From 1cd177018d36987a519a331f9954d93b97f4b494 Mon Sep 17 00:00:00 2001
From: Stephen Aghaulor <saghaulor@gmail.com>
Date: Fri, 17 May 2019 09:58:19 -0700
Subject: [PATCH] Replace Digest::MD5 with OpenSSL::Digest::SHA256 for FIPS
 140-2 compliance

- The Ruby Digest class is not FIPS 140-2 compliant. When running in FIPS mode,
  calling Digest results in a segfault. Moreover, MD5 is not FIPS compliant and
  cannot be used in FIPS mode. Even when using OpenSSL::Digest::MD5 an exception
  will be raised.
- Remove unused require of 'digest/md5' from the context.rb
---
 lib/makara/config_parser.rb | 4 ++--
 lib/makara/context.rb       | 2 --
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/makara/config_parser.rb b/lib/makara/config_parser.rb
index 57565fe6..cc39435a 100644
--- a/lib/makara/config_parser.rb
+++ b/lib/makara/config_parser.rb
@@ -1,4 +1,4 @@
-require 'digest/md5'
+require 'openssl'
 require 'active_support/core_ext/hash/keys'
 require 'active_support/core_ext/hash/except'
 
@@ -151,7 +151,7 @@ def initialize(config)
     def id
       @id ||= begin
         sorted = recursive_sort(@config)
-        Digest::MD5.hexdigest(sorted.to_s)
+        OpenSSL::Digest::SHA256.hexdigest(sorted.to_s)
       end
     end
 
diff --git a/lib/makara/context.rb b/lib/makara/context.rb
index b9f8169d..46efb868 100644
--- a/lib/makara/context.rb
+++ b/lib/makara/context.rb
@@ -1,5 +1,3 @@
-require 'digest/md5'
-
 # Keeps track of the current stickiness state for different Makara proxies
 module Makara
   class Context