8cfaa99a9291204cc78a31bc03;p=thirdparty%2Fsuricata-update.git

md5: don't rely on version for usedforsecurity

The usedforsecurity flag to hashlib.md5 doesn't appear to be version
specific, due to backporting, etc.

Instead attempt to use it, on exception, fallback to not using it.

Ticket: https://redmine.openinfosecfoundation.org/issues/7255
---

diff --git a/suricata/update/util.py b/suricata/update/util.py
index c2a73d0..2fa1f33 100644
--- a/suricata/update/util.py
+++ b/suricata/update/util.py
@@ -30,10 +30,10 @@ def md5_hexdigest(buf):
 
     :returns: A string representing the hex value of the computed MD5.
     """
-    if sys.version_info.major < 3 or (sys.version_info.major == 3 and sys.version_info.minor < 9):
-        return hashlib.md5(buf).hexdigest().strip()
-    else:
+    try:
         return hashlib.md5(buf, usedforsecurity=False).hexdigest().strip()
+    except:
+        return hashlib.md5(buf).hexdigest().strip()
 
 def mktempdir(delete_on_exit=True):
     """ Create a temporary directory that is removed on exit. """