md5sum FIPS issue

[shaze]

Version :

Truvari v4.2.3-dev

Describe the bug :

For systems which are FIPS-compliant there is a very aggravating constraint that hashlib.md5 calls need the optional argument usedforsecurity=False added, or the code won't work.

See below

/usr/local/bin/truvari
crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Aborted (core dumped)

To Reproduce :

Enable FIPS (e.g., run fips-mode-setup and set up policies) and install with pip

Expected behavior :
N/A

Additional context :

The usedforsecurity=False argument must be added to hashlib.md5. I've done this and built locally and it works. A patch is attached. (As an aside, the upstream dependancies numpy and pysam also have this problem)

fips.patch

[ACEnglish]

Hello,

Yes, that is particularly aggravating because those three calls are never reached by users and is only as part of the functional tests infrastructure. Regardless, the changes have been made. Hope it helps!

It may be a bit before I cut a new release. In the meantime you can building directly from develop (details) or use pip install git+https://github.com/acenglish/truvari@a8dbd3066f7572e9b7487c470485de34930eee12

Have a great day,
~/Adam English