PR#2317: md5: try the best to use sha256 instead of md5 and ignore FIPS in other parts - koji

		`@@ -2,7 +2,6 @@`

		`import ast`
		`import fnmatch`
		`- import hashlib`
		`import itertools`
		`import json`
		`import logging`
		`@@ -24,7 +23,7 @@`
		`from six.moves import filter, map, range, zip`

		`import koji`
		`- from koji.util import base64encode, to_list`
		`+ from koji.util import base64encode, md5_constructor, to_list`
		`from koji_cli.lib import (`
		`_,`
		`_list_tasks,`
		`@@ -1498,7 +1497,7 @@`
		`previous = session.queryRPMSigs(rpm_id=rinfo['id'], sigkey=sigkey)`
		`assert len(previous) <= 1`
		`if previous:`
		`- sighash = hashlib.md5(sighdr).hexdigest()`
		`+ sighash = md5_constructor(sighdr).hexdigest()`
		`if previous[0]['sighash'] == sighash:`
		`print(_("Signature already imported: %s") % path)`
		`continue`

cli/koji_cli/lib.py

file modified

+2 -2

		`@@ -18,7 +18,7 @@`
		`import koji`
		`# import parse_arches to current namespace for backward compatibility`
		`from koji import parse_arches`
		`- from koji.util import to_list`
		`+ from koji.util import md5_constructor, to_list`

		`try:`
		`import krbV`
		`@@ -612,7 +612,7 @@`

		`# check checksum/checksum_type`
		`if archive['checksum_type'] == koji.CHECKSUM_TYPES['md5']:`
		`- hash = hashlib.md5()`
		`+ hash = md5_constructor()`
		`elif archive['checksum_type'] == koji.CHECKSUM_TYPES['sha1']:`
		`hash = hashlib.sha1()`
		`elif archive['checksum_type'] == koji.CHECKSUM_TYPES['sha256']:`

hub/kojihub.py

file modified

+36 -38

		`@@ -43,11 +43,11 @@`
		`import tempfile`
		`import time`
		`import traceback`
		`+ from urllib.parse import parse_qs`
		`+ import xmlrpc.client`
		`import zipfile`

		`import rpm`
		`- import xmlrpc.client`
		`- from urllib.parse import parse_qs`

		`import koji`
		`import koji.auth`
		`@@ -64,6 +64,7 @@`
		`decode_bytes,`
		`dslice,`
		`joinpath,`
		`+ md5_constructor,`
		`move_and_symlink,`
		`multi_fnmatch,`
		`safer_move,`
		`@@ -6630,22 +6631,18 @@`
		`(filesize, fileinfo['filename'], fileinfo['filesize']))`

		`# checksum`
		`- if fileinfo['checksum_type'] != 'md5':`
		`- # XXX`
		`- # until we change the way we handle checksums, we have to limit this to md5`
		`- raise koji.GenericError("Unsupported checksum type: %(checksum_type)s" % fileinfo)`
		`with open(path, 'rb') as fp:`
		`- m = hashlib.md5()`
		`+ chksum = get_verify_class(fileinfo['checksum_type'])()`
		`while True:`
		`contents = fp.read(8192)`
		`if not contents:`
		`break`
		`- m.update(contents)`
		`- if fileinfo['checksum'] != m.hexdigest():`
		`+ chksum.update(contents)`
		`+ if fileinfo['checksum'] != chksum.hexdigest():`
		`raise koji.GenericError("File checksum mismatch for %s: %s != %s" %`
		`(fileinfo['filename'], fileinfo['checksum'],`
		`- m.hexdigest()))`
		`- fileinfo['hub.checked_md5'] = True`
		`+ chksum.hexdigest()))`
		`+ fileinfo['hub.checked_hash'] = True`

		`if fileinfo['buildroot_id'] not in self.br_prep:`
		`raise koji.GenericError("Missing buildroot metadata for id %(buildroot_id)r" %`
		`@@ -7207,9 +7204,7 @@`
		`archiveinfo['filename'] = filename`
		`archiveinfo['size'] = fileinfo['filesize']`
		`archiveinfo['checksum'] = fileinfo['checksum']`
		`- if fileinfo['checksum_type'] != 'md5':`
		`- # XXX`
		`- # until we change the way we handle checksums, we have to limit this to md5`
		`+ if fileinfo['checksum_type'] not in ('md5', 'sha256'):`
		`raise koji.GenericError("Unsupported checksum type: %(checksum_type)s" % fileinfo)`
		`archiveinfo['checksum_type'] = koji.CHECKSUM_TYPES[fileinfo['checksum_type']]`
		`archiveinfo['metadata_only'] = True`
		`@@ -7218,28 +7213,26 @@`
		`archiveinfo['filename'] = filename`
		`archiveinfo['size'] = os.path.getsize(filepath)`
		`# trust values computed on hub (CG_Importer.prep_outputs)`
		`- if not fileinfo or not fileinfo.get('hub.checked_md5'):`
		`+ if not fileinfo or not fileinfo.get('hub.checked_hash'):`
		`with open(filepath, 'rb') as archivefp:`
		`- m = hashlib.md5()`
		`+ chksum = get_verify_class('sha256')()`
		`while True:`
		`contents = archivefp.read(8192)`
		`if not contents:`
		`break`
		`- m.update(contents)`
		`- archiveinfo['checksum'] = m.hexdigest()`
		`+ chksum.update(contents)`
		`+ archiveinfo['checksum'] = chksum.hexdigest()`
		`+ archiveinfo['checksum_type'] = koji.CHECKSUM_TYPES['sha256']`
		`else:`
		`archiveinfo['checksum'] = fileinfo['checksum']`
		`- archiveinfo['checksum_type'] = koji.CHECKSUM_TYPES['md5']`
		`+ archiveinfo['checksum_type'] = fileinfo['checksum_type']`
		`if fileinfo:`
		`# check against metadata`
		`if archiveinfo['size'] != fileinfo['filesize']:`
		`raise koji.GenericError("File size mismatch for %s: %s != %s" %`
		`(filename, archiveinfo['size'], fileinfo['filesize']))`
		`- if fileinfo['checksum_type'] != 'md5':`
		`- # XXX`
		`- # until we change the way we handle checksums, we have to limit this to md5`
		`- raise koji.GenericError("Unsupported checksum type: %(checksum_type)s" % fileinfo)`
		`- if archiveinfo['checksum'] != fileinfo['checksum']:`
		`+ if (archiveinfo['checksum'] != fileinfo['checksum'] or`
		`+ archiveinfo['checksum_type'] != fileinfo['checksum_type']):`
		`raise koji.GenericError("File checksum mismatch for %s: %s != %s" %`
		`(filename, archiveinfo['checksum'], fileinfo['checksum']))`
		`archivetype = get_archive_type(filename, strict=True)`
		`@@ -7361,7 +7354,7 @@`
		`continue`
		`if not os.path.isfile('%s/%s' % (mavendir, mavenfile)):`
		`continue`
		`- for ext, sum_constr in (('.md5', hashlib.md5), ('.sha1', hashlib.sha1)):`
		`+ for ext, sum_constr in (('.md5', md5_constructor), ('.sha1', hashlib.sha1)):`
		`sumfile = mavenfile + ext`
		`if sumfile not in mavenfiles:`
		`sum = sum_constr()`
		`@@ -7411,7 +7404,7 @@`
		`# we use the sigkey='' to represent unsigned in the db (so that uniqueness works)`
		`else:`
		`sigkey = koji.get_sigpacket_key_id(sigkey)`
		`- sighash = hashlib.md5(sighdr).hexdigest()`
		`+ sighash = md5_constructor(sighdr).hexdigest()`
		`rpm_id = rinfo['id']`
		`# - db entry`
		`q = """SELECT sighash FROM rpmsigs WHERE rpm_id=%(rpm_id)i AND sigkey=%(sigkey)s"""`
		`@@ -10318,20 +10311,23 @@`
		`context.session.assertPerm('admin')`
		`return make_task(args, *opts)`

		`- def uploadFile(self, path, name, size, md5sum, offset, data, volume=None):`
		`+ def uploadFile(self, path, name, size, md5sum, offset, data, volume=None, checksum=None):`
		`"""upload file to the hub`

		`- Files can be uploaded in chunks, if so the md5 and size describe the`
		`+ Files can be uploaded in chunks, if so the hash and size describe the`
		`chunk rather than the whole file.`

