Change hashing algorithm in webpack (!78581) · Merge requests · GitLab.org / GitLab

Lukas 'ai-pi' Eipert requested to merge 322883-leipert-fips-workaround into master Jan 19, 2022

What does this MR do and why?

Webpack internally defaults to md4 hashing because they are fast. Similarly some loaders (e.g. cache-loader) use md5. This is generally no problem because they are mainly used for file names and nothing crypto-related.

Unfortunately FIPS enabled versions of node do not allow to use these hasing algorithms because they are considered broken by cryptographic standards. All of these cryptographic functions come from openssl. So if one uses md4 or md5 on a FIPS enabled system, the webpack process will error.

Luckily we can just monkey-patch the createHash function in node in order to use another algorithm. Thanks to this comment: https://github.com/webpack/webpack/issues/13572#issuecomment-923736472

Screenshots or screen recordings

N/A

How to set up and validate locally

TBA

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #322883 (closed)

Edited Jan 19, 2022 by Lukas 'ai-pi' Eipert

Change hashing algorithm in webpack

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports