D7851: hgext: replace references to hashlib.sha1 with hashutil.sha1

durin42 (Augie Fackler) phabricator at mercurial-scm.org
Mon Jan 13 17:49:45 EST 2020


durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.

REVISION SUMMARY
  When in a non-pure build of Mercurial, this will provide protections
  against SHA1 collision attacks.

REPOSITORY
  rHG Mercurial

BRANCH
  default

REVISION DETAIL
  https://phab.mercurial-scm.org/D7851

AFFECTED FILES
  hgext/fastannotate/context.py
  hgext/fsmonitor/__init__.py
  hgext/infinitepush/store.py
  hgext/largefiles/lfcommands.py
  hgext/largefiles/lfutil.py
  hgext/remotefilelog/basepack.py
  hgext/remotefilelog/basestore.py
  hgext/remotefilelog/debugcommands.py
  hgext/remotefilelog/fileserverclient.py
  hgext/remotefilelog/historypack.py
  hgext/remotefilelog/shallowutil.py
  hgext/sqlitestore.py

CHANGE DETAILS

diff --git a/hgext/sqlitestore.py b/hgext/sqlitestore.py
--- a/hgext/sqlitestore.py
+++ b/hgext/sqlitestore.py
@@ -45,7 +45,6 @@
 
 from __future__ import absolute_import
 
-import hashlib
 import sqlite3
 import struct
 import threading
@@ -75,7 +74,10 @@
     repository,
     util as interfaceutil,
 )
-from mercurial.utils import storageutil
+from mercurial.utils import (
+    hashutil,
+    storageutil,
+)
 
 try:
     from mercurial import zstd
@@ -807,7 +809,7 @@
                 self._db, pathid, node, {}, {-1: None}, zstddctx=self._dctx
             )
 
-            deltahash = hashlib.sha1(fulltext).digest()
+            deltahash = hashutil.sha1(fulltext).digest()
 
             if self._compengine == b'zstd':
                 deltablob = self._cctx.compress(fulltext)
@@ -837,7 +839,7 @@
 
         # Now create the tombstone delta and replace the delta on the censored
         # node.
-        deltahash = hashlib.sha1(tombstone).digest()
+        deltahash = hashutil.sha1(tombstone).digest()
         tombstonedeltaid = insertdelta(
             self._db, COMPRESSION_NONE, deltahash, tombstone
         )
@@ -1004,7 +1006,7 @@
         # us to de-duplicate. The table is configured to ignore conflicts
         # and it is faster to just insert and silently noop than to look
         # first.
-        deltahash = hashlib.sha1(delta).digest()
+        deltahash = hashutil.sha1(delta).digest()
 
         if self._compengine == b'zstd':
             deltablob = self._cctx.compress(delta)
diff --git a/hgext/remotefilelog/shallowutil.py b/hgext/remotefilelog/shallowutil.py
--- a/hgext/remotefilelog/shallowutil.py
+++ b/hgext/remotefilelog/shallowutil.py
@@ -8,7 +8,6 @@
 
 import collections
 import errno
-import hashlib
 import os
 import stat
 import struct
@@ -24,6 +23,7 @@
     util,
 )
 from mercurial.utils import (
+    hashutil,
     storageutil,
     stringutil,
 )
@@ -39,12 +39,12 @@
 
 
 def getcachekey(reponame, file, id):
-    pathhash = node.hex(hashlib.sha1(file).digest())
+    pathhash = node.hex(hashutil.sha1(file).digest())
     return os.path.join(reponame, pathhash[:2], pathhash[2:], id)
 
 
 def getlocalkey(file, id):
-    pathhash = node.hex(hashlib.sha1(file).digest())
+    pathhash = node.hex(hashutil.sha1(file).digest())
     return os.path.join(pathhash, id)
 
 
diff --git a/hgext/remotefilelog/historypack.py b/hgext/remotefilelog/historypack.py
--- a/hgext/remotefilelog/historypack.py
+++ b/hgext/remotefilelog/historypack.py
@@ -1,6 +1,5 @@
 from __future__ import absolute_import
 
-import hashlib
 import struct
 
 from mercurial.node import hex, nullid
@@ -8,6 +7,7 @@
     pycompat,
     util,
 )
+from mercurial.utils import hashutil
 from . import (
     basepack,
     constants,
@@ -197,7 +197,7 @@
 
     def _findsection(self, name):
         params = self.params
-        namehash = hashlib.sha1(name).digest()
+        namehash = hashutil.sha1(name).digest()
         fanoutkey = struct.unpack(
             params.fanoutstruct, namehash[: params.fanoutprefix]
         )[0]
@@ -499,7 +499,7 @@
 
