Merge pull request #108 from cfpb/deprecate/rhel8-monkeypatch

Deprecate explicit RHEL8 FIPS mode support
cfpb · Oct 8, 2024 · fc402b8 · fc402b8
2 parents 0ab40e1 + 551f351
commit fc402b8
Showing 1 changed file with 0 additions and 48 deletions.
diff --git a/settings.py b/settings.py
@@ -151,51 +151,3 @@
         },
     },
 }
-
-# Monkey patch hashlib.md5 for FIPS mode compliance on RHEL8.
-# http://blog.serindu.com/2019/11/12/django-in-fips-mode/
-import hashlib
-import importlib
-
-
-def _non_security_md5(*args, **kwargs):
-    kwargs["usedforsecurity"] = False
-    return hashlib.md5(*args, **kwargs)
-
-
-def monkey_patch_md5(modules_to_patch):
-    """Monkey-patch calls to MD5 that aren't used for security purposes.
-
-    Sets RHEL's custom flag `usedforsecurity` to False allowing MD5 in FIPS mode.
-    `modules_to_patch` must be an iterable of module names (strings).
-    Modules must use `import hashlib` and not `from hashlib import md5`.
-    """
-    # Manually load a module as a unique instance
-    # https://stackoverflow.com/questions/11170949/how-to-make-a-copy-of-a-python-module-at-runtime
-    HASHLIB_SPEC = importlib.util.find_spec("hashlib")
-    patched_hashlib = importlib.util.module_from_spec(HASHLIB_SPEC)
-    HASHLIB_SPEC.loader.exec_module(patched_hashlib)
-
-    patched_hashlib.md5 = _non_security_md5  # Monkey patch MD5
-
-    # Inject our patched_hashlib for all requested modules
-    for module_name in modules_to_patch:
-        module = importlib.import_module(module_name)
-        module.hashlib = patched_hashlib
-
-
-modules_to_patch = [
-    "django.contrib.staticfiles.storage",
-    "django.core.cache.backends.filebased",
-    "django.core.cache.utils",
-    "django.db.backends.utils",
-    "django.db.backends.sqlite3.base",
-    "django.utils.cache",
-]
-
-try:
-    import hashlib
-
-    hashlib.md5()
-except ValueError:
-    monkey_patch_md5(modules_to_patch)