Exception thrown using recording manager on Linux computer with FIPS

[MadelineLM]

Description

The OpenMDAO system._generate_md5_hash() method uses the hashlib.md5 method, which throws an exception on Linux systems with FIPS (Federal Information Processing Standard) enabled, as described here: https://til.simonwillison.net/python/md5-fips

This method is used in the recording manager and the n2 viewer, preventing users on Linux systems with FIPS from using these features.

In Python 3.9+, you can avoid this exception by changing a setting in the md5 method: usedforsecurity=False

Suggested solution for the system._generate_md5_hash() is to have a try-catch to attempt to run the hashlib.md5 method with the the usedforsecurity set to false:

try:
    return hashlib.md5(s.encode("utf8"), usedforsecurity=False).hexdigest()
except TypeError:
    # For Python 3.8 which does not support usedforsecurity=False
    return hashlib.md5(s.encode("utf8")).hexdigest()

This would enable users on Linux systems with FIPS enabled to access the recording manager and n2 viewer with newer Python versions.

Example

Exception message thrown for a user when trying to use the recording manager on a RHEL9 machine with FIPS enabled:

Python.Runtime.PythonException: [digital envelope routines] unsupported
File "[path to python]/python-3.11.8/lib/python3.11/site-packages/openmdao/core/system.py", line 5832, in _generate_md5_hash
return hashlib.md5(str(data).encode()).hexdigest() # nosec: content not sensitive
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

OpenMDAO Version

3.27.0

Relevant environment information

No response

[robfalck]

Thanks for the issue. Python 3.8 reaches end of life in a few months anyway, so I think we'll probably just set the oldest supported openmdao to 3.9 and add the usedforsecurity argument.

[MadelineLM]

Sounds great, thanks for the quick response!

[robfalck]

It was an easy fix and you gave us all the information we needed in the issue, thank you!