From 4170341d5d7ff5533ba9f29543415f240fa9ca90 Mon Sep 17 00:00:00 2001
From: "Freeman, Danny" <daniel.j.freeman@nasa.gov>
Date: Fri, 4 Aug 2023 10:14:38 -0400
Subject: [PATCH] Use FIPS Compliant sha256 algorithm for hashing

md5 and md4 (the webpack default) hashes are disabled on FIPS compliant
systems.

Additionally sha256 is less prone to collisions.

See issue #11214
---
 packages/react-dev-utils/getCSSModuleLocalIdent.js              | 2 +-
 packages/react-scripts/config/webpack.config.js                 | 2 ++
 .../config/webpack/persistentCache/createEnvironmentHash.js     | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/packages/react-dev-utils/getCSSModuleLocalIdent.js b/packages/react-dev-utils/getCSSModuleLocalIdent.js
index ce25305e7ef..d2ae16186f1 100644
--- a/packages/react-dev-utils/getCSSModuleLocalIdent.js
+++ b/packages/react-dev-utils/getCSSModuleLocalIdent.js
@@ -25,7 +25,7 @@ module.exports = function getLocalIdent(
   // Create a hash based on a the file location and class name. Will be unique across a project, and close to globally unique.
   const hash = loaderUtils.getHashDigest(
     path.posix.relative(context.rootContext, context.resourcePath) + localName,
-    'md5',
+    'sha256',
     'base64',
     5
   );
diff --git a/packages/react-scripts/config/webpack.config.js b/packages/react-scripts/config/webpack.config.js
index e465d8e7a00..1c7cd7521bf 100644
--- a/packages/react-scripts/config/webpack.config.js
+++ b/packages/react-scripts/config/webpack.config.js
@@ -238,6 +238,8 @@ module.exports = function (webpackEnv) {
               .replace(/\\/g, '/')
         : isEnvDevelopment &&
           (info => path.resolve(info.absoluteResourcePath).replace(/\\/g, '/')),
+      // Some environments disable insecure hash functions like md4,md5
+      hashFunction: 'sha256',
     },
     cache: {
       type: 'filesystem',
diff --git a/packages/react-scripts/config/webpack/persistentCache/createEnvironmentHash.js b/packages/react-scripts/config/webpack/persistentCache/createEnvironmentHash.js
index 4487e853e18..be5bdf3c07e 100644
--- a/packages/react-scripts/config/webpack/persistentCache/createEnvironmentHash.js
+++ b/packages/react-scripts/config/webpack/persistentCache/createEnvironmentHash.js
@@ -2,7 +2,7 @@
 const { createHash } = require('crypto');
 
 module.exports = env => {
-  const hash = createHash('md5');
+  const hash = createHash('sha256');
   hash.update(JSON.stringify(env));
 
   return hash.digest('hex');