             # Record metadata for the index
             self.files[filename] = (sectionstart, sectionlen)
-            node = hashlib.sha1(filename).digest()
+            node = hashutil.sha1(filename).digest()
             self.entries[node] = node
 
     def close(self, ledger=None):
@@ -517,7 +517,7 @@
         nodeindexlength = self.NODEINDEXENTRYLENGTH
 
         files = (
-            (hashlib.sha1(filename).digest(), filename, offset, size)
+            (hashutil.sha1(filename).digest(), filename, offset, size)
             for filename, (offset, size) in pycompat.iteritems(self.files)
         )
         files = sorted(files)
diff --git a/hgext/remotefilelog/fileserverclient.py b/hgext/remotefilelog/fileserverclient.py
--- a/hgext/remotefilelog/fileserverclient.py
+++ b/hgext/remotefilelog/fileserverclient.py
@@ -7,7 +7,6 @@
 
 from __future__ import absolute_import
 
-import hashlib
 import io
 import os
 import threading
@@ -25,7 +24,10 @@
     util,
     wireprotov1peer,
 )
-from mercurial.utils import procutil
+from mercurial.utils import (
+    hashutil,
+    procutil,
+)
 
 from . import (
     constants,
@@ -45,12 +47,12 @@
 
 
 def getcachekey(reponame, file, id):
-    pathhash = node.hex(hashlib.sha1(file).digest())
+    pathhash = node.hex(hashutil.sha1(file).digest())
     return os.path.join(reponame, pathhash[:2], pathhash[2:], id)
 
 
 def getlocalkey(file, id):
-    pathhash = node.hex(hashlib.sha1(file).digest())
+    pathhash = node.hex(hashutil.sha1(file).digest())
     return os.path.join(pathhash, id)
 
 
diff --git a/hgext/remotefilelog/debugcommands.py b/hgext/remotefilelog/debugcommands.py
--- a/hgext/remotefilelog/debugcommands.py
+++ b/hgext/remotefilelog/debugcommands.py
@@ -6,7 +6,6 @@
 # GNU General Public License version 2 or any later version.
 from __future__ import absolute_import
 
-import hashlib
 import os
 import zlib
 
@@ -21,6 +20,7 @@
     pycompat,
     revlog,
 )
+from mercurial.utils import hashutil
 from . import (
     constants,
     datapack,
@@ -61,7 +61,7 @@
 
 def buildtemprevlog(repo, file):
     # get filename key
-    filekey = nodemod.hex(hashlib.sha1(file).digest())
+    filekey = nodemod.hex(hashutil.sha1(file).digest())
     filedir = os.path.join(repo.path, b'store/data', filekey)
 
     # sort all entries based on linkrev
@@ -421,7 +421,7 @@
             % (
                 hashformatter(node),
                 hashformatter(deltabasenode),
-                nodemod.hex(hashlib.sha1(delta).digest()),
+                nodemod.hex(hashutil.sha1(delta).digest()),
                 len(delta),
             )
         )
diff --git a/hgext/remotefilelog/basestore.py b/hgext/remotefilelog/basestore.py
--- a/hgext/remotefilelog/basestore.py
+++ b/hgext/remotefilelog/basestore.py
@@ -1,7 +1,6 @@
 from __future__ import absolute_import
 
 import errno
-import hashlib
 import os
 import shutil
 import stat
@@ -15,6 +14,7 @@
     pycompat,
     util,
 )
+from mercurial.utils import hashutil
 from . import (
     constants,
     shallowutil,
@@ -166,7 +166,7 @@
 
         # Start with a full manifest, since it'll cover the majority of files
         for filename in self.repo[b'tip'].manifest():
-            sha = hashlib.sha1(filename).digest()
+            sha = hashutil.sha1(filename).digest()
             if sha in missingfilename:
                 filenames[filename] = sha
                 missingfilename.discard(sha)
@@ -178,7 +178,7 @@
                 break
             files = cl.readfiles(cl.node(rev))
             for filename in files:
-                sha = hashlib.sha1(filename).digest()
+                sha = hashutil.sha1(filename).digest()
                 if sha in missingfilename:
                     filenames[filename] = sha
                     missingfilename.discard(sha)
diff --git a/hgext/remotefilelog/basepack.py b/hgext/remotefilelog/basepack.py
--- a/hgext/remotefilelog/basepack.py
+++ b/hgext/remotefilelog/basepack.py
@@ -2,7 +2,6 @@
 
 import collections
 import errno
-import hashlib
 import mmap
 import os
 import struct
@@ -20,6 +19,7 @@
     util,
     vfs as vfsmod,
 )
+from mercurial.utils import hashutil
 from . import shallowutil
 
 osutil = policy.importmod('osutil')
@@ -392,7 +392,7 @@
         )
         self.packfp = os.fdopen(self.packfp, 'wb+')
         self.idxfp = os.fdopen(self.idxfp, 'wb+')
-        self.sha = hashlib.sha1()
+        self.sha = hashutil.sha1()
         self._closed = False
 
