Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIPS compatibility #2093

Closed
opopops opened this issue Mar 11, 2024 · 0 comments
Closed

FIPS compatibility #2093

opopops opened this issue Mar 11, 2024 · 0 comments
Milestone
62.0

Comments

@opopops
Copy link
Contributor

opopops commented Mar 11, 2024

Using FIPS-enabled libraries I get the following error trying to generate a PDF:

Traceback (most recent call last):
  File "/workspace/test.py", line 2, in <module>
    HTML('https://weasyprint.org/').write_pdf('/workspace/weasyprint-website.pdf')
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/__init__.py", line 259, in write_pdf
    self.render(font_config, counter_style, **options)
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/__init__.py", line 216, in render
    return Document._render(self, font_config, counter_style, options)
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/document.py", line 254, in _render
    root_box = build_formatting_structure(
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/formatting_structure/build.py", line 62, in build_formatting_structure
    box_list = element_to_box(
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/formatting_structure/build.py", line 185, in element_to_box
    child_boxes = element_to_box(
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/formatting_structure/build.py", line 185, in element_to_box
    child_boxes = element_to_box(
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/formatting_structure/build.py", line 185, in element_to_box
    child_boxes = element_to_box(
  [Previous line repeated 2 more times]
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/formatting_structure/build.py", line 253, in element_to_box
    return html.handle_element(element, box, get_image_from_uri, base_url)
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/html.py", line 81, in handle_element
    return HTML_HANDLERS[element.tag](
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/html.py", line 126, in handle_img
    image = get_image_from_uri(
  File "/workspace/.venv/lib/python3.10/site-packages/weasyprint/images.py", line 329, in get_image_from_uri
    image_id = md5(url.encode()).hexdigest()
ValueError: [digital envelope routines] unsupported

As md5 function here is not used in a security context, we should set usedforsecurity=False argument to be able to generate pdf in a FIPS-enabled environment (See https://docs.python.org/3/library/hashlib.html non-cryptographic hash functions must use usedforsecurity=False).
@liZe liZe closed this as completed in 4316bca Mar 16, 2024
liZe added a commit that referenced this issue Mar 16, 2024
@liZe
Merge pull request #2094 from opopops/fips
1ac1594 
Fix #2093, Mark use of hashlib.md5() as not for security
@liZe liZe added this to the 62.0 milestone Mar 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
62.0
Development

No branches or pull requests
2 participants
@liZe @opopops