replace md5 with sha256

2020-06-23 10:25:01 +02:00 · 2020-06-23 10:25:01 +02:00 · 50bcb6f3bc
commit 50bcb6f3bc
parent a893e8bf2b
10 changed files with 60 additions and 60 deletions
--- a/koji/init.py
+++ b/koji/init.py
@ -27,6 +27,7 @@ from __future__ import absolute_import, division
 import base64
 import datetime
 import errno
+import hashlib
 import imp
 import logging
 import logging.handlers
@ -3109,24 +3110,24 @@ class ClientSession(object):
        fo = open(localfile, "rb")  # specify bufsize?
        totalsize = os.path.getsize(localfile)
        ofs = 0
-        md5sum = util.md5_constructor()
+        sha256sum = hashlib.sha256sum()
        debug = self.opts.get('debug', False)
        if callback:
            callback(0, totalsize, 0, 0, 0)
        while True:
            lap = time.time()
            contents = fo.read(blocksize)
-            md5sum.update(contents)
+            sha256sum.update(contents)
            size = len(contents)
            data = util.base64encode(contents)
            if size == 0:
                # end of file, use offset = -1 to finalize upload
                offset = -1
-                digest = md5sum.hexdigest()
+                digest = sha256sum.hexdigest()
                sz = ofs
            else:
                offset = ofs
-                digest = util.md5_constructor(contents).hexdigest()
+                digest = hashlib.sha256(contents).hexdigest()
                sz = size
            del contents
            tries = 0
@ -3134,7 +3135,8 @@ class ClientSession(object):
                if debug:
                    self.logger.debug("uploadFile(%r,%r,%r,%r,%r,...)" %
                                      (path, name, sz, digest, offset))
-                if self.callMethod('uploadFile', path, name, sz, digest, offset, data, **volopts):
+                if self.callMethod('uploadFile', path, name, sz, ("sha256", digest),
+                                   offset, data, **volopts):
                    break
                if tries <= retries:
                    tries += 1
--- a/koji/daemon.py
+++ b/koji/daemon.py
@ -23,6 +23,7 @@
 from __future__ import absolute_import, division

 import errno
+import hashlib
 import logging
 import os
 import signal
@ -43,7 +44,6 @@ from koji.util import (
    adler32_constructor,
    base64encode,
    dslice,
-    md5_constructor,
    parseStatus,
    to_list,
    joinpath,
@ -69,12 +69,12 @@ def incremental_upload(session, fname, fd, path, retries=5, logger=None):
            break

        data = base64encode(contents)
-        digest = md5_constructor(contents).hexdigest()
+        digest = hashlib.sha256(contents).hexdigest()
        del contents

        tries = 0
        while True:
-            if session.uploadFile(path, fname, size, digest, offset, data):
+            if session.uploadFile(path, fname, size, ("sha256", digest), offset, data):
                break

            if tries <= retries:
--- a/koji/util.py
+++ b/koji/util.py
@ -49,7 +49,8 @@ from koji.xmlrpcplus import DateTime

 def md5_constructor(*args, **kwargs):
    if hasattr(hashlib._hashlib, 'get_fips_mode') and hashlib._hashlib.get_fips_mode():
-        # do not care about FIPS
+        # do not care about FIPS we need md5 for signatures and older hashes
+        # It is still used for *some* security
        kwargs['usedforsecurity'] = False
    return hashlib.md5(*args, **kwargs)