Hi Theo, On Wed, May 10, 2023 at 09:02:13PM +0200, Theo Buehler wrote: > Again, try to keep the code as it was as far as possible.
Indeed, thank you for the feedback! Below is an amended version. Kind regards, Job Index: extern.h =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v retrieving revision 1.181 diff -u -p -r1.181 extern.h --- extern.h 9 May 2023 10:34:32 -0000 1.181 +++ extern.h 11 May 2023 09:26:08 -0000 @@ -681,7 +681,8 @@ int valid_ta(const char *, struct auth const struct cert *); int valid_cert(const char *, struct auth *, const struct cert *); int valid_roa(const char *, struct cert *, struct roa *); -int valid_filehash(int, const char *, size_t); +int valid_filehash(const char *, const char *, int, + const unsigned char *, size_t); int valid_hash(unsigned char *, size_t, const char *, size_t); int valid_filename(const char *, size_t); int valid_uri(const char *, size_t, const char *); Index: parser.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v retrieving revision 1.93 diff -u -p -r1.93 parser.c --- parser.c 27 Apr 2023 08:37:53 -0000 1.93 +++ parser.c 11 May 2023 09:26:09 -0000 @@ -177,20 +177,21 @@ proc_parser_mft_check(const char *fn, st fd = open(path, O_RDONLY); if (fd == -1 && errno == ENOENT) noent++; - free(path); /* remember which path was checked */ m->location = loc[try]; - valid = valid_filehash(fd, m->hash, sizeof(m->hash)); + + valid = valid_filehash(path, m->file, fd, m->hash, + sizeof(m->hash)); + free(path); } if (!valid) { /* silently skip not-existing unknown files */ if (m->type == RTYPE_INVALID && noent == 2) continue; - warnx("%s: bad message digest for %s", fn, m->file); + warnx("%s#%s: missing %s", fn, p->seqnum, m->file); rc = 0; - continue; } } Index: repo.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/repo.c,v retrieving revision 1.44 diff -u -p -r1.44 repo.c --- repo.c 26 Apr 2023 16:32:41 -0000 1.44 +++ repo.c 11 May 2023 09:26:09 -0000 @@ -827,8 +827,7 @@ rrdp_handle_file(unsigned int id, enum p fd = open(fn, O_RDONLY); } while (fd == -1 && try < 2); - if (!valid_filehash(fd, hash, hlen)) { - warnx("%s: bad file digest for %s", rr->notifyuri, fn); + if (!valid_filehash(rr->notifyuri, fn, fd, hash, hlen)) { free(fn); return 0; } Index: validate.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/validate.c,v retrieving revision 1.60 diff -u -p -r1.60 validate.c --- validate.c 9 May 2023 10:34:32 -0000 1.60 +++ validate.c 11 May 2023 09:26:09 -0000 @@ -211,10 +211,11 @@ valid_roa(const char *fn, struct cert *c * Returns 1 if hash matched, 0 otherwise. Closes fd when done. */ int -valid_filehash(int fd, const char *hash, size_t hlen) +valid_filehash(const char *loc, const char *fn, int fd, + const unsigned char *hash, size_t hlen) { SHA256_CTX ctx; - char filehash[SHA256_DIGEST_LENGTH]; + unsigned char filehash[SHA256_DIGEST_LENGTH]; char buffer[8192]; ssize_t nr; @@ -230,8 +231,18 @@ valid_filehash(int fd, const char *hash, close(fd); SHA256_Final(filehash, &ctx); - if (memcmp(hash, filehash, sizeof(filehash)) != 0) + if (memcmp(hash, filehash, SHA256_DIGEST_LENGTH) != 0) { + char *expected, *computed; + if (base64_encode(hash, hlen, &expected) == -1) + errx(1, "base64_encode failed"); + if (base64_encode(filehash, hlen, &computed) == -1) + errx(1, "base64_encode failed"); + warnx("%s: bad file digest for %s (expected: %s, got %s)", + loc, fn, expected, computed); + free(expected); + free(computed); return 0; + } return 1; }