		`:param str path: the relative path to upload to`
		`:param str name: the name of the file`
		`:param int size: size of contents (bytes)`
		`- :param str md5: md5sum (hex digest) of contents`
		`+ :param checksum: MD5 hex digest (see md5sum) or a tuple (hash_type, digest) of contents`
		`+ :type checksum: str or tuple`
		`:param str data: base64 encoded file contents`
		`:param int offset: The offset indicates where the chunk belongs.`
		`The special offset -1 is used to indicate the final`
		`chunk.`
		`+ :param str md5sum: legacy param name of checksum. md5sum name is misleading,`
		`+ but it is here for backwards compatibility`

		`:returns: True`
		`"""`
		`@@ -10341,14 +10337,16 @@`
		`# we will accept offset and size as strings to work around xmlrpc limits`
		`offset = koji.decode_int(offset)`
		`size = koji.decode_int(size)`
		`- if isinstance(md5sum, str):`
		`+ if checksum is None and md5sum is not None:`
		`+ checksum = md5sum`
		`+ if isinstance(checksum, str):`
		`# this case is for backwards compatibility`
		`verify = "md5"`
		`- digest = md5sum`
		`- elif md5sum is None:`
		`+ digest = checksum`
		`+ elif checksum is None:`
		`verify = None`
		`else:`
		`- verify, digest = md5sum`
		`+ verify, digest = checksum`
		`sum_cls = get_verify_class(verify)`
		`if offset != -1:`
		`if size is not None:`
		`@@ -10446,14 +10444,13 @@`
		`data['size'] = st.st_size`
		`data['mtime'] = st.st_mtime`
		`if verify:`
		`- sum_cls = get_verify_class(verify)`
		`+ chksum = get_verify_class(verify)()`
		`if tail is not None:`
		`if tail < 0:`
		`raise koji.GenericError("invalid tail value: %r" % tail)`
		`offset = max(st.st_size - tail, 0)`
		`os.lseek(fd, offset, 0)`
		`length = 0`
		`- chksum = sum_cls()`
		`chunk = os.read(fd, 8192)`
		`while chunk:`
		`length += len(chunk)`
		`@@ -14628,9 +14625,11 @@`

		`def get_verify_class(verify):`
		`if verify == 'md5':`
		`- return hashlib.md5`
		`+ return md5_constructor`
		`elif verify == 'adler32':`
		`return koji.util.adler32_constructor`
		`+ elif verify == 'sha256':`
		`+ return hashlib.sha256`
		`elif verify:`
		`raise koji.GenericError("Unsupported verify type: %s" % verify)`
		`else:`
		`@@ -14658,9 +14657,8 @@`
		`raise koji.GenericError("destination not a file: %s" % fn)`
		`if offset == 0 and not overwrite:`
		`raise koji.GenericError("upload path exists: %s" % fn)`
		`- sum_cls = get_verify_class(verify)`
		`+ chksum = get_verify_class(verify)()`
		`size = 0`
		`- chksum = sum_cls()`
		`inf = environ['wsgi.input']`
		`fd = os.open(fn, os.O_RDWR \| os.O_CREAT, 0o666)`
		`try:`

koji/__init__.py

file modified

+6 -5

		`@@ -3108,24 +3108,24 @@`
		`fo = open(localfile, "rb") # specify bufsize?`
		`totalsize = os.path.getsize(localfile)`
		`ofs = 0`
		`- md5sum = hashlib.md5()`
		`+ sha256sum = hashlib.sha256sum()`
		`debug = self.opts.get('debug', False)`
		`if callback:`
		`callback(0, totalsize, 0, 0, 0)`
		`while True:`
		`lap = time.time()`
		`contents = fo.read(blocksize)`
		`- md5sum.update(contents)`
		`+ sha256sum.update(contents)`
		`size = len(contents)`
		`data = util.base64encode(contents)`
		`if size == 0:`
		`# end of file, use offset = -1 to finalize upload`
		`offset = -1`
		`- digest = md5sum.hexdigest()`
		`+ digest = sha256sum.hexdigest()`
		`sz = ofs`
		`else:`
		`offset = ofs`
		`- digest = hashlib.md5(contents).hexdigest()`
		`+ digest = hashlib.sha256(contents).hexdigest()`
		`sz = size`
		`del contents`
		`tries = 0`
		`@@ -3133,7 +3133,8 @@`
		`if debug:`
		`self.logger.debug("uploadFile(%r,%r,%r,%r,%r,...)" %`
		`(path, name, sz, digest, offset))`
		`- if self.callMethod('uploadFile', path, name, sz, digest, offset, data, **volopts):`
		`+ if self.callMethod('uploadFile', path, name, sz, ("sha256", digest),`
		`+ offset, data, **volopts):`
		`break`
		`if tries <= retries:`
		`tries += 1`

koji/daemon.py

file modified

+2 -2

		`@@ -69,12 +69,12 @@`
		`break`

		`data = base64encode(contents)`
		`- digest = hashlib.md5(contents).hexdigest()`
		`+ digest = hashlib.sha256(contents).hexdigest()`
		`del contents`

