Summary

Soda Core fails to run in FIPS-enabled environments due to the use of hashlib.blake2b, which is not FIPS 140-2 compliant and is therefore disabled in these environments.

Error

When attempting to use Soda Core with FIPS mode enabled (e.g., on hardened Linux systems), the following error is thrown:

TypeError: 'digest_size' is an invalid keyword argument for this function

This happens because blake2b is unavailable in Python under FIPS mode.

Affected Code

The use of hashlib.blake2b appears in multiple places in the codebase for purposes like hashing identifiers or computing fingerprints.

Proposed Solution

Introduce a utility function such as fips_safe_hash() that:

• Uses hashlib.blake2b() when available.
• Falls back to hashlib.sha256() with truncation when in FIPS mode.

import hashlib

def fips_safe_hash(data: bytes, digest_size=32) -> bytes:
    try:
        return hashlib.blake2b(data, digest_size=digest_size).digest()
    except (TypeError, ValueError, AttributeError):
        return hashlib.sha256(data).digest()[:digest_size]

Then replace all hashlib.blake2b(...) calls with this wrapper to ensure compatibility in both FIPS and non-FIPS environments.