Mercurial > hg
changeset 44062:2d49482d0dd4
hgext: replace references to hashlib.sha1 with hashutil.sha1
When in a non-pure build of Mercurial, this will provide protections
against SHA1 collision attacks.
Differential Revision: https://phab.mercurial-scm.org/D7851
author | Augie Fackler <augie@google.com> |
---|---|
date | Mon, 13 Jan 2020 14:12:31 -0500 |
parents | cbc5755df6bf |
children | 089255b1341e |
files | hgext/fastannotate/context.py hgext/fsmonitor/__init__.py hgext/infinitepush/store.py hgext/largefiles/lfcommands.py hgext/largefiles/lfutil.py hgext/remotefilelog/basepack.py hgext/remotefilelog/basestore.py hgext/remotefilelog/debugcommands.py hgext/remotefilelog/fileserverclient.py hgext/remotefilelog/historypack.py hgext/remotefilelog/shallowutil.py hgext/sqlitestore.py |
diffstat | 12 files changed, 48 insertions(+), 38 deletions(-) [+] |
line wrap: on
line diff
--- a/hgext/fastannotate/context.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/fastannotate/context.py Mon Jan 13 14:12:31 2020 -0500 @@ -9,7 +9,6 @@ import collections import contextlib -import hashlib import os from mercurial.i18n import _ @@ -28,7 +27,10 @@ scmutil, util, ) -from mercurial.utils import stringutil +from mercurial.utils import ( + hashutil, + stringutil, +) from . import ( error as faerror, @@ -148,7 +150,7 @@ diffoptstr = stringutil.pprint( sorted((k, getattr(diffopts, k)) for k in mdiff.diffopts.defaults) ) - return node.hex(hashlib.sha1(diffoptstr).digest())[:6] + return node.hex(hashutil.sha1(diffoptstr).digest())[:6] _defaultdiffopthash = hashdiffopts(mdiff.defaultopts)
--- a/hgext/fsmonitor/__init__.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/fsmonitor/__init__.py Mon Jan 13 14:12:31 2020 -0500 @@ -108,7 +108,6 @@ from __future__ import absolute_import import codecs -import hashlib import os import stat import sys @@ -132,7 +131,10 @@ util, ) from mercurial import match as matchmod -from mercurial.utils import stringutil +from mercurial.utils import ( + hashutil, + stringutil, +) from . import ( pywatchman, @@ -235,7 +237,7 @@ copy. """ - sha1 = hashlib.sha1() + sha1 = hashutil.sha1() sha1.update(pycompat.byterepr(ignore)) return pycompat.sysbytes(sha1.hexdigest())
--- a/hgext/infinitepush/store.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/infinitepush/store.py Mon Jan 13 14:12:31 2020 -0500 @@ -6,7 +6,6 @@ from __future__ import absolute_import import abc -import hashlib import os import subprocess import tempfile @@ -16,7 +15,10 @@ node, pycompat, ) -from mercurial.utils import procutil +from mercurial.utils import ( + hashutil, + procutil, +) NamedTemporaryFile = tempfile.NamedTemporaryFile @@ -87,7 +89,7 @@ return os.path.join(self._dirpath(filename), filename) def write(self, data): - filename = node.hex(hashlib.sha1(data).digest()) + filename = node.hex(hashutil.sha1(data).digest()) dirpath = self._dirpath(filename) if not os.path.exists(dirpath):
--- a/hgext/largefiles/lfcommands.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/largefiles/lfcommands.py Mon Jan 13 14:12:31 2020 -0500 @@ -10,7 +10,6 @@ from __future__ import absolute_import import errno -import hashlib import os import shutil @@ -29,6 +28,7 @@ scmutil, util, ) +from mercurial.utils import hashutil from ..convert import ( convcmd, @@ -273,7 +273,7 @@ ) # largefile was modified, update standins - m = hashlib.sha1(b'') + m = hashutil.sha1(b'') m.update(ctx[f].data()) hash = node.hex(m.digest()) if f not in lfiletohash or lfiletohash[f] != hash:
--- a/hgext/largefiles/lfutil.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/largefiles/lfutil.py Mon Jan 13 14:12:31 2020 -0500 @@ -11,7 +11,6 @@ import contextlib import copy -import hashlib import os import stat @@ -32,6 +31,7 @@ util, vfs as vfsmod, ) +from mercurial.utils import hashutil shortname = b'.hglf' shortnameslash = shortname + b'/' @@ -432,7 +432,7 @@ def copyandhash(instream, outfile): '''Read bytes from instream (iterable) and write them to outfile, computing the SHA-1 hash of the data along the way. Return the hash.''' - hasher = hashlib.sha1(b'') + hasher = hashutil.sha1(b'') for data in instream: hasher.update(data) outfile.write(data) @@ -472,7 +472,7 @@ def hexsha1(fileobj): """hexsha1 returns the hex-encoded sha1 sum of the data in the file-like object data""" - h = hashlib.sha1() + h = hashutil.sha1() for chunk in util.filechunkiter(fileobj): h.update(chunk) return hex(h.digest())
--- a/hgext/remotefilelog/basepack.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/remotefilelog/basepack.py Mon Jan 13 14:12:31 2020 -0500 @@ -2,7 +2,6 @@ import collections import errno -import hashlib import mmap import os import struct @@ -20,6 +19,7 @@ util, vfs as vfsmod, ) +from mercurial.utils import hashutil from . import shallowutil osutil = policy.importmod('osutil') @@ -392,7 +392,7 @@ ) self.packfp = os.fdopen(self.packfp, 'wb+') self.idxfp = os.fdopen(self.idxfp, 'wb+') - self.sha = hashlib.sha1() + self.sha = hashutil.sha1() self._closed = False # The opener provides no way of doing permission fixup on files created
--- a/hgext/remotefilelog/basestore.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/remotefilelog/basestore.py Mon Jan 13 14:12:31 2020 -0500 @@ -1,7 +1,6 @@ from __future__ import absolute_import import errno -import hashlib import os import shutil import stat @@ -15,6 +14,7 @@ pycompat, util, ) +from mercurial.utils import hashutil from . import ( constants, shallowutil, @@ -166,7 +166,7 @@ # Start with a full manifest, since it'll cover the majority of files for filename in self.repo[b'tip'].manifest(): - sha = hashlib.sha1(filename).digest() + sha = hashutil.sha1(filename).digest() if sha in missingfilename: filenames[filename] = sha missingfilename.discard(sha) @@ -178,7 +178,7 @@ break files = cl.readfiles(cl.node(rev)) for filename in files: - sha = hashlib.sha1(filename).digest() + sha = hashutil.sha1(filename).digest() if sha in missingfilename: filenames[filename] = sha missingfilename.discard(sha)
--- a/hgext/remotefilelog/debugcommands.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/remotefilelog/debugcommands.py Mon Jan 13 14:12:31 2020 -0500 @@ -6,7 +6,6 @@ # GNU General Public License version 2 or any later version. from __future__ import absolute_import -import hashlib import os import zlib @@ -21,6 +20,7 @@ pycompat, revlog, ) +from mercurial.utils import hashutil from . import ( constants, datapack, @@ -61,7 +61,7 @@ def buildtemprevlog(repo, file): # get filename key - filekey = nodemod.hex(hashlib.sha1(file).digest()) + filekey = nodemod.hex(hashutil.sha1(file).digest()) filedir = os.path.join(repo.path, b'store/data', filekey) # sort all entries based on linkrev @@ -421,7 +421,7 @@ % ( hashformatter(node), hashformatter(deltabasenode), - nodemod.hex(hashlib.sha1(delta).digest()), + nodemod.hex(hashutil.sha1(delta).digest()), len(delta), ) )
