SeJunB
commented
2 weeks ago Could I work on this ticket ?
The usedforsecurity parameter is only available in python >= 3.9. Plan is to set usedforsecurity to True only if python version >= 3.9.
Open Jose-albino opened 1 month ago
SeJunB
commented
2 weeks ago Could I work on this ticket ?
The usedforsecurity parameter is only available in python >= 3.9. Plan is to set usedforsecurity to True only if python version >= 3.9.
Expected Result
Using the requests to perform a HTTPS action is working in a FIPS environment
Actual Result
In UNIX environment with fips enabled the MD5 can't be used. It provides this error
ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS
Solution
Apply this patch in auth.py
`
* 145,151 ** def md5_utf8(x): if isinstance(x, str): x = x.encode("utf-8") ! return hashlib.md5(x).hexdigest()
hash_utf8 = md5_utf8 elif _algorithm == "SHA": --- 145,151 ---- def md5_utf8(x): if isinstance(x, str): x = x.encode("utf-8") ! return hashlib.md5(x,usedforsecurity=False).hexdigest() hash_utf8 = md5_utf8 elif _algorithm == "SHA":
`