Set hashlib.md5(usedforsecurity=False) when computing POTCAR hashes (#3094)

janosh · web-flow · commit f4cd65bfc068 · 2023-06-22T19:35:34.000-07:00
* set hashlib.md5(usedforsecurity=False) when computing POTCAR hashes

* hashlib.md5(usedforsecurity=False) is py39+

* missed one
diff --git a/pymatgen/io/abinit/pseudos.py b/pymatgen/io/abinit/pseudos.py
@@ -101,7 +101,7 @@ def as_pseudo(cls, obj):
         return obj if isinstance(obj, cls) else cls.from_file(obj)
 
     @staticmethod
-    def from_file(filename):
+    def from_file(filename) -> Pseudo:
         """
         Build an instance of a concrete Pseudo subclass from filename.
         Note: the parser knows the concrete class that should be instantiated
@@ -118,20 +118,20 @@ def __eq__(self, other: object) -> bool:
             and self.__class__ == other.__class__
         )
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         try:
             return f"<{type(self).__name__} at {os.path.relpath(self.filepath)}>"
         except Exception:
             # relpath can fail if the code is executed in demon mode.
             return f"<{type(self).__name__} at {self.filepath}>"
 
-    def __str__(self):
+    def __str__(self) -> str:
         return self.to_string()
 
-    def to_string(self, verbose=0):
+    def to_string(self, verbose=0) -> str:
         """String representation."""
         # pylint: disable=E1101
-        lines = []
+        lines: list[str] = []
         app = lines.append
         app(f"<{type(self).__name__}: {self.basename}>")
         app("  summary: " + self.summary.strip())
@@ -153,66 +153,64 @@ def to_string(self, verbose=0):
 
     @property
     @abc.abstractmethod
-    def summary(self):
+    def summary(self) -> str:
         """String summarizing the most important properties."""
 
     @property
-    def filepath(self):
+    def filepath(self) -> str:
         """Absolute path to pseudopotential file."""
-        # pylint: disable=E1101
         return os.path.abspath(self.path)
 
     @property
-    def basename(self):
+    def basename(self) -> str:
         """File basename."""
-        # pylint: disable=E1101
         return os.path.basename(self.filepath)
 
     @property
     @abc.abstractmethod
-    def Z(self):
+    def Z(self) -> int:
         """The atomic number of the atom."""
 
     @property
     @abc.abstractmethod
-    def Z_val(self):
+    def Z_val(self) -> int:
         """Valence charge."""
 
     @property
-    def type(self):
+    def type(self) -> str:
         """Type of pseudo."""
         return type(self).__name__
 
     @property
-    def element(self):
+    def element(self) -> Element:
         """Pymatgen :class:`Element`."""
         try:
             return Element.from_Z(self.Z)
         except (KeyError, IndexError):
             return Element.from_Z(int(self.Z))
 
     @property
-    def symbol(self):
+    def symbol(self) -> str:
         """Element symbol."""
         return self.element.symbol
 
     @property
     @abc.abstractmethod
-    def l_max(self):
+    def l_max(self) -> int:
         """Maximum angular momentum."""
 
     @property
     @abc.abstractmethod
-    def l_local(self):
+    def l_local(self) -> int:
         """Angular momentum used for the local part."""
 
     @property
-    def isnc(self):
+    def isnc(self) -> bool:
         """True if norm-conserving pseudopotential."""
         return isinstance(self, NcPseudo)
 
     @property
-    def ispaw(self):
+    def ispaw(self) -> bool:
         """True if PAW pseudopotential."""
         return isinstance(self, PawPseudo)
 
@@ -223,14 +221,17 @@ def md5(self):
         return self.compute_md5()
 
     def compute_md5(self):
-        """Compute and erturn MD5 hash value."""
+        """Compute and return MD5 hash value."""
         # pylint: disable=E1101
         import hashlib
 
         with open(self.path) as fh:
             text = fh.read()
-            m = hashlib.md5(text.encode("utf-8"))
-            return m.hexdigest()
+            # usedforsecurity=False needed in FIPS mode (Federal Information Processing Standards)
+            # https://github.com/materialsproject/pymatgen/issues/2804
+            md5 = hashlib.new("md5", usedforsecurity=False)  # hashlib.md5(usedforsecurity=False) is py39+
+            md5.update(text.encode("utf-8"))
+            return md5.hexdigest()
 
     @property
     @abc.abstractmethod
@@ -242,7 +243,6 @@ def supports_soc(self):
 
     def as_dict(self, **kwargs):
         """Return dictionary for MSONable protocol."""
-        # pylint: disable=E1101
         return {
             "@module": type(self).__module__,
             "@class": type(self).__name__,
diff --git a/pymatgen/io/cp2k/inputs.py b/pymatgen/io/cp2k/inputs.py
@@ -24,13 +24,13 @@
 from __future__ import annotations
 
 import copy
+import hashlib
 import itertools
 import os
 import re
 import textwrap
 import typing
 from dataclasses import dataclass, field
-from hashlib import md5
 from pathlib import Path
 from typing import TYPE_CHECKING, Any, Iterable, Literal, Sequence
 
@@ -2416,7 +2416,11 @@ def softmatch(self, other):
 
     def get_hash(self) -> str:
         """Get a hash of this object"""
-        return md5(self.get_string().lower().encode("utf-8")).hexdigest()
+        # usedforsecurity=False needed in FIPS mode (Federal Information Processing Standards)
+        # https://github.com/materialsproject/pymatgen/issues/2804
+        md5 = hashlib.new("md5", usedforsecurity=False)  # hashlib.md5(usedforsecurity=False) is py39+
+        md5.update(self.get_string().lower().encode("utf-8"))
+        return md5.hexdigest()
 
     def get_string(self):
         """Get string representation"""
diff --git a/pymatgen/io/vasp/inputs.py b/pymatgen/io/vasp/inputs.py
@@ -5,6 +5,7 @@
 
 from __future__ import annotations
 
+import hashlib
 import itertools
 import json
 import logging
@@ -16,7 +17,7 @@
 from collections import namedtuple
 from enum import Enum
 from glob import glob
-from hashlib import md5, sha256
+from hashlib import sha256
 from typing import TYPE_CHECKING, Any, Literal, Sequence
 
 import numpy as np
@@ -2175,7 +2176,11 @@ def get_potcar_file_hash(self):
 
         :return: Hash value.
         """
-        return md5(self.data.encode("utf-8")).hexdigest()
+        # usedforsecurity=False needed in FIPS mode (Federal Information Processing Standards)
+        # https://github.com/materialsproject/pymatgen/issues/2804
+        md5 = hashlib.new("md5", usedforsecurity=False)  # hashlib.md5(usedforsecurity=False) is py39+
+        md5.update(self.data.encode("utf-8"))
+        return md5.hexdigest()
 
     def get_potcar_hash(self):
         """
@@ -2212,7 +2217,11 @@ def get_potcar_hash(self):
                 hash_str += v.replace(" ", "")
 
         self.hash_str = hash_str
-        return md5(hash_str.lower().encode("utf-8")).hexdigest()
+        # usedforsecurity=False needed in FIPS mode (Federal Information Processing Standards)
+        # https://github.com/materialsproject/pymatgen/issues/2804
+        md5 = hashlib.new("md5", usedforsecurity=False)  # hashlib.md5(usedforsecurity=False) is py39+
+        md5.update(hash_str.lower().encode("utf-8"))
+        return md5.hexdigest()
 
     def __getattr__(self, a):
         """
