From a34379ab5378d20b6ad7b663c9d15ca9e5f7e387 Mon Sep 17 00:00:00 2001
From: Michael Marchetti <mike@rstudio.com>
Date: Mon, 12 Apr 2021 19:22:48 -0400
Subject: [PATCH 1/3] md5 fallback for FIPS mode

---
 rsconnect/bundle.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/rsconnect/bundle.py b/rsconnect/bundle.py
index 51a394c0..1b7316d0 100644
--- a/rsconnect/bundle.py
+++ b/rsconnect/bundle.py
@@ -75,10 +75,20 @@ def manifest_add_buffer(manifest, filename, buf):
     manifest["files"][filename] = {"checksum": buffer_checksum(buf)}
 
 
+def make_hasher():
+    try:
+        return hashlib.md5()
+    except Exception:
+        # md5 is not available in FIPS mode, see if the usedforsecurity option is available
+        # (it was added in python 3.9). We set usedforsecurity=False since we are only
+        # using this for a file upload integrity check.
+        return hashlib.md5(usedforsecurity=False)
+
+
 def file_checksum(path):
     """Calculate the md5 hex digest of the specified file"""
     with open(path, "rb") as f:
-        m = hashlib.md5()
+        m = make_hasher()
         chunk_size = 64 * 1024
 
         chunk = f.read(chunk_size)
@@ -90,7 +100,7 @@ def file_checksum(path):
 
 def buffer_checksum(buf):
     """Calculate the md5 hex digest of a buffer (str or bytes)"""
-    m = hashlib.md5()
+    m = make_hasher()
     m.update(to_bytes(buf))
     return m.hexdigest()
 

From 23838590e91639701c74f2821d6665c553dc7dbe Mon Sep 17 00:00:00 2001
From: Michael Marchetti <mike@rstudio.com>
Date: Mon, 12 Apr 2021 19:29:23 -0400
Subject: [PATCH 2/3] update changelog

---
 CHANGELOG.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 591eb1d8..24bbceeb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+
+### Added
+- Support for generating md5 file upload checksums, even if Python's `hashlib`
+  was configured for FIPS mode.
+
+
 ## [1.5.2] - 2021-04-02
 
 ### Added

From 0445300ba903afd42058d901a8fda43f3df85fdf Mon Sep 17 00:00:00 2001
From: Michael Marchetti <mike@rstudio.com>
Date: Tue, 13 Apr 2021 10:50:07 -0400
Subject: [PATCH 3/3] update changelog

---
 CHANGELOG.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 24bbceeb..119b4e99 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - Support for generating md5 file upload checksums, even if Python's `hashlib`
-  was configured for FIPS mode.
+  was configured for FIPS mode. The fallback uses the `usedforsecurity` option which is
+  available in Python 3.9 and later.
 
 
 ## [1.5.2] - 2021-04-02