Revert "Mark calls to md5 as not being used for secure purposes (#10192)"

This reverts commit 4dea70250b.

CHANGELOG.txt

@@ -4,7 +4,6 @@ Changelog
 5.1 (xx.xx.xxxx) - IN DEVELOPMENT
 ~~~~~~~~~~~~~~~~
 
- * Mark calls to `md5` as not being used for secure purposes, to avoid flagging on FIPS-mode systems (Sean Kelly)
  * Fix: Prevent choosers from failing when initial value is an unrecognised ID, e.g. when moving a page from a location where `parent_page_types` would disallow it (Dan Braghis)
  * Docs: Document how to add non-ModelAdmin views to a `ModelAdminGroup` (Onno Timmerman)
  * Docs: Document how to add StructBlock data to a StreamField (Ramon Wenger)

docs/releases/5.1.md

@@ -15,7 +15,7 @@ depth: 1
 
 ### Other features
 
- * Mark calls to `md5` as not being used for secure purposes, to avoid flagging on FIPS-mode systems (Sean Kelly)
+ * ...
 
 ### Bug fixes
 

wagtail/coreutils.py

@@ -20,7 +20,6 @@ from django.utils.encoding import force_str
 from django.utils.text import capfirst, slugify
 from django.utils.translation import check_for_language, get_supported_language_variant
 from django.utils.translation import gettext_lazy as _
-from hashlib import md5
 
 if TYPE_CHECKING:
     from wagtail.models import Site
@@ -422,23 +421,6 @@ def get_dummy_request(*, path: str = "/", site: "Site" = None) -> HttpRequest:
     return RequestFactory(SERVER_NAME=server_name).get(path, SERVER_PORT=server_port)
 
 
-def safe_md5(data=b"", usedforsecurity=True):
-    """
-    Safely use the MD5 hash algorithm with the given ``data`` and a flag
-    indicating if the purpose of the digest is for security or not.
-
-    On security-restricted systems (such as FIPS systems), insecure hashes
-    like MD5 are disabled by default. But passing ``usedforsecurity`` as
-    ``False`` tells the underlying security implementation we're not trying
-    to use the digest for secure purposes and to please just go ahead and
-    allow it to happen.
-    """
-    if accepts_kwarg(md5, "usedforsecurity"):
-        return md5(data, usedforsecurity=usedforsecurity)
-    else:
-        return md5(data)
-
-
 class BatchProcessor:
     """
     A class to help with processing of an unknown (and potentially very

wagtail/embeds/embeds.py

@@ -1,8 +1,9 @@
 from datetime import datetime
+from hashlib import md5
 
 from django.utils.timezone import now
 
-from wagtail.coreutils import accepts_kwarg, safe_md5
+from wagtail.coreutils import accepts_kwarg
 
 from .exceptions import EmbedUnsupportedProviderException
 from .finders import get_finders
@@ -65,7 +66,8 @@ def get_embed(url, max_width=None, max_height=None, finder=None):
 
 
 def get_embed_hash(url, max_width=None, max_height=None):
-    h = safe_md5(url.encode("utf-8"), usedforsecurity=False)
+    h = md5()
+    h.update(url.encode("utf-8"))
     if max_width is not None:
         h.update(b"\n")
         h.update(str(max_width).encode("utf-8"))

wagtail/users/utils.py

@@ -1,10 +1,10 @@
+import hashlib
+
 from django.conf import settings
 from django.utils.http import urlencode
 from django.utils.translation import gettext_lazy as _
 
 from wagtail.compat import AUTH_USER_APP_LABEL, AUTH_USER_MODEL_NAME
-from wagtail.coreutils import safe_md5
-
 
 delete_user_perm = "{0}.delete_{1}".format(
     AUTH_USER_APP_LABEL, AUTH_USER_MODEL_NAME.lower()
@@ -38,11 +38,9 @@ def get_gravatar_url(email, size=50):
     if (not email) or (gravatar_provider_url is None):
         return None
 
-    email_bytes = email.lower().encode("utf-8")
-    hashed = safe_md5(email_bytes, usedforsecurity=False).hexdigest()
     gravatar_url = "{gravatar_provider_url}/{hash}?{params}".format(
         gravatar_provider_url=gravatar_provider_url.rstrip("/"),
-        hash=hashed,
+        hash=hashlib.md5(email.lower().encode("utf-8")).hexdigest(),
         params=urlencode({"s": size, "d": default}),
     )