You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The OpenMDAO system._generate_md5_hash() method uses the hashlib.md5 method, which throws an exception on Linux systems with FIPS (Federal Information Processing Standard) enabled, as described here: https://til.simonwillison.net/python/md5-fips
This method is used in the recording manager and the n2 viewer, preventing users on Linux systems with FIPS from using these features.
In Python 3.9+, you can avoid this exception by changing a setting in the md5 method: usedforsecurity=False
Suggested solution for the system._generate_md5_hash() is to have a try-catch to attempt to run the hashlib.md5 method with the the usedforsecurity set to false:
try:
return hashlib.md5(s.encode("utf8"), usedforsecurity=False).hexdigest()
except TypeError:
# For Python 3.8 which does not support usedforsecurity=False
return hashlib.md5(s.encode("utf8")).hexdigest()
This would enable users on Linux systems with FIPS enabled to access the recording manager and n2 viewer with newer Python versions.
Example
Exception message thrown for a user when trying to use the recording manager on a RHEL9 machine with FIPS enabled:
Python.Runtime.PythonException: [digital envelope routines] unsupported
File "[path to python]/python-3.11.8/lib/python3.11/site-packages/openmdao/core/system.py", line 5832, in _generate_md5_hash
return hashlib.md5(str(data).encode()).hexdigest() # nosec: content not sensitive
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OpenMDAO Version
3.27.0
Relevant environment information
No response
The text was updated successfully, but these errors were encountered:
Thanks for the issue. Python 3.8 reaches end of life in a few months anyway, so I think we'll probably just set the oldest supported openmdao to 3.9 and add the usedforsecurity argument.
Description
The OpenMDAO system._generate_md5_hash() method uses the hashlib.md5 method, which throws an exception on Linux systems with FIPS (Federal Information Processing Standard) enabled, as described here: https://til.simonwillison.net/python/md5-fips
This method is used in the recording manager and the n2 viewer, preventing users on Linux systems with FIPS from using these features.
In Python 3.9+, you can avoid this exception by changing a setting in the md5 method: usedforsecurity=False
Suggested solution for the system._generate_md5_hash() is to have a try-catch to attempt to run the hashlib.md5 method with the the usedforsecurity set to false:
This would enable users on Linux systems with FIPS enabled to access the recording manager and n2 viewer with newer Python versions.
Example
Exception message thrown for a user when trying to use the recording manager on a RHEL9 machine with FIPS enabled:
OpenMDAO Version
3.27.0
Relevant environment information
No response
The text was updated successfully, but these errors were encountered: