[reportlab-users] ReportLab fails with ValueError on FIPS enabled systems

Andy Robinson andy at reportlab.com
Mon Jul 28 10:34:58 EDT 2025 

Can we say that Pythons are "pining for the Fjords"?

On Mon, 28 Jul 2025 at 15:22, Robin Becker <robin at reportlab.com> wrote:

> Hi Marius, I believe Python 3.8 is now EOL and 3.9 is soon to follow.
>
> On Mon, 28 Jul 2025 at 12:00, Marius Gedminas <marius at gedmin.as> wrote:
>
>> Sun, Jun 29, 2025 at 08:13:59PM -0400, Martin Renters via reportlab-users
>> rašė:
>> >   File "//opt/dftoolkit/lib/python3.9/site-packages/reportlab/pdfbase/
>> > pdfdoc.py", line 137, in __init__
>> >
>> >     sig = self.signature = md5()
>> >
>> > ValueError: [digital envelope routines] unsupported
>> >
>> > Most of the uses of MD5, aside from the use in the actual PDF
>> encryption,
>> > appear not to be security related. In Python 3.9, the hashlib functions
>> can be
>> > passed a keyword argument called ‘usedforsecurity’ (defaulting to True)
>> that
>> > can be set to False if the hash algorithm isn’t used for security
>> purposes.
>> > This allows the use of MD5 hashes even on FIPS enabled systems and
>> allows
>> > ReportLab to successfully generate PDFs. Passing this keyword argument
>> on the
>> > older Python 3.6.8 doesn’t cause any ill effects.
>>
>> Meanwhile Python 3.8.18 complains:
>>
>>   TypeError: 'usedforsecurity' is an invalid keyword argument for
>> openssl_md5()
>>
>> in
>> /opt/hostedtoolcache/Python/3.8.18/x64/lib/python3.8/site-packages/reportlab/pdfbase/pdfdoc.py
>> line 137, which is
>>
>>   sig = self.signature = md5(usedforsecurity=False)
>>
>> (I'm translating pytest's default rich traceback that dumps the source
>> of the entire PDFDocument.__init__ into something that can be pasted
>> into an email.)
>>
>> Is Python 3.8 still supported?  https://pypi.org/project/reportlab/ says
>> both
>>
>>    Requires: Python <4, >=3.7
>>
>> and also omits 3.8 from the classifiers, which is a bit ambiguous.
>>
>> Oh, I see 3.8 is EOL upstream, so I suppose I'll just drop it from my
>> test matrix.
>>
>> Marius Gedminas
>> --
>> I used to (somewhat) sneer at people who describe themselves thus: "I
>> program
>> HTML". Then I tried to make a web-site look as I wanted it to (ie. not
>> grotesquely ugly), wow - perhaps they were onto something. Some think
>> there is
>> a pile of broken mess in our desktop, but at least you know where you are
>> with
>> a GtkHBox.
>>                 -- Michael Meeks
>> _______________________________________________
>> reportlab-users mailing list
>> reportlab-users at lists2.reportlab.com
>> https://pairlist2.pair.net/mailman/listinfo/reportlab-users
>>
>
>
> --
> Robin Becker
> _______________________________________________
> reportlab-users mailing list
> reportlab-users at lists2.reportlab.com
> https://pairlist2.pair.net/mailman/listinfo/reportlab-users
>


-- 
Andy Robinson
Managing Director, ReportLab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist2.pair.net/pipermail/reportlab-users/attachments/20250728/e5fb8862/attachment.htm>

More information about the reportlab-users mailing list