From 551f3519b4a6e547ab3be2d648fdfeef553ba4f1 Mon Sep 17 00:00:00 2001
From: Andy Chosak <andy.chosak@cfpb.gov>
Date: Fri, 4 Oct 2024 09:47:14 -0400
Subject: [PATCH] Deprecate explicit RHEL8 FIPS mode support

PR 89 migrated the EC2 deployment configuration for this repository to
RHEL8. Those changes included some explicit monkeypatching of MD5 to
allow for running on RHEL8 with FIPS mode enabled.

Going forward, support for EC2 deployment will be maintained in the ec2
branch [1] until such time as we are fully containerized.

For that reason, we no longer need to maintain this code in the main
branch, and it can be removed.

[0] https://github.com/cfpb/website-indexer/pull/89
[1] https://github.com/cfpb/website-indexer/tree/ec2
---
 settings.py | 48 ------------------------------------------------
 1 file changed, 48 deletions(-)

diff --git a/settings.py b/settings.py
index 75ec765..8b3df6e 100644
--- a/settings.py
+++ b/settings.py
@@ -151,51 +151,3 @@
         },
     },
 }
-
-# Monkey patch hashlib.md5 for FIPS mode compliance on RHEL8.
-# http://blog.serindu.com/2019/11/12/django-in-fips-mode/
-import hashlib
-import importlib
-
-
-def _non_security_md5(*args, **kwargs):
-    kwargs["usedforsecurity"] = False
-    return hashlib.md5(*args, **kwargs)
-
-
-def monkey_patch_md5(modules_to_patch):
-    """Monkey-patch calls to MD5 that aren't used for security purposes.
-
-    Sets RHEL's custom flag `usedforsecurity` to False allowing MD5 in FIPS mode.
-    `modules_to_patch` must be an iterable of module names (strings).
-    Modules must use `import hashlib` and not `from hashlib import md5`.
-    """
-    # Manually load a module as a unique instance
-    # https://stackoverflow.com/questions/11170949/how-to-make-a-copy-of-a-python-module-at-runtime
-    HASHLIB_SPEC = importlib.util.find_spec("hashlib")
-    patched_hashlib = importlib.util.module_from_spec(HASHLIB_SPEC)
-    HASHLIB_SPEC.loader.exec_module(patched_hashlib)
-
-    patched_hashlib.md5 = _non_security_md5  # Monkey patch MD5
-
-    # Inject our patched_hashlib for all requested modules
-    for module_name in modules_to_patch:
-        module = importlib.import_module(module_name)
-        module.hashlib = patched_hashlib
-
-
-modules_to_patch = [
-    "django.contrib.staticfiles.storage",
-    "django.core.cache.backends.filebased",
-    "django.core.cache.utils",
-    "django.db.backends.utils",
-    "django.db.backends.sqlite3.base",
-    "django.utils.cache",
-]
-
-try:
-    import hashlib
-
-    hashlib.md5()
-except ValueError:
-    monkey_patch_md5(modules_to_patch)