		`tries = 0`
		`while True:`
		`- if session.uploadFile(path, fname, size, digest, offset, data):`
		`+ if session.uploadFile(path, fname, size, ("sha256", digest), offset, data):`
		`break`

		`if tries <= retries:`

koji/util.py

file modified

+13 -1

		`@@ -45,6 +45,18 @@`
		`from koji.xmlrpcplus import DateTime`


		`+ # BEGIN kojikamid dup #`
		`+`
		`+ def md5_constructor(args, *kwargs):`
		`+ if hasattr(hashlib._hashlib, 'get_fips_mode') and hashlib._hashlib.get_fips_mode():`
		`+ # do not care about FIPS we need md5 for signatures and older hashes`
		`+ # It is still used for some security`
		`+ kwargs['usedforsecurity'] = False`
		`+ return hashlib.md5(args, *kwargs)`
		`+`
		`+ # END kojikamid dup #`
		`+`
		`+`
		`# imported from kojiweb and kojihub`
		`def deprecated(message):`
		`"""Print deprecation warning"""`
		`@@ -583,7 +595,7 @@`
		`f.seek(o)`

		`# compute md5 of rest of file`
		`- md5 = hashlib.md5()`
		`+ md5 = md5_constructor()`
		`while True:`
		`d = f.read(1024**2)`
		`if not d:`

tests/test_hub/data/image/import_1/db.json

file modified

+10 -10

		`@@ -6,9 +6,9 @@`
		`"build_id": 137,`
		`"archive_id": "ARCHIVE_ID",`
		`"type_id": "ARCHIVETYPE",`
		`- "checksum": "19a674d997af7098a444b60d7b51cee6",`
		`+ "checksum": "ca9dd08a0b9f81b209c3ac768a7d1ca27973cfd920095e2dc3df5159f752039e",`
		`"filename": "tdl-x86_64.xml",`
		`- "checksum_type": 0,`
		`+ "checksum_type": 2,`
		`"btype_id": "BTYPEID:image",`
		`"buildroot_id": null,`
		`"id": 1001,`
		`@@ -30,9 +30,9 @@`
		`"build_id": 137,`
		`"archive_id": "ARCHIVE_ID",`
		`"type_id": "ARCHIVETYPE",`
		`- "checksum": "a5114a20d790cf17eca1b1115a4546f8",`
		`+ "checksum": "4083a6838c1b6895df27a69373f4c527a9722c045bccc08efe064f105d566c77",`
		`"filename": "image.ks",`
		`- "checksum_type": 0,`
		`+ "checksum_type": 2,`
		`"btype_id": "BTYPEID:image",`
		`"buildroot_id": null,`
		`"id": 1002,`
		`@@ -54,9 +54,9 @@`
		`"build_id": 137,`
		`"archive_id": "ARCHIVE_ID",`
		`"type_id": "ARCHIVETYPE",`
		`- "checksum": "9828cf75d9d17ac8e79e53ed71c6a71c",`
		`+ "checksum": "963a4396be7072012370db407b9ea3633b09dbe45926bb2ef912a86baac1d7b7",`
		`"filename": "image-base.ks",`
		`- "checksum_type": 0,`
		`+ "checksum_type": 2,`
		`"btype_id": "BTYPEID:image",`
		`"buildroot_id": null,`
		`"id": 1003,`
		`@@ -78,9 +78,9 @@`
		`"build_id": 137,`
		`"archive_id": "ARCHIVE_ID",`
		`"type_id": "ARCHIVETYPE",`
		`- "checksum": "f601c0f647d7cdd4c92aa511876f8533",`
		`+ "checksum": "9f4dea3a4b64def36be0119fef4d3f6e62eb6e316bf5749acddb134596faf5e9",`
		`"filename": "foo-x86_64.xml",`
		`- "checksum_type": 0,`
		`+ "checksum_type": 2,`
		`"btype_id": "BTYPEID:image",`
		`"buildroot_id": null,`
		`"id": 1004,`
		`@@ -102,9 +102,9 @@`
		`"build_id": 137,`
		`"archive_id": "ARCHIVE_ID",`
		`"type_id": "ARCHIVETYPE",`
		`- "checksum": "84547200ef5002292ecdd50c62de518e",`
		`+ "checksum": "e3ff2b57824a7ee9201786a624c54057de1b279fbcf6782fe25898d657ebd354",`
		`"filename": "my-image-7.4.2-2.x86_64.ova",`
		`- "checksum_type": 0,`
		`+ "checksum_type": 2,`
		`"btype_id": "BTYPEID:image",`
		`"buildroot_id": null,`
		`"id": 1005,`

