aim
aim copied to clipboard
aimhubio
Using Aim package on FIPS compatible machine results in Error.
🐛 Bug
Running AIM with any script on a FIPS server results in errors like these making it unusable.
TypeError: 'digest_size' is an invalid keyword argument for openssl_blake2b()
TypeError: 'digest_size' is an invalid keyword argument for openssl_blake2b()
Exception ignored in: 'aim.storage.hashing.hashing.hash_object'
Traceback (most recent call last):
File "/usr/local/lib64/python3.11/site-packages/aim/storage/context.py", line 40, in _calc_hash
return hash_auto(self._context)
^^^^^^^^^^^^^^^^^^^^^^^^
To reproduce
Install AIM on FIPS enabled machine and run with any script the error seems to be 100% reproducible on our end.
Expected behavior
AIM hash function to generate hash without any error.
Environment
- Aim Version (e.g., 3.0.1) - 3.19.3
- Python version - 3.11
- pip version
- OS (e.g., Linux) - Linux
- Any other relevant information
Additional context
The problem seems to be stemming from python library hashlib, on a FIPS enabled server the _hashlib.get_fips_mode() returns 1
python3.11
>>> import _hashlib
>>> _hashlib.get_fips_mode()
1
And API call like this fails.
>>> import hashlib
>>> hashlib.blake2b(digest_size=256 //8)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: 'digest_size' is an invalid keyword argument for openssl_blake2b()
While on other server it works,
python3.11
>>> import _hashlib
>>> _hashlib.get_fips_mode()
0
>>> import hashlib
>>> hashlib.blake2b(digest_size=256 //8)
<_blake2.blake2b object at 0x7fe3f5d0cc70>
@dushyantbehl we don't have access to FIPS servers. would you be open to help us fix this?
Hey @SGevorg we can try this on our end thanks and let you guys know if the approcah seems okay.
Hey @SGevorg I have a first version of the patch which fixes this here - https://github.com/aimhubio/aim/pull/3217 opened the PR for feedback from you guys. Cheers.