From 16f9a55357c7bf69c371d5b4ba7ec7cbeac55d2c Mon Sep 17 00:00:00 2001
From: Himanshu Shekhar <Himanshu.Shekhar7@ibm.com>
Date: Wed, 10 Sep 2025 15:47:48 +0530
Subject: [PATCH 1/2] Use SHA256 instead of MD5 for FIPS mode

---
 zvmsdk/sdkwsgi/handlers/file.py |  2 +-
 zvmsdk/smtclient.py             |  2 +-
 zvmsdk/utils.py                 | 17 +++++++++++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/zvmsdk/sdkwsgi/handlers/file.py b/zvmsdk/sdkwsgi/handlers/file.py
index a829ec3e8..d48d0923f 100644
--- a/zvmsdk/sdkwsgi/handlers/file.py
+++ b/zvmsdk/sdkwsgi/handlers/file.py
@@ -68,7 +68,7 @@ def file_import(self, fileobj):
             target_fpath = '/'.join([importDir, fname])
 
             # The following steps save the imported file into sdkserver
-            checksum = hashlib.md5()
+            checksum = utils.get_hash_object()
             bytes_written = 0
 
             with open(target_fpath, 'wb') as f:
diff --git a/zvmsdk/smtclient.py b/zvmsdk/smtclient.py
index 14e2276e9..60cb00769 100644
--- a/zvmsdk/smtclient.py
+++ b/zvmsdk/smtclient.py
@@ -2901,7 +2901,7 @@ def _scheme2backend(self, scheme):
     def _get_md5sum(self, fpath):
         """Calculate the md5sum of the specific image file"""
         try:
-            current_md5 = hashlib.md5()
+            current_md5 = zvmutils.get_hash_object()
             if isinstance(fpath, six.string_types) and os.path.exists(fpath):
                 with open(fpath, "rb") as fh:
                     for chunk in self._read_chunks(fh):
diff --git a/zvmsdk/utils.py b/zvmsdk/utils.py
index 5a7127805..4aeb42722 100755
--- a/zvmsdk/utils.py
+++ b/zvmsdk/utils.py
@@ -36,6 +36,7 @@
 import traceback
 import threading
 import string
+import hashlib
 
 from zvmsdk import config
 from zvmsdk import constants
@@ -1315,3 +1316,19 @@ def get_lpar_name(zhypinfo=None):
         zhypinfo = get_zhypinfo(filter='all')
         lpar_name = zhypinfo['lpar']['layer_name']
     return lpar_name
+
+
+def is_fips_enabled():
+    try:
+        with open('/proc/sys/crypto/fips_enabled', 'r') as infile:
+            return infile.read().strip() == '1'
+    except Exception as ex:
+        LOG.warning(f'Encountered error while checking FIPS status. Error={str(ex)}')
+        return False
+
+
+def get_hash_object():
+    if is_fips_enabled():
+        return hashlib.sha256()
+    else:
+        return hashlib.md5()

From cf3a19b83041604c1eb1c9ba85e3f93274465c2d Mon Sep 17 00:00:00 2001
From: Himanshu Shekhar <Himanshu.Shekhar7@ibm.com>
Date: Wed, 10 Sep 2025 19:34:39 +0530
Subject: [PATCH 2/2] Added case of /proc/sys/crypto/fips_enabled not existing

---
 zvmsdk/utils.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/zvmsdk/utils.py b/zvmsdk/utils.py
index 4aeb42722..fe0c361e3 100755
--- a/zvmsdk/utils.py
+++ b/zvmsdk/utils.py
@@ -1319,6 +1319,9 @@ def get_lpar_name(zhypinfo=None):
 
 
 def is_fips_enabled():
+    if not os.path.exists('/proc/sys/crypto/fips_enabled'):
+        return False
+
     try:
         with open('/proc/sys/crypto/fips_enabled', 'r') as infile:
             return infile.read().strip() == '1'