tests/test_hub/test_get_verify_class.py

file modified

		`@@ -20,3 +20,7 @@`

		`def test_get_verify_class_is_adler32(self):`
		`kojihub.get_verify_class('adler32') is adler32_constructor`
		`+`
		`+ def test_get_verify_class_is_sha256(self):`
		`+ kojihub.get_verify_class('sha256') is hashlib.sha256`
		`+`

vm/fix_kojikamid.sh

file modified

+1 -1

		`@@ -2,7 +2,7 @@`

		`awk '/^# INSERT kojikamid dup #/ {exit} {print $0}' kojikamid.py`

		`- for fn in ../koji/__init__.py ../koji/daemon.py`
		`+ for fn in ../koji/__init__.py ../koji/daemon.py ../koji/util.py`
		`do`
		`awk '/^# END kojikamid dup #/ {p=0} p {print $0} /^# BEGIN kojikamid dup #/ {p=1}' $fn`
		`done`

vm/kojikamid.py

file modified

+6 -6

		`@@ -333,7 +333,7 @@`
		`elif checksum_type == 'sha256':`
		`checksum = hashlib.sha256()`
		`elif checksum_type == 'md5':`
		`- checksum = hashlib.md5()`
		`+ checksum = md5_constructor.md5() # noqa: F821`
		`else:`
		`raise BuildError('Unknown checksum type %s for %s' % ( # noqa: F821`
		`checksum_type,`
		`@@ -608,7 +608,7 @@`
		`destpath = os.path.join(prefix, path)`
		`fobj = open(destpath, 'r')`
		`offset = 0`
		`- sum = hashlib.md5()`
		`+ sum = hashlib.sha256()`
		`while True:`
		`data = fobj.read(131072)`
		`if not data:`
		`@@ -619,8 +619,8 @@`
		`sum.update(data)`
		`fobj.close()`
		`digest = sum.hexdigest()`
		`- server.verifyChecksum(path, digest, 'md5')`
		`- logger.info('Uploaded %s (%s bytes, md5: %s)', destpath, offset, digest)`
		`+ server.verifyChecksum(path, digest, 'sha256')`
		`+ logger.info('Uploaded %s (%s bytes, sha256: %s)', destpath, offset, digest)`


		`def get_mgmt_server():`
		`@@ -709,10 +709,10 @@`
		`if contents:`
		`size = len(contents)`
		`data = base64.b64encode(contents)`
		`- digest = hashlib.md5(contents).hexdigest()`
		`+ digest = hashlib.sha256(contents).hexdigest()`
		`del contents`
		`try:`
		`- server.uploadDirect(relpath, offset, size, digest, data)`
		`+ server.uploadDirect(relpath, offset, size, ('sha256', digest), data)`
		`except Exception:`
		`log_local('error uploading %s' % relpath)`
		`time.sleep(1)`

vm/kojivmd

file modified

+3 -3

		`@@ -775,14 +775,14 @@`
		`fobj.close()`
		`return len(data)`

		`- def uploadDirect(self, filepath, offset, size, md5sum, data):`
		`+ def uploadDirect(self, filepath, offset, size, checksum, data):`
		`"""`
		`Upload contents directly to the server.`
		`"""`
		`remotepath = os.path.dirname(os.path.join(self.getUploadDir(), filepath))`
		`filename = os.path.basename(filepath)`
		`self.session.uploadFile(remotepath, filename, size,`
		`- md5sum, offset, data)`
		`+ checksum, offset, data)`

		`def verifyChecksum(self, path, checksum, algo='sha1'):`
		`local_path = os.path.abspath(os.path.join(self.output_dir, path))`
		`@@ -795,7 +795,7 @@`
		`if algo == 'sha1':`
		`sum = hashlib.sha1()`
		`elif algo == 'md5':`
		`- sum = hashlib.md5()`
		`+ sum = koji.util.md5_constructor()`
		`elif algo == 'sha256':`
		`sum == hashlib.sha256()`
		`else:`

www/kojiweb/index.py

file modified

+2 -2

		`@@ -56,7 +56,7 @@`
		`raise koji.AuthError('Unable to authenticate, server secret not configured')`
		`digest_string = value + options['Secret'].value`
		`digest_string = digest_string.encode('utf-8')`
		`- shasum = hashlib.sha1(digest_string)`
		`+ shasum = hashlib.sha256(digest_string)`
		`value = "%s:%s" % (shasum.hexdigest(), value)`
		`cookies = http.cookies.SimpleCookie()`
		`cookies['user'] = value`
		`@@ -96,7 +96,7 @@`
		`raise koji.AuthError('Unable to authenticate, server secret not configured')`
		`digest_string = value + options['Secret'].value`
		`digest_string = digest_string.encode('utf-8')`
		`- shasum = hashlib.sha1(digest_string)`
		`+ shasum = hashlib.sha256(digest_string)`
		`if shasum.hexdigest() != sig:`
		`authlogger.warning('invalid user cookie: %s:%s', sig, value)`
		`return None`

www/lib/kojiweb/util.py

file modified

+1 -1

		`@@ -173,7 +173,7 @@`
		`tstamp = _truncTime()`
		`value = user + str(tstamp) + environ['koji.options']['Secret'].value`
		`value = value.encode('utf-8')`
		`- return hashlib.md5(value).hexdigest()[-8:]`
		`+ return hashlib.sha256(value).hexdigest()`


		`def _getValidTokens(environ):`

julian8628 commented 3 years ago

fixes: #2291

db992436 only fixes the issue of web
813ab0f3 uses an MD5 wrapper ignoring FIPS policy for the calls in other components (It might bring some potential risks, but it looks fully disabling FIPS mode on system-wide is also a bad idea)

1 new commit added

a wrapper ignoring FIPS for hashlib.md5

3 years ago

Metadata Update from @tkopecek:
- Pull-request tagged with: testing-ready

3 years ago

tkopecek commented 3 years ago

:thumbsup:

pretty please pagure-ci rebuild

3 years ago

pretty please pagure-ci rebuild

3 years ago

ktdreyer commented 3 years ago

For the first commit: sha1 is dangerously close to being broken. Can we use sha256 here instead?

For the second commit: I understand that this gets Koji working with FIPS enabled, but setting kwargs['usedforsecurity'] = False is misleading IMHO. I would argue that we are using md5 for security when we "authenticate" archive uploads/storage/downloads. We would never use those in a modern system, and I think we need to completely remove all uses of md5 and sha1 from Koji.

Edited 3 years ago by ktdreyer

tkopecek commented 3 years ago

@ktdreyer I've added a commit which replaces usage of md5 in upload functions. @julian8628 can you look if it looks sane? https://pagure.io/fork/tkopecek/koji/commits/issue2291

rebased onto b59b41b

3 years ago

julian8628 commented 3 years ago

@tkopecek it looks good, thanks!
I've rebased it, and added an arg name change from hash to checksum.

1 new commit added

fix flake8 for kojihub.py

3 years ago

Metadata Update from @mfilip:
- Pull-request tagged with: testing-done

3 years ago

tkopecek commented 3 years ago

Commit 2778b7a fixes this pull-request

Pull-Request has been merged by tkopecek

3 years ago

mikem commented 3 years ago

Please note that the checksums in the upload code path are for sanity, not security. This is why adler32 was the default. Clearly adler32 was not intended to provide strong cryptographic protection. In the upload case. Security in the upload call should come from the call connection itself (https and authentication).

The sums in the upload code are not stored. They are simply used as a sanity check on the upload. I'm not sure FIPS applies to this part.

ktdreyer commented 3 years ago

That makes sense Mike. Thanks for explaining.

I think it will make Koji easier to audit for security problems and easier for new developers to understand the code if we can remove the use of md5 and weak sha methods entirely. Also, historically we've not emphasized HTTPS everywhere, eg #2163