--- a/hgext/remotefilelog/fileserverclient.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/remotefilelog/fileserverclient.py Mon Jan 13 14:12:31 2020 -0500 @@ -7,7 +7,6 @@ from __future__ import absolute_import -import hashlib import io import os import threading @@ -25,7 +24,10 @@ util, wireprotov1peer, ) -from mercurial.utils import procutil +from mercurial.utils import ( + hashutil, + procutil, +) from . import ( constants, @@ -45,12 +47,12 @@ def getcachekey(reponame, file, id): - pathhash = node.hex(hashlib.sha1(file).digest()) + pathhash = node.hex(hashutil.sha1(file).digest()) return os.path.join(reponame, pathhash[:2], pathhash[2:], id) def getlocalkey(file, id): - pathhash = node.hex(hashlib.sha1(file).digest()) + pathhash = node.hex(hashutil.sha1(file).digest()) return os.path.join(pathhash, id)
--- a/hgext/remotefilelog/historypack.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/remotefilelog/historypack.py Mon Jan 13 14:12:31 2020 -0500 @@ -1,6 +1,5 @@ from __future__ import absolute_import -import hashlib import struct from mercurial.node import hex, nullid @@ -8,6 +7,7 @@ pycompat, util, ) +from mercurial.utils import hashutil from . import ( basepack, constants, @@ -197,7 +197,7 @@ def _findsection(self, name): params = self.params - namehash = hashlib.sha1(name).digest() + namehash = hashutil.sha1(name).digest() fanoutkey = struct.unpack( params.fanoutstruct, namehash[: params.fanoutprefix] )[0] @@ -499,7 +499,7 @@ # Record metadata for the index self.files[filename] = (sectionstart, sectionlen) - node = hashlib.sha1(filename).digest() + node = hashutil.sha1(filename).digest() self.entries[node] = node def close(self, ledger=None): @@ -517,7 +517,7 @@ nodeindexlength = self.NODEINDEXENTRYLENGTH files = ( - (hashlib.sha1(filename).digest(), filename, offset, size) + (hashutil.sha1(filename).digest(), filename, offset, size) for filename, (offset, size) in pycompat.iteritems(self.files) ) files = sorted(files)
--- a/hgext/remotefilelog/shallowutil.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/remotefilelog/shallowutil.py Mon Jan 13 14:12:31 2020 -0500 @@ -8,7 +8,6 @@ import collections import errno -import hashlib import os import stat import struct @@ -24,6 +23,7 @@ util, ) from mercurial.utils import ( + hashutil, storageutil, stringutil, ) @@ -39,12 +39,12 @@ def getcachekey(reponame, file, id): - pathhash = node.hex(hashlib.sha1(file).digest()) + pathhash = node.hex(hashutil.sha1(file).digest()) return os.path.join(reponame, pathhash[:2], pathhash[2:], id) def getlocalkey(file, id): - pathhash = node.hex(hashlib.sha1(file).digest()) + pathhash = node.hex(hashutil.sha1(file).digest()) return os.path.join(pathhash, id)
--- a/hgext/sqlitestore.py Mon Jan 13 17:16:54 2020 -0500 +++ b/hgext/sqlitestore.py Mon Jan 13 14:12:31 2020 -0500 @@ -45,7 +45,6 @@ from __future__ import absolute_import -import hashlib import sqlite3 import struct import threading @@ -75,7 +74,10 @@ repository, util as interfaceutil, ) -from mercurial.utils import storageutil +from mercurial.utils import ( + hashutil, + storageutil, +) try: from mercurial import zstd @@ -807,7 +809,7 @@ self._db, pathid, node, {}, {-1: None}, zstddctx=self._dctx ) - deltahash = hashlib.sha1(fulltext).digest() + deltahash = hashutil.sha1(fulltext).digest() if self._compengine == b'zstd': deltablob = self._cctx.compress(fulltext) @@ -837,7 +839,7 @@ # Now create the tombstone delta and replace the delta on the censored # node. - deltahash = hashlib.sha1(tombstone).digest() + deltahash = hashutil.sha1(tombstone).digest() tombstonedeltaid = insertdelta( self._db, COMPRESSION_NONE, deltahash, tombstone ) @@ -1004,7 +1006,7 @@ # us to de-duplicate. The table is configured to ignore conflicts # and it is faster to just insert and silently noop than to look # first. - deltahash = hashlib.sha1(delta).digest() + deltahash = hashutil.sha1(delta).digest() if self._compengine == b'zstd': deltablob = self._cctx.compress(delta)