pycryptodomex attempts to utilize MD5 on FIPS enabled machines, throws errors #64

Closed
dmurphy18 opened this Issue May 11, 2017 · 2 comments

Comments

Projects
None yet
2 participants
@dmurphy18

Using pycryptodomex on FIPS enabled Redhat 6 & 7 systems is throwing ValueError or other UnboundedLocallError due to the use of MD5 which is now disabled on FIPS enabled systems.

see:
saltstack/salt#40890
saltstack/salt-pack#261

The problem is use of the pattern:
try:
from hashlib import md5
except ImportError:
from md5 import md5

But on FIPS enabled systems MD5 is disabled.

Note this pattern is used in other Python files too, as shown in the comments of the salt-pack issue.

Note the UnboundedLocalError in yacc.py due to MD5 instantiation failing generated by use of :
File "/usr/lib64/python2.7/site-packages/Cryptodome/Util/_raw_api.py", line 89, in

results in MD5 instantiation failing

@Legrandin

This comment has been minimized.

Show comment
Hide comment
@Legrandin

Legrandin Feb 24, 2018

Owner

Master includes now native code for (the venerable) MD5 and SHA1 so Crypto.Hash.MD5 and Crypto.Hash.SHA1 are always available regardless of the OpenSSL library linked to Python.

Owner

Legrandin commented Feb 24, 2018

Master includes now native code for (the venerable) MD5 and SHA1 so Crypto.Hash.MD5 and Crypto.Hash.SHA1 are always available regardless of the OpenSSL library linked to Python.

@Legrandin

This comment has been minimized.

Show comment
Hide comment
@Legrandin

Legrandin Mar 8, 2018

Owner

Fixed in v3.5.1.

Owner

Legrandin commented Mar 8, 2018

Fixed in v3.5.1.

@Legrandin Legrandin closed this Mar 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment