octoleo/syncthing
1
0
Fork 0
mirror of https://github.com/octoleo/syncthing.git synced 2024-11-19 19:45:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

all: Remove crypto/md5 (#7493)

Browse Source 
This is a mostly pointless change to make security scanners and static
analysis tools happy, as they all hate seeing md5. None of our md5 uses
were security relevant, but still. Only visible effect of this change is
that our temp file names for very long file names become slightly longer
than they were previously...
This commit is contained in:
Jakob Borg 2021-03-17 22:22:49 +01:00 committed by GitHub
parent f39477bbd5
commit f4372710bf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 44 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cmd/stcompdirs/main.go
View File

@ -7,7 +7,6 @@
package main package main
import ( import (
"crypto/md5"
"errors" "errors"
"flag" "flag"
"fmt" "fmt"
@ -15,6 +14,8 @@ import (
"log" "log"
"os" "os"
"path/filepath" "path/filepath"
"github.com/syncthing/syncthing/lib/sha256"
) )
func main() { func main() {
@ -74,7 +75,7 @@ type fileInfo struct {
name string name string
mode os.FileMode mode os.FileMode
mod int64 mod int64
hash [16]byte hash [sha256.Size]byte
} }
func (f fileInfo) String() string { func (f fileInfo) String() string {
@ -106,11 +107,7 @@ func startWalker(dir string, res chan<- fileInfo, abort <-chan struct{}) chan er
if err != nil { if err != nil {
return err return err
} }
h := md5.New() f.hash = sha256.Sum256([]byte(tgt))
h.Write([]byte(tgt))
hash := h.Sum(nil)
copy(f.hash[:], hash)
} else if info.IsDir() { } else if info.IsDir() {
f = fileInfo{ f = fileInfo{
name: rn, name: rn,
@ -123,7 +120,7 @@ func startWalker(dir string, res chan<- fileInfo, abort <-chan struct{}) chan er
mode: info.Mode(), mode: info.Mode(),
mod: info.ModTime().Unix(), mod: info.ModTime().Unix(),
} }
sum, err := md5file(path) sum, err := sha256file(path)
if err != nil { if err != nil {
return err return err
} }
@ -150,14 +147,14 @@ func startWalker(dir string, res chan<- fileInfo, abort <-chan struct{}) chan er
return errc return errc
} }
func md5file(fname string) (hash [16]byte, err error) { func sha256file(fname string) (hash [sha256.Size]byte, err error) {
f, err := os.Open(fname) f, err := os.Open(fname)
if err != nil { if err != nil {
return return
} }
defer f.Close() defer f.Close()
h := md5.New() h := sha256.New()
io.Copy(h, f) io.Copy(h, f)
hb := h.Sum(nil) hb := h.Sum(nil)
copy(hash[:], hb) copy(hash[:], hb)

45
cmd/stwatchfile/main.go
View File

@ -7,31 +7,15 @@
package main package main
import ( import (
"bytes"
"crypto/md5"
"flag" "flag"
"fmt" "fmt"
"io" "io"
"os" "os"
"time" "time"
"github.com/syncthing/syncthing/lib/sha256"
) )
func getmd5(filePath string) ([]byte, error) {
var result []byte
file, err := os.Open(filePath)
if err != nil {
return result, err
}
defer file.Close()
hash := md5.New()
if _, err := io.Copy(hash, file); err != nil {
return result, err
}
return hash.Sum(result), nil
}
func main() { func main() {
period := flag.Duration("period", 200*time.Millisecond, "Sleep period between checks") period := flag.Duration("period", 200*time.Millisecond, "Sleep period between checks")
flag.Parse() flag.Parse()
@ -46,7 +30,7 @@ func main() {
exists := true exists := true
size := int64(0) size := int64(0)
mtime := time.Time{} mtime := time.Time{}
hash := []byte{} var hash [sha256.Size]byte
for { for {
time.Sleep(*period) time.Sleep(*period)
@ -72,7 +56,7 @@ func main() {
if !exists { if !exists {
size = 0 size = 0
mtime = time.Time{} mtime = time.Time{}
hash = []byte{} hash = [sha256.Size]byte{}
continue continue
} }
@ -83,12 +67,12 @@ func main() {
newSize := fi.Size() newSize := fi.Size()
newMtime := fi.ModTime() newMtime := fi.ModTime()
newHash, err := getmd5(file) newHash, err := sha256file(file)
if err != nil { if err != nil {
fmt.Println("getmd5:", err) fmt.Println("sha256file:", err)
} }
if newSize != size || newMtime != mtime || !bytes.Equal(newHash, hash) { if newSize != size || newMtime != mtime || newHash != hash {
fmt.Println(file, "Size:", newSize, "Mtime:", newMtime, "Hash:", fmt.Sprintf("%x", newHash)) fmt.Println(file, "Size:", newSize, "Mtime:", newMtime, "Hash:", fmt.Sprintf("%x", newHash))
hash = newHash hash = newHash
size = newSize size = newSize
@ -96,3 +80,18 @@ func main() {
} }
} }
} }
func sha256file(fname string) (hash [sha256.Size]byte, err error) {
f, err := os.Open(fname)
if err != nil {
return
}
defer f.Close()
h := sha256.New()
io.Copy(h, f)
hb := h.Sum(nil)
copy(hash[:], hb)
return
}