         # The opener provides no way of doing permission fixup on files created
diff --git a/hgext/largefiles/lfutil.py b/hgext/largefiles/lfutil.py
--- a/hgext/largefiles/lfutil.py
+++ b/hgext/largefiles/lfutil.py
@@ -11,7 +11,6 @@
 
 import contextlib
 import copy
-import hashlib
 import os
 import stat
 
@@ -32,6 +31,7 @@
     util,
     vfs as vfsmod,
 )
+from mercurial.utils import hashutil
 
 shortname = b'.hglf'
 shortnameslash = shortname + b'/'
@@ -432,7 +432,7 @@
 def copyandhash(instream, outfile):
     '''Read bytes from instream (iterable) and write them to outfile,
     computing the SHA-1 hash of the data along the way. Return the hash.'''
-    hasher = hashlib.sha1(b'')
+    hasher = hashutil.sha1(b'')
     for data in instream:
         hasher.update(data)
         outfile.write(data)
@@ -472,7 +472,7 @@
 def hexsha1(fileobj):
     """hexsha1 returns the hex-encoded sha1 sum of the data in the file-like
     object data"""
-    h = hashlib.sha1()
+    h = hashutil.sha1()
     for chunk in util.filechunkiter(fileobj):
         h.update(chunk)
     return hex(h.digest())
diff --git a/hgext/largefiles/lfcommands.py b/hgext/largefiles/lfcommands.py
--- a/hgext/largefiles/lfcommands.py
+++ b/hgext/largefiles/lfcommands.py
@@ -10,7 +10,6 @@
 from __future__ import absolute_import
 
 import errno
-import hashlib
 import os
 import shutil
 
@@ -29,6 +28,7 @@
     scmutil,
     util,
 )
+from mercurial.utils import hashutil
 
 from ..convert import (
     convcmd,
@@ -273,7 +273,7 @@
                         )
 
                 # largefile was modified, update standins
-                m = hashlib.sha1(b'')
+                m = hashutil.sha1(b'')
                 m.update(ctx[f].data())
                 hash = node.hex(m.digest())
                 if f not in lfiletohash or lfiletohash[f] != hash:
diff --git a/hgext/infinitepush/store.py b/hgext/infinitepush/store.py
--- a/hgext/infinitepush/store.py
+++ b/hgext/infinitepush/store.py
@@ -6,7 +6,6 @@
 from __future__ import absolute_import
 
 import abc
-import hashlib
 import os
 import subprocess
 import tempfile
@@ -16,7 +15,10 @@
     node,
     pycompat,
 )
-from mercurial.utils import procutil
+from mercurial.utils import (
+    hashutil,
+    procutil,
+)
 
 NamedTemporaryFile = tempfile.NamedTemporaryFile
 
@@ -87,7 +89,7 @@
         return os.path.join(self._dirpath(filename), filename)
 
     def write(self, data):
-        filename = node.hex(hashlib.sha1(data).digest())
+        filename = node.hex(hashutil.sha1(data).digest())
         dirpath = self._dirpath(filename)
 
         if not os.path.exists(dirpath):
diff --git a/hgext/fsmonitor/__init__.py b/hgext/fsmonitor/__init__.py
--- a/hgext/fsmonitor/__init__.py
+++ b/hgext/fsmonitor/__init__.py
@@ -108,7 +108,6 @@
 from __future__ import absolute_import
 
 import codecs
-import hashlib
 import os
 import stat
 import sys
@@ -132,7 +131,10 @@
     util,
 )
 from mercurial import match as matchmod
-from mercurial.utils import stringutil
+from mercurial.utils import (
+    hashutil,
+    stringutil,
+)
 
 from . import (
     pywatchman,
@@ -235,7 +237,7 @@
     copy.
 
     """
-    sha1 = hashlib.sha1()
+    sha1 = hashutil.sha1()
     sha1.update(pycompat.byterepr(ignore))
     return pycompat.sysbytes(sha1.hexdigest())
 
diff --git a/hgext/fastannotate/context.py b/hgext/fastannotate/context.py
--- a/hgext/fastannotate/context.py
+++ b/hgext/fastannotate/context.py
@@ -9,7 +9,6 @@
 
 import collections
 import contextlib
-import hashlib
 import os
 
 from mercurial.i18n import _
@@ -28,7 +27,10 @@
     scmutil,
     util,
 )
-from mercurial.utils import stringutil
+from mercurial.utils import (
+    hashutil,
+    stringutil,
+)
 
 from . import (
     error as faerror,
@@ -148,7 +150,7 @@
     diffoptstr = stringutil.pprint(
         sorted((k, getattr(diffopts, k)) for k in mdiff.diffopts.defaults)
     )
-    return node.hex(hashlib.sha1(diffoptstr).digest())[:6]
+    return node.hex(hashutil.sha1(diffoptstr).digest())[:6]
 
 
 _defaultdiffopthash = hashdiffopts(mdiff.defaultopts)



To: durin42, #hg-reviewers
Cc: mercurial-devel


More information about the Mercurial-devel mailing list