[reportlab-users] ReportLab fails with ValueError on FIPS enabled systems

Marius Gedminas marius at gedmin.as
Mon Jul 28 07:00:35 EDT 2025 

Sun, Jun 29, 2025 at 08:13:59PM -0400, Martin Renters via reportlab-users rašė:
>   File "//opt/dftoolkit/lib/python3.9/site-packages/reportlab/pdfbase/
> pdfdoc.py", line 137, in __init__
> 
>     sig = self.signature = md5()
> 
> ValueError: [digital envelope routines] unsupported
> 
> Most of the uses of MD5, aside from the use in the actual PDF encryption,
> appear not to be security related. In Python 3.9, the hashlib functions can be
> passed a keyword argument called ‘usedforsecurity’ (defaulting to True) that
> can be set to False if the hash algorithm isn’t used for security purposes.
> This allows the use of MD5 hashes even on FIPS enabled systems and allows
> ReportLab to successfully generate PDFs. Passing this keyword argument on the
> older Python 3.6.8 doesn’t cause any ill effects.

Meanwhile Python 3.8.18 complains:

  TypeError: 'usedforsecurity' is an invalid keyword argument for openssl_md5()

in /opt/hostedtoolcache/Python/3.8.18/x64/lib/python3.8/site-packages/reportlab/pdfbase/pdfdoc.py line 137, which is

  sig = self.signature = md5(usedforsecurity=False)

(I'm translating pytest's default rich traceback that dumps the source
of the entire PDFDocument.__init__ into something that can be pasted
into an email.)

Is Python 3.8 still supported?  https://pypi.org/project/reportlab/ says
both

   Requires: Python <4, >=3.7 

and also omits 3.8 from the classifiers, which is a bit ambiguous.

Oh, I see 3.8 is EOL upstream, so I suppose I'll just drop it from my
test matrix.

Marius Gedminas
-- 
I used to (somewhat) sneer at people who describe themselves thus: "I program
HTML". Then I tried to make a web-site look as I wanted it to (ie. not
grotesquely ugly), wow - perhaps they were onto something. Some think there is
a pile of broken mess in our desktop, but at least you know where you are with
a GtkHBox.
                -- Michael Meeks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://pairlist2.pair.net/pipermail/reportlab-users/attachments/20250728/20022100/attachment.sig>

More information about the reportlab-users mailing list