7
lib/fs/tempname.go
View File

@ -7,11 +7,12 @@
package fs package fs
import ( import (
"crypto/md5"
"fmt" "fmt"
"path/filepath" "path/filepath"
"runtime" "runtime"
"strings" "strings"
"github.com/syncthing/syncthing/lib/sha256"
) )
const ( const (
@ -50,9 +51,7 @@ func TempNameWithPrefix(name, prefix string) string {
tdir := filepath.Dir(name) tdir := filepath.Dir(name)
tbase := filepath.Base(name) tbase := filepath.Base(name)
if len(tbase) > maxFilenameLength { if len(tbase) > maxFilenameLength {
hash := md5.New() tbase = fmt.Sprintf("%x", sha256.Sum256([]byte(name)))
hash.Write([]byte(name))
tbase = fmt.Sprintf("%x", hash.Sum(nil))
} }
tname := fmt.Sprintf("%s%s.tmp", prefix, tbase) tname := fmt.Sprintf("%s%s.tmp", prefix, tbase)
return filepath.Join(tdir, tname) return filepath.Join(tdir, tname)

4
lib/ignore/ignore.go
View File

@ -9,7 +9,6 @@ package ignore
import ( import (
"bufio" "bufio"
"bytes" "bytes"
"crypto/md5"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -22,6 +21,7 @@ import (
"github.com/syncthing/syncthing/lib/fs" "github.com/syncthing/syncthing/lib/fs"
"github.com/syncthing/syncthing/lib/osutil" "github.com/syncthing/syncthing/lib/osutil"
"github.com/syncthing/syncthing/lib/sha256"
"github.com/syncthing/syncthing/lib/sync" "github.com/syncthing/syncthing/lib/sync"
) )
@ -373,7 +373,7 @@ func (m *Matcher) SkipIgnoredDirs() bool {
} }
func hashPatterns(patterns []Pattern) string { func hashPatterns(patterns []Pattern) string {
h := md5.New() h := sha256.New()
for _, pat := range patterns { for _, pat := range patterns {
h.Write([]byte(pat.String())) h.Write([]byte(pat.String()))
h.Write([]byte("\n")) h.Write([]byte("\n"))

7
lib/ignore/ignore_test.go
View File

@ -607,8 +607,9 @@ func TestHashOfEmpty(t *testing.T) {
firstHash := p1.Hash() firstHash := p1.Hash()
// Reloading with a non-existent file should empty the patterns and // Reloading with a non-existent file should empty the patterns and
// recalculate the hash. d41d8cd98f00b204e9800998ecf8427e is the md5 of // recalculate the hash.
// nothing. // e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 is
// the sah256 of nothing.
p1.Load("file/does/not/exist") p1.Load("file/does/not/exist")
secondHash := p1.Hash() secondHash := p1.Hash()
@ -616,7 +617,7 @@ func TestHashOfEmpty(t *testing.T) {
if firstHash == secondHash { if firstHash == secondHash {
t.Error("hash did not change") t.Error("hash did not change")
} }
if secondHash != "d41d8cd98f00b204e9800998ecf8427e" { if secondHash != "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" {
t.Error("second hash is not hash of empty string") t.Error("second hash is not hash of empty string")
} }
if len(p1.patterns) != 0 { if len(p1.patterns) != 0 {

16
test/util.go
View File

@ -9,7 +9,6 @@
package integration package integration
import ( import (
"crypto/md5"
cr "crypto/rand" cr "crypto/rand"
"errors" "errors"
"fmt" "fmt"
@ -27,6 +26,7 @@ import (
"unicode" "unicode"
"github.com/syncthing/syncthing/lib/rc" "github.com/syncthing/syncthing/lib/rc"
"github.com/syncthing/syncthing/lib/sha256"
) )
func init() { func init() {
@ -395,7 +395,7 @@ type fileInfo struct {
name string name string
mode os.FileMode mode os.FileMode
mod int64 mod int64
hash [16]byte hash [sha256.Size]byte
size int64 size int64
} }
@ -442,11 +442,7 @@ func startWalker(dir string, res chan<- fileInfo, abort <-chan struct{}) chan er
if err != nil { if err != nil {
return err return err
} }
h := md5.New() f.hash = sha256.Sum256([]byte(tgt))
h.Write([]byte(tgt))
hash := h.Sum(nil)
copy(f.hash[:], hash)
} else if info.IsDir() { } else if info.IsDir() {
f = fileInfo{ f = fileInfo{
name: rn, name: rn,
@ -463,7 +459,7 @@ func startWalker(dir string, res chan<- fileInfo, abort <-chan struct{}) chan er
mod: info.ModTime().Unix(), mod: info.ModTime().Unix(),
size: info.Size(), size: info.Size(),
} }
sum, err := md5file(path) sum, err := sha256file(path)
if err != nil { if err != nil {
return err return err
} }
@ -490,14 +486,14 @@ func startWalker(dir string, res chan<- fileInfo, abort <-chan struct{}) chan er
return errc return errc
} }
func md5file(fname string) (hash [16]byte, err error) { func sha256file(fname string) (hash [sha256.Size]byte, err error) {
f, err := os.Open(fname) f, err := os.Open(fname)
if err != nil { if err != nil {
return return
} }
defer f.Close() defer f.Close()
h := md5.New() h := sha256.New()
io.Copy(h, f) io.Copy(h, f)
hb := h.Sum(nil) hb := h.Sum(nil)
copy(hash[:], hb) copy(hash[:], hb)