ambex: Remove usage of md5

When trying to run emissary in crypto-restricted environments (e.g. FIPS), usage of md5 can be problematic: ``` time="2024-10-17 19:20:29.7063" level=error msg="shut down with error error: PANIC: openssl: MD5 failed" func=github.com/emissary-ingress/emissary/v3/pkg/busy.Main file="github.com/emissary-ingress/emissary/v3/pkg/busy/busy.go:87" CMD=entrypoint PID=1 ``` This replaces the usage with xxhash, which should avoid usage of unsupport crypto libraries, but keep the deterministic behavior. Signed-off-by: Billy Lynch <[email protected]>
emissary-ingress · Oct 18, 2024 · f1b539c · f1b539c
1 parent ac2dc64
commit f1b539c
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -107,6 +107,8 @@ it will be removed; but as it won't be user-visible this isn't considered a brea
   instead of the Mapping name, which could reduce the cache's effectiveness. This has been fixed so
   that the correct key is used. ([Incorrect Cache Key for Mapping])
 
+- Change: Changed Ambex suffix hashing algorithm to use xxhash64 instead of md5.
+
 [Incorrect Cache Key for Mapping]: https://github.com/emissary-ingress/emissary/issues/5714
 
 ## [3.9.0] November 13, 2023

diff --git a/go.mod b/go.mod
@@ -83,6 +83,7 @@ require (
 	github.com/Masterminds/sprig v2.22.0+incompatible
 	github.com/cenkalti/backoff/v4 v4.2.1
 	github.com/census-instrumentation/opencensus-proto v0.4.1
+	github.com/cespare/xxhash/v2 v2.2.0
 	github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4
 	github.com/datawire/dlib v1.3.1
 	github.com/datawire/dtest v0.0.0-20210928162311-722b199c4c2f
@@ -146,7 +147,6 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect

diff --git a/pkg/ambex/transforms.go b/pkg/ambex/transforms.go
@@ -3,12 +3,12 @@ package ambex
 import (
 	// standard library
 	"context"
-	"crypto/md5"
-	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"strconv"
 
 	// third-party libraries
+	"github.com/cespare/xxhash/v2"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/anypb"
 
@@ -146,9 +146,10 @@ func V3ListenerToRdsListener(lnr *v3listener.Listener) (*v3listener.Listener, []
 						// associated with a given listener.
 						filterChainMatch, _ := json.Marshal(fc.GetFilterChainMatch())
 
-						// Use MD5 because it's decently fast and cryptographic security isn't needed.
-						matchHash := md5.Sum(filterChainMatch)
-						matchKey := hex.EncodeToString(matchHash[:])
+						// Use xxhash64 because it's decently fast and cryptographic security isn't needed.
+						h := xxhash.New()
+						h.Write(filterChainMatch)
+						matchKey := strconv.FormatUint(h.Sum64(), 16)
 
 						rc.Name = fmt.Sprintf("%s-routeconfig-%s-%d", l.Name, matchKey, matchKeyIndex[matchKey])
 

diff --git a/pkg/ambex/transforms_test.go b/pkg/ambex/transforms_test.go
@@ -78,7 +78,7 @@ func TestV3ListenerToRdsListener(t *testing.T) {
 
 	for i, rc := range routes {
 		// Confirm that the route name was transformed to the hashed version
-		assert.Equal(t, fmt.Sprintf("emissary-ingress-listener-8080-routeconfig-8c82e45fa3f94ab4e879543e0a1a30ac-%d", i), rc.GetName())
+		assert.Equal(t, fmt.Sprintf("emissary-ingress-listener-8080-routeconfig-29865f40cbcf32dc-%d", i), rc.GetName())
 
 		// Make sure the virtual hosts are unmodified
 		virtualHosts := rc.GetVirtualHosts()