Switch ActiveSupport::HashDigest to SHA256 (!91247) · Merge requests · GitLab.org / GitLab

Thong Kuah requested to merge switch_digest_to_sha256 into master Jun 28, 2022

What does this MR do and why?

MD5 is not supported in FIPS mode

Removes the feature flag, and enables the switch starting in GitLab 15.2

https://gitlab.com/gitlab-org/gitlab/-/issues/220878

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

[2] pry(main)> plaintext = 'something that is plaintext'
=> "something that is plaintext"
[3] pry(main)> ActiveSupport::Digest.hexdigest(plaintext)
=> "043fa56f6ff062330e3cb5361282240c"
[4] pry(main)> OpenSSL::Digest::SHA256.hexdigest(plaintext)
=> "043fa56f6ff062330e3cb5361282240c703d08ba3cc3c5a1e2c35b6b76d8e7a9"

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jun 29, 2022 by Thong Kuah

Switch ActiveSupport::HashDigest to SHA256

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports