-
-
Notifications
You must be signed in to change notification settings - Fork 7.9k
{{ message }}
Closed
Description
Bug report
Bug summary
If you use a FIPS (Federal Information Processing Standards) compliant Python install, then you cannot use plt.savefig to save an image in SVG format. This is because the RenderSVG._make_id method takes the first 10 characters of a hashlib.md5 digest of entries in the SVG as the ID for that part of the SVG file. The MD5 algorithm is disabled on FIPS compliant systems or in FIPS compliant Python installs.
Code for reproduction
The big requirement here is a FIPS compliant system or at least a Python install compiled to be FIPS compliant. Then the following code will reproduce the error.
To reproduce,
- I started a CentOS 8 virtual machine
- Ran
sudo fips-mode-setup --enable && sudo reboot - After the reboot I confirmed FIPS mode had been enabled by running
fips-mode-setup --checkand it returnedFIPS mode is enabled.. sudo dnf install python3python3 -m venv venv./venv/bin/python -m pip install -U pip setuptools./venv/bin/python -m pip install matplotlib./venv/bin/python demo.py. The contents ofdemo.pyare listed below.
""" demo.py: demonstrates that matplotlib can't save SVGs if FIPS mode enabled """
import matplotlib.pyplot as plt
plt.plot(range(10))
plt.savefig(range10.png")
plt.savefig("range10.svg")Actual outcome
Traceback (most recent call last):
File "demo.py", line 5, in <module>
plt.savefig("range10.svg")
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/pyplot.py", line 842, in savefig
res = fig.savefig(*args, **kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/figure.py", line 2311, in savefig
self.canvas.print_figure(fname, **kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/backend_bases.py", line 2217, in print_figure
**kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/backends/backend_svg.py", line 1318, in print_svg
self._print_svg(filename, fh, **kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/backend_bases.py", line 1639, in wrapper
return func(*args, **kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/backends/backend_svg.py", line 1342, in _print_svg
self.figure.draw(renderer)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/artist.py", line 41, in draw_wrapper
return draw(artist, renderer, *args, **kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/figure.py", line 1864, in draw
renderer, self, artists, self.suppressComposite)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/image.py", line 132, in _draw_list_compositing_images
a.draw(renderer)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/artist.py", line 41, in draw_wrapper
return draw(artist, renderer, *args, **kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/cbook/deprecation.py", line 411, in wrapper
return func(*inner_args, **inner_kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/axes/_base.py", line 2748, in draw
mimage._draw_list_compositing_images(renderer, self, artists)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/image.py", line 132, in _draw_list_compositing_images
a.draw(renderer)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/artist.py", line 41, in draw_wrapper
return draw(artist, renderer, *args, **kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/axis.py", line 1169, in draw
tick.draw(renderer)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/artist.py", line 41, in draw_wrapper
return draw(artist, renderer, *args, **kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/axis.py", line 291, in draw
artist.draw(renderer)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/artist.py", line 41, in draw_wrapper
return draw(artist, renderer, *args, **kwargs)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/lines.py", line 854, in draw
fc_rgba)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/backends/backend_svg.py", line 683, in draw_markers
oid = self._make_id('m', dictkey)
File "/home/daytonb/venv/lib64/python3.6/site-packages/matplotlib/backends/backend_svg.py", line 440, in _make_id
m = hashlib.md5()
ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS
Expected outcome
Expect no errors and an SVG named "range10.svg" that shows the same plot as a PNG named "range10.png".
Matplotlib version
- Operating system: CentOS Linux release 8.2.2004 (Core)
fips-mode-setup --checkreturnsFIPS mode is enabled
- Matplotlib version: 3.3.0
- Matplotlib backend (
print(matplotlib.get_backend())): agg - Python version: 3.6.8
- Jupyter version (if applicable): NA
- Other libraries:
[daytonb@centos-s-1vcpu-1gb-nyc1-01 ~]$ venv/bin/python -m pip list
Package Version
--------------- -------
cycler 0.10.0
kiwisolver 1.2.0
matplotlib 3.3.0
numpy 1.19.1
Pillow 7.2.0
pip 20.2.1
pyparsing 2.4.7
python-dateutil 2.8.1
setuptools 49.2.1
six 1.15.0