[plugin/reload]: Change hash from md5 to sha512 (#5226)

This PR changes the reload plugin's hash from md5 to sha512,
for the purpose of avoid using md5. MD5 is a weak hash algorithm
and for security reasons we will avoid using it.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

plugin/reload/README.md

@@ -10,7 +10,7 @@ This plugin allows automatic reload of a changed _Corefile_.
 To enable automatic reloading of _zone file_ changes, use the `auto` plugin.
 
 This plugin periodically checks if the Corefile has changed by reading
-it and calculating its MD5 checksum. If the file has changed, it reloads
+it and calculating its SHA512 checksum. If the file has changed, it reloads
 CoreDNS with the new Corefile. This eliminates the need to send a SIGHUP
 or SIGUSR1 after changing the Corefile.
 
@@ -101,7 +101,7 @@ CoreDNS v1.7.0 and later does parse the Corefile and supports detecting changes
 * `coredns_reload_failed_total{}` - counts the number of failed reload attempts.
 * `coredns_reload_version_info{hash, value}` - record the hash value during reload.
 
-Currently the type of `hash` is "md5", the `value` is the returned hash value.
+Currently the type of `hash` is "sha512", the `value` is the returned hash value.
 
 ## See Also
 

plugin/reload/reload.go

@@ -3,7 +3,7 @@ package reload
 
 import (
 	"bytes"
-	"crypto/md5"
+	"crypto/sha512"
 	"encoding/hex"
 	"encoding/json"
 	"sync"
@@ -78,8 +78,8 @@ func hook(event caddy.EventName, info interface{}) error {
 		return err
 	}
 
-	md5sum := md5.Sum(parsedCorefile)
+	sha512sum := sha512.Sum512(parsedCorefile)
-	log.Infof("Running configuration MD5 = %x\n", md5sum)
+	log.Infof("Running configuration SHA512 = %x\n", sha512sum)
 
 	go func() {
 		tick := time.NewTicker(r.interval())
@@ -96,16 +96,16 @@ func hook(event caddy.EventName, info interface{}) error {
 					log.Warningf("Corefile parse failed: %s", err)
 					continue
 				}
-				s := md5.Sum(parsedCorefile)
+				s := sha512.Sum512(parsedCorefile)
-				if s != md5sum {
+				if s != sha512sum {
-					reloadInfo.Delete(prometheus.Labels{"hash": "md5", "value": hex.EncodeToString(md5sum[:])})
+					reloadInfo.Delete(prometheus.Labels{"hash": "sha512", "value": hex.EncodeToString(sha512sum[:])})
 					// Let not try to restart with the same file, even though it is wrong.
-					md5sum = s
+					sha512sum = s
 					// now lets consider that plugin will not be reload, unless appear in next config file
 					// change status of usage will be reset in setup if the plugin appears in config file
 					r.setUsage(maybeUsed)
 					_, err := instance.Restart(corefile)
-					reloadInfo.WithLabelValues("md5", hex.EncodeToString(md5sum[:])).Set(1)
+					reloadInfo.WithLabelValues("sha512", hex.EncodeToString(sha512sum[:])).Set(1)
 					if err != nil {
 						log.Errorf("Corefile changed but reload failed: %s", err)
 						failedCount.Add(1)