Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hashlib.md5 not supported when FIPS is enabled #1844

Open
samholton opened this issue Nov 26, 2024 · 2 comments
Open

hashlib.md5 not supported when FIPS is enabled #1844

samholton opened this issue Nov 26, 2024 · 2 comments

Comments

@samholton
Copy link

samholton commented Nov 26, 2024
edited
Loading

We are using python3.11 on a RHEL9 instance with FIPS enabled. pytype is failing with _hashlib.UnsupportedDigestmodError: [digital envelope routines] unsupported

Can a FIPS compliant hash function be used here?

pytype/pytype/pyi/parser.py

Line 783 in 97d9491

ast = ast.Replace(name=hashlib.md5(src.encode("utf-8")).hexdigest())

It looks like md5 is used a few other places as well: https://github.com/search?q=repo%3Agoogle%2Fpytype%20md5&type=code

ninja: Entering directory `.pytype'
[1/13] check tests.testingUtils
FAILED: /home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/src/.pytype/pyi/tests/testingUtils.pyi 
/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/bin/python3.11 -m pytype.main --imports_info /home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/src/.pytype/imports/tests.testingUtils.imports --module-name tests.testingUtils --platform linux -V 3.11 -o /home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/src/.pytype/pyi/tests/testingUtils.pyi --analyze-annotated --nofail --quick /home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/src/tests/testingUtils.py
Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/main.py", line 150, in <module>
    sys.exit(main() or 0)
             ^^^^^^
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/main.py", line 135, in main
    return _run_pytype(options)
           ^^^^^^^^^^^^^^^^^^^^
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/main.py", line 146, in _run_pytype
    return io.process_one_file(options)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/io.py", line 72, in wrapper
    return f(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/io.py", line 274, in process_one_file
    ret = check_or_generate_pyi(options)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/io.py", line 72, in wrapper
    return f(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/io.py", line 244, in check_or_generate_pyi
    ast = pytd_builtins.GetDefaultAst(
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/imports/builtin_stubs.py", line 40, in GetDefaultAst
    return parser.parse_string(src=DEFAULT_SRC, options=options)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/pyi/parser.py", line 897, in parse_string
    return parse_pyi(src, filename=filename, module_name=name, options=options)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/pyi/parser.py", line 920, in parse_pyi
    root = post_process_ast(root, src, module_name)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/ec2-user/jenkins/workspace/er_MyProject-Analytics_PR-391/.pyenv-python3.11/lib64/python3.11/site-packages/pytype/pyi/parser.py", line 783, in post_process_ast
    ast = ast.Replace(name=hashlib.md5(src.encode("utf-8")).hexdigest())
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_hashlib.UnsupportedDigestmodError: [digital envelope routines] unsupported
ninja: build stopped: subcommand failed.
@bgiaccio
Copy link

bgiaccio commented Dec 6, 2024
edited
Loading

pytype/pytype/pyi/parser.py

Just needs to be changed to

ast = ast.Replace(name=hashlib.md5(src.encode("utf-8"), usedforsecurity=False).hexdigest())

@samholton
Copy link
Author

samholton commented Dec 9, 2024
edited
Loading

pytype/pytype/pyi/parser.py

Just needs to be changed to

ast = ast.Replace(name=hashlib.md5(src.encode("utf-8"), usedforsecurity=False).hexdigest())

Confirmed this does work on my RHEL9 instance with FIPS enabled.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@samholton @bgiaccio