You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using libgravatar on security-restricted systems (such as FIPS-enabled systems on newer U.S. Government computers) produces a stack trace. On such systems, the MD5 algorithm is disabled:
$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
$ fips-mode-setup --check
FIPS mode is enabled.
$ python3 -m venv venv
$ cd venv
$ . bin/activate
(venv) $ pip install libgravatar
Collecting libgravatar
Downloading libgravatar-1.0.3-py2.py3-none-any.whl (17 kB)
Installing collected packages: libgravatar
Successfully installed libgravatar-1.0.3
$ python3
Python 3.9.12 (main, Mar 2 2023, 16:45:19)
[GCC 8.5.0 20210514 (Red Hat 8.5.0-16.0.2)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import libgravatar
>>> g = libgravatar.Gravatar('x@y.com')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/tmp/venv/lib/python3.9/site-packages/libgravatar/__init__.py", line 67, in __init__
self.email_hash = md5_hash(self.email)
File "/tmp/venv/lib/python3.9/site-packages/libgravatar/__init__.py", line 252, in md5_hash
return md5(string.encode("utf-8")).hexdigest()
ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS
On Python 3.9+, it's possible to pass a usedforsecurity=False flag to hashlib.md5 to indicate that MD5 is not being used for security but for harmless fingerprinting purposes.
The text was updated successfully, but these errors were encountered:
nutjob4life
added a commit
to nutjob4life/libgravatar
that referenced
this issue
Mar 5, 2023
Using
libgravataron security-restricted systems (such as FIPS-enabled systems on newer U.S. Government computers) produces a stack trace. On such systems, the MD5 algorithm is disabled:On Python 3.9+, it's possible to pass a
usedforsecurity=Falseflag tohashlib.md5to indicate that MD5 is not being used for security but for harmless fingerprinting purposes.The text was updated successfully, but these errors were encountered: