Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pymatgen/io/vasp/inputs.py md5 call gets an error when FIPS is enabled #2804

Closed
bernstei opened this issue Jan 13, 2023 · 1 comment · Fixed by #3094
Closed

pymatgen/io/vasp/inputs.py md5 call gets an error when FIPS is enabled #2804

bernstei opened this issue Jan 13, 2023 · 1 comment · Fixed by #3094
Labels
bug io Input/output functionality vasp Vienna Ab initio Simulation Package

Comments

@bernstei
Copy link
Contributor

bernstei commented Jan 13, 2023
edited by janosh
Loading

Describe the bug
pymatgen/io/vasp/inputs.py calls hashlib.md5 for hashing in a way that generates an error on RedHat systems that have FIPS enabled.

To Reproduce

On a RedHat machine that has FIPS enabled, do any pymatgen operation that reads a potcar, e.g. Potcar.from_file("POTCAR"))

The resulting output is

  File "/home/Software/python/system/extra/lib64/python3.9/site-packages/pymatgen/io/vasp/outputs.py", line 401, in __init__
    self.update_potcar_spec(parse_potcar_file)
  File "/home/Software/python/system/extra/lib64/python3.9/site-packages/pymatgen/io/vasp/outputs.py", line 1148, in update_potcar_spec
    potcar = self.get_potcars(path)
  File "/home/Software/python/system/extra/lib64/python3.9/site-packages/pymatgen/io/vasp/outputs.py", line 1118, in get_potcars
    potcar = get_potcar_in_path(os.path.split(self.filename)[0])
  File "/home/Software/python/system/extra/lib64/python3.9/site-packages/pymatgen/io/vasp/outputs.py", line 1103, in get_potcar_in_path
    pc = Potcar.from_file(os.path.join(p, fn))
  File "/home/Software/python/system/extra/lib64/python3.9/site-packages/pymatgen/io/vasp/inputs.py", line 2240, in from_file
    single = PotcarSingle(p)
  File "/home/Software/python/system/extra/lib64/python3.9/site-packages/pymatgen/io/vasp/inputs.py", line 1811, in __init__
    self.hash = self.get_potcar_hash()
  File "/home/Software/python/system/extra/lib64/python3.9/site-packages/pymatgen/io/vasp/inputs.py", line 2151, in get_potcar_hash
    return md5(hash_str.lower().encode("utf-8")).hexdigest()
ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS

Expected behavior
successful parsing of the POTCAR file

Environment (please supply relevant versions and platform info):

Rocky Linux 8 with FIPS enabled

Additional context

This discussion s3tools/s3cmd#1005 strongly indicates adding the usedforsecurity=False to the md5() call will avoid the error, which is caused because md5 is not a secure hash for security purposes. I'm currently checking this locally and will post a followup when I see if it works.
@bernstei
Copy link
Contributor Author

Adding usedforsecurity=False to the hashlib.md5 calls in pymatgen/io/vasp/inputs.py fixes the issue for us. I suspect the same argument should also be added to the calls in pymatgen/io/abinit/pseudos.py as well, but I didn't see any other relevant calls.

@janosh janosh mentioned this issue Jun 22, 2023
Merged
@janosh janosh added bug io Input/output functionality vasp Vienna Ab initio Simulation Package labels Jun 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug io Input/output functionality vasp Vienna Ab initio Simulation Package
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Set hashlib.md5(usedforsecurity=False) when computing POTCAR hashes materialsproject/pymatgen
2 participants
@bernstei @janosh