Skip to content

update md5 usage for FIPS compliance #630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
miknevinas wants to merge 5 commits into
base: master
Choose a base branch
from
Open

update md5 usage for FIPS compliance #630

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d08be32
make md5 fips compliant
Dec 3, 2025
98e4711
Merge branch 'master' into am/md5
Dec 3, 2025
60a51a8
update changelog
Dec 3, 2025
c04138d
move to utility
Dec 3, 2025
251f678
changelog
Dec 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ Changelog

- add script to parse worker logs for @@content-creator endpoint errors
- add X-CASTLEMTA-PRIORITY header to 2fa emails
- update md5 usage for FIPS compliance


3.1.0b7 (2025-06-09)
Expand Down
4 changes: 2 additions & 2 deletions castle/cms/_scripts/templates/watch-run.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import os
import argparse
import time
import hashlib
from castle.cms.utils import md5_fips # noqa: E402

parser = argparse.ArgumentParser(description='')
parser.add_argument('--command', dest='command')
Expand All @@ -13,7 +13,7 @@


def md5(fname):
hash_md5 = hashlib.md5()
hash_md5 = md5_fips()
with open(fname, "rb") as f:
for chunk in iter(lambda: f.read(4096), b""):
hash_md5.update(chunk)
Expand Down
4 changes: 2 additions & 2 deletions castle/cms/archival.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from castle.cms import theming # noqa: E402
from castle.cms.files import aws # noqa: E402
from castle.cms.interfaces import IArchiveContentTransformer, IArchiveManager # noqa: E402
from castle.cms.utils import normalize_url # noqa: E402
from castle.cms.utils import normalize_url, md5_fips # noqa: E402
from DateTime import DateTime # noqa: E402
from lxml.html import fromstring # noqa: E402
from lxml.html import tostring # noqa: E402
Expand Down Expand Up @@ -440,7 +440,7 @@ def move_resource(self, url, keep_ext=False, use_vhm=True):
fidata = fidata.replace(sub_url, new_url)

# upload to amazon and get url!
md5 = hashlib.md5(fidata).hexdigest()
md5 = md5_fips().hexdigest()

content_path = '{0}{1}/{2}/{3}/{4}'.format(
RESOURCES_KEY_PREFIX, md5[0], md5[1], md5[2], md5
Expand Down
1 change: 1 addition & 0 deletions castle/cms/utils/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
from .misc import get_random_string # noqa: F401
from .misc import json_dumps # noqa: F401
from .misc import make_random_key # noqa: F401
from .misc import md5_fips # noqa: F401
from .misc import normalize_url # noqa: F401
from .misc import retriable # noqa: F401
from .misc import strings_differ # noqa: F401
Expand Down
13 changes: 13 additions & 0 deletions castle/cms/utils/misc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,3 +140,16 @@ def _customhandler(obj):

def json_dumps(data):
return json.dumps(data, default=_customhandler)


def md5_fips(data=b''):
"""FIPS-compatible MD5 constructor for non-security purposes."""
try:
md5_hash = hashlib.new('md5', usedforsecurity=False)
except TypeError:
# in case FIPS is not supported
md5_hash = hashlib.md5()

if data:
md5_hash.update(data)
return md5_hash