Set usedforsecurity=False
in hashlib methods (FIPS compliance)
#1782
+38
−3
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR aims to make
huggingface_hub
(and then other libraries from HF-ecosystem) FIPS-compliant.Issue was first raised by @DueViktor in huggingface/transformers#27034 and huggingface/transformers#27038.
Quoting @DueViktor:
From https://docs.python.org/3/library/hashlib.html:
This PR copies what has been done in mlflow/mlflow#10106 and mlflow/mlflow#10119. We define a
insecure_hashlib
module that setsusedforsecurity=False
by default in their hash methods. Usage is pretty much the same ashashlib
:Once this is merged, the plan is to make a release and then integrate in third-party libraries from the HF-ecosystem (starting by
transformers
,diffusers
,datasets
andevaluate
). Thanks a lot @DueViktor for raising the question 👍 🙏