2 files changed, 24 insertions, 2 deletions

diff --git a/config/helpers/patched_crypto.js b/config/helpers/patched_crypto.js
new file mode 100644
index 00000000000..235242195b1
--- /dev/null
+++ b/config/helpers/patched_crypto.js
@@ -0,0 +1,22 @@
+/**
+ * Webpack 4 uses md4 internally because it is fast.
+ * Some loaders also use md5 directly.
+ * It is not available systems with FIPS enabled node.
+ *
+ * This is a hack to monkey patch the crypto function to use
+ * another algorithm if md4 or md5 is expected.
+ *
+ * https://github.com/webpack/webpack/issues/13572#issuecomment-923736472
+ *
+ * This hack can be removed once we upgrade to webpack v5 as
+ * it includes native support for configuring hash options:
+ * https://github.com/webpack/webpack/pull/14306
+ */
+const crypto = require('crypto');
+
+const cryptoHashOriginal = crypto.createHash;
+
+crypto.createHash = (algorithm) =>
+  cryptoHashOriginal(['md4', 'md5'].includes(algorithm) ? 'sha256' : algorithm);
+
+module.exports = crypto;
diff --git a/config/helpers/vendor_dll_hash.js b/config/helpers/vendor_dll_hash.js
index 9b99b4c4ae9..5d7feb35d36 100644
--- a/config/helpers/vendor_dll_hash.js
+++ b/config/helpers/vendor_dll_hash.js
@@ -1,6 +1,6 @@
-const crypto = require('crypto');
 const fs = require('fs');
 const path = require('path');
+const crypto = require('./patched_crypto');
 
 const CACHE_PATHS = [
   './config/webpack.config.js',
@@ -11,7 +11,7 @@ const CACHE_PATHS = [
 
 const resolvePath = (file) => path.resolve(__dirname, '../..', file);
 const readFile = (file) => fs.readFileSync(file);
-const fileHash = (buffer) => crypto.createHash('md5').update(buffer).digest('hex');
+const fileHash = (buffer) => crypto.createHash('sha256').update(buffer).digest('hex');
 
 module.exports = () => {
   const fileBuffers = CACHE_PATHS.map(resolvePath).map(readFile);