[reportlab-users] ReportLab fails with ValueError on FIPS enabled systems

Robin Becker robin at reportlab.com
Mon Jul 28 10:22:10 EDT 2025 

Hi Marius, I believe Python 3.8 is now EOL and 3.9 is soon to follow.

On Mon, 28 Jul 2025 at 12:00, Marius Gedminas <marius at gedmin.as> wrote:

> Sun, Jun 29, 2025 at 08:13:59PM -0400, Martin Renters via reportlab-users
> rašė:
> >   File "//opt/dftoolkit/lib/python3.9/site-packages/reportlab/pdfbase/
> > pdfdoc.py", line 137, in __init__
> >
> >     sig = self.signature = md5()
> >
> > ValueError: [digital envelope routines] unsupported
> >
> > Most of the uses of MD5, aside from the use in the actual PDF encryption,
> > appear not to be security related. In Python 3.9, the hashlib functions
> can be
> > passed a keyword argument called ‘usedforsecurity’ (defaulting to True)
> that
> > can be set to False if the hash algorithm isn’t used for security
> purposes.
> > This allows the use of MD5 hashes even on FIPS enabled systems and allows
> > ReportLab to successfully generate PDFs. Passing this keyword argument
> on the
> > older Python 3.6.8 doesn’t cause any ill effects.
>
> Meanwhile Python 3.8.18 complains:
>
>   TypeError: 'usedforsecurity' is an invalid keyword argument for
> openssl_md5()
>
> in
> /opt/hostedtoolcache/Python/3.8.18/x64/lib/python3.8/site-packages/reportlab/pdfbase/pdfdoc.py
> line 137, which is
>
>   sig = self.signature = md5(usedforsecurity=False)
>
> (I'm translating pytest's default rich traceback that dumps the source
> of the entire PDFDocument.__init__ into something that can be pasted
> into an email.)
>
> Is Python 3.8 still supported?  https://pypi.org/project/reportlab/ says
> both
>
>    Requires: Python <4, >=3.7
>
> and also omits 3.8 from the classifiers, which is a bit ambiguous.
>
> Oh, I see 3.8 is EOL upstream, so I suppose I'll just drop it from my
> test matrix.
>
> Marius Gedminas
> --
> I used to (somewhat) sneer at people who describe themselves thus: "I
> program
> HTML". Then I tried to make a web-site look as I wanted it to (ie. not
> grotesquely ugly), wow - perhaps they were onto something. Some think
> there is
> a pile of broken mess in our desktop, but at least you know where you are
> with
> a GtkHBox.
>                 -- Michael Meeks
> _______________________________________________
> reportlab-users mailing list
> reportlab-users at lists2.reportlab.com
> https://pairlist2.pair.net/mailman/listinfo/reportlab-users
>


-- 
Robin Becker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist2.pair.net/pipermail/reportlab-users/attachments/20250728/9f224cc2/attachment.htm>

More information about the reportlab-users mailing list