diff --git a/AUTHORS b/AUTHORS index dbe1082a648..4b6aa8ffb22 100644 --- a/AUTHORS +++ b/AUTHORS @@ -85,6 +85,7 @@ Other contributors, listed alphabetically, are: * Daniel Pizetta -- inheritance diagram improvements * KINEBUCHI Tomohiko -- typing Sphinx as well as docutils * Adrián Chaves (Gallaecio) -- coverage builder improvements +* Lars Hupfeldt Nielsen - OpenSSL FIPS mode md5 bug fix Many thanks for all contributions! diff --git a/CHANGES b/CHANGES index 9d788606309..eaa9a0760f1 100644 --- a/CHANGES +++ b/CHANGES @@ -17,6 +17,7 @@ Bugs fixed ---------- * #7567: autodoc: parametrized types are shown twice for generic types +* #7611: md5 fails when OpenSSL FIPS is enabled Testing -------- diff --git a/sphinx/builders/html/__init__.py b/sphinx/builders/html/__init__.py index 320c7feb6b7..463e19b7b70 100644 --- a/sphinx/builders/html/__init__.py +++ b/sphinx/builders/html/__init__.py @@ -13,7 +13,6 @@ import re import sys import warnings -from hashlib import md5 from os import path from typing import Any, Dict, IO, Iterable, Iterator, List, Set, Tuple @@ -38,7 +37,7 @@ from sphinx.locale import _, __ from sphinx.search import js_index from sphinx.theming import HTMLThemeFactory -from sphinx.util import logging, progress_message, status_iterator +from sphinx.util import logging, progress_message, status_iterator, md5 from sphinx.util.docutils import is_html5_writer_available, new_document from sphinx.util.fileutil import copy_asset from sphinx.util.i18n import format_date diff --git a/sphinx/ext/graphviz.py b/sphinx/ext/graphviz.py index 27b64fbce1d..c21868a6fe3 100644 --- a/sphinx/ext/graphviz.py +++ b/sphinx/ext/graphviz.py @@ -12,7 +12,6 @@ import posixpath import re import subprocess -from hashlib import sha1 from os import path from subprocess import CalledProcessError, PIPE from typing import Any, Dict, List, Tuple @@ -25,7 +24,7 @@ from sphinx.application import Sphinx from sphinx.errors import SphinxError from sphinx.locale import _, __ -from sphinx.util import logging +from sphinx.util import logging, sha1 from sphinx.util.docutils import SphinxDirective, SphinxTranslator from sphinx.util.fileutil import copy_asset from sphinx.util.i18n import search_image_for_language diff --git a/sphinx/ext/imgmath.py b/sphinx/ext/imgmath.py index 4297ad1829a..2050e470e98 100644 --- a/sphinx/ext/imgmath.py +++ b/sphinx/ext/imgmath.py @@ -14,7 +14,6 @@ import subprocess import sys import tempfile -from hashlib import sha1 from os import path from subprocess import CalledProcessError, PIPE from typing import Any, Dict, List, Tuple @@ -30,7 +29,7 @@ from sphinx.deprecation import RemovedInSphinx40Warning, deprecated_alias from sphinx.errors import SphinxError from sphinx.locale import _, __ -from sphinx.util import logging +from sphinx.util import logging, sha1 from sphinx.util.math import get_node_equation_number, wrap_displaymath from sphinx.util.osutil import ensuredir from sphinx.util.png import read_png_depth, write_png_depth diff --git a/sphinx/ext/inheritance_diagram.py b/sphinx/ext/inheritance_diagram.py index db2a15b14c0..7b2383fcadf 100644 --- a/sphinx/ext/inheritance_diagram.py +++ b/sphinx/ext/inheritance_diagram.py @@ -38,7 +38,6 @@ class E(B): pass import builtins import inspect import re -from hashlib import md5 from importlib import import_module from typing import Any, Dict, Iterable, List, Tuple from typing import cast @@ -55,6 +54,7 @@ class E(B): pass graphviz, figure_wrapper, render_dot_html, render_dot_latex, render_dot_texinfo ) +from sphinx.util import md5 from sphinx.util.docutils import SphinxDirective from sphinx.writers.html import HTMLTranslator from sphinx.writers.latex import LaTeXTranslator diff --git a/sphinx/transforms/post_transforms/images.py b/sphinx/transforms/post_transforms/images.py index d1b513b27c0..57b36b4b0ee 100644 --- a/sphinx/transforms/post_transforms/images.py +++ b/sphinx/transforms/post_transforms/images.py @@ -10,7 +10,6 @@ import os import re -from hashlib import sha1 from math import ceil from typing import Any, Dict, List, Tuple @@ -19,7 +18,7 @@ from sphinx.application import Sphinx from sphinx.locale import __ from sphinx.transforms import SphinxTransform -from sphinx.util import epoch_to_rfc1123, rfc1123_to_epoch +from sphinx.util import epoch_to_rfc1123, rfc1123_to_epoch, sha1 from sphinx.util import logging, requests from sphinx.util.images import guess_mimetype, get_image_extension, parse_data_uri from sphinx.util.osutil import ensuredir, movefile diff --git a/sphinx/util/__init__.py b/sphinx/util/__init__.py index 12ae051f106..2a08821e1f6 100644 --- a/sphinx/util/__init__.py +++ b/sphinx/util/__init__.py @@ -10,6 +10,7 @@ import fnmatch import functools +import hashlib import os import posixpath import re @@ -21,7 +22,6 @@ from codecs import BOM_UTF8 from collections import deque from datetime import datetime -from hashlib import md5 from importlib import import_module from os import path from time import mktime, strptime @@ -170,6 +170,36 @@ def __setstate__(self, state: Set[str]) -> None: self._existing = state +def md5(data=b'', **kwargs): + """Wrapper around hashlib.md5 + + Attempt call with 'usedforsecurity=False' if we get a ValueError, which happens when + OpenSSL FIPS mode is enabled: + ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips + + See: https://github.com/sphinx-doc/sphinx/issues/7611 + """ + + try: + return hashlib.md5(data, **kwargs) # type: ignore + except ValueError: + return hashlib.md5(data, **kwargs, usedforsecurity=False) # type: ignore + + +def sha1(data=b'', **kwargs): + """Wrapper around hashlib.sha1 + + Attempt call with 'usedforsecurity=False' if we get a ValueError + + See: https://github.com/sphinx-doc/sphinx/issues/7611 + """ + + try: + return hashlib.sha1(data, **kwargs) # type: ignore + except ValueError: + return hashlib.sha1(data, **kwargs, usedforsecurity=False) # type: ignore + + class DownloadFiles(dict): """A special dictionary for download files. diff --git a/tests/test_build_html.py b/tests/test_build_html.py index ede3683155b..b3406b74c3c 100644 --- a/tests/test_build_html.py +++ b/tests/test_build_html.py @@ -10,7 +10,6 @@ import os import re -from hashlib import md5 from itertools import cycle, chain import pytest @@ -19,7 +18,7 @@ from sphinx.builders.html import validate_html_extra_path, validate_html_static_path from sphinx.errors import ConfigError from sphinx.testing.util import strip_escseq -from sphinx.util import docutils +from sphinx.util import docutils, md5 from sphinx.util.inventory import InventoryFile