Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change auth.py to be used in a FIPS system #6810

Open
Jose-albino opened this issue Oct 18, 2024 · 1 comment
Open

Change auth.py to be used in a FIPS system #6810

Jose-albino opened this issue Oct 18, 2024 · 1 comment

Comments

@Jose-albino
Copy link

Jose-albino commented Oct 18, 2024
edited
Loading

Expected Result

Using the requests to perform a HTTPS action is working in a FIPS environment

Actual Result

In UNIX environment with fips enabled the MD5 can't be used.
It provides this error

ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS

Solution

Apply this patch in auth.py

`

*** 145,151 ****
def md5_utf8(x):
if isinstance(x, str):
x = x.encode("utf-8")
! return hashlib.md5(x).hexdigest()
hash_utf8 = md5_utf8
elif _algorithm == "SHA":
--- 145,151 ----
def md5_utf8(x):
if isinstance(x, str):
x = x.encode("utf-8")
! return hashlib.md5(x,usedforsecurity=False).hexdigest()
hash_utf8 = md5_utf8
elif _algorithm == "SHA":

`
@Jose-albino Jose-albino changed the title FIPS capable library Change auth.py to be used in a FIPS system Oct 18, 2024
@SeJunB
Copy link

SeJunB commented Nov 6, 2024
edited
Loading

Could I work on this ticket ?
The usedforsecurity parameter is only available in python >= 3.9. Plan is to set usedforsecurity to True only if python version >= 3.9.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@SeJunB @Jose-albino and others