On Sat, 30 Jul 2016 12:01:16 +0200 Matthew White <[email protected]> wrote:
> Hello, > I see that Metalink's checksum verification is limited to sha256. > > I cannot find an option to enable md5, sha1, sha384, or sha512. > > Attached to this message there is a patch to add md5, sha1, sha384, and > sha512 computation to the Metalink module. > > Let me know what you think. > > -- > Matthew White <[email protected]> Hi, After the suggestions of Tim, I changed the patch description. So, scratch the previous patch and use this one instead. I also added support for sha-224 to the Metalink module. There are two patches attached, the second one adds support for the deprecated md2 and md4, since they are insecure I prefer to keep the patch separated from the main one. Do you think it's right to enable md2 and md4? Let me know. -- Matthew White <[email protected]>
>From afcad3e44fa81df30f12025d992f29aafa7a83d6 Mon Sep 17 00:00:00 2001 From: Matthew White <[email protected]> Date: Thu, 28 Jul 2016 10:59:11 +0200 Subject: [PATCH 1/2] Add support for Metalink's md5, sha1, sha224, sha384, and sha512 hashes * bootstrap.conf: Add crypto/sha512 * src/metalink.c (retrieve_from_metalink): Add md5, sha1, sha224, sha384, and sha512 support Metalink's checksum verification was limited to sha256. This patch adds support for md5, sha1, sha224, sha384, and sha512. --- bootstrap.conf | 1 + src/metalink.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 88 insertions(+), 8 deletions(-) diff --git a/bootstrap.conf b/bootstrap.conf index 3925d55..5187e96 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -67,6 +67,7 @@ mkostemp crypto/md5 crypto/sha1 crypto/sha256 +crypto/sha512 quote quotearg recv diff --git a/src/metalink.c b/src/metalink.c index 18f5f5d..fc44b75 100644 --- a/src/metalink.c +++ b/src/metalink.c @@ -34,7 +34,10 @@ as that of the covered work. */ #include "retr.h" #include "exits.h" #include "utils.h" +#include "md5.h" +#include "sha1.h" #include "sha256.h" +#include "sha512.h" #include "xstrndup.h" #include <errno.h> #include <unistd.h> /* For unlink. */ @@ -177,14 +180,40 @@ retrieve_from_metalink (const metalink_t* metalink) for (mchksum_ptr = mfile->checksums; *mchksum_ptr; mchksum_ptr++) { + hash_ok = false; + + char md5[MD5_DIGEST_SIZE]; + char md5_txt[2 * MD5_DIGEST_SIZE + 1]; + + char sha1[SHA1_DIGEST_SIZE]; + char sha1_txt[2 * SHA1_DIGEST_SIZE + 1]; + + char sha224[SHA224_DIGEST_SIZE]; + char sha224_txt[2 * SHA224_DIGEST_SIZE + 1]; + char sha256[SHA256_DIGEST_SIZE]; char sha256_txt[2 * SHA256_DIGEST_SIZE + 1]; + char sha384[SHA384_DIGEST_SIZE]; + char sha384_txt[2 * SHA384_DIGEST_SIZE + 1]; + + char sha512[SHA512_DIGEST_SIZE]; + char sha512_txt[2 * SHA512_DIGEST_SIZE + 1]; + mchksum = *mchksum_ptr; /* I have seen both variants... */ - if (strcasecmp (mchksum->type, "sha256") - && strcasecmp (mchksum->type, "sha-256")) + if (strcasecmp (mchksum->type, "md5") + && strcasecmp (mchksum->type, "sha1") + && strcasecmp (mchksum->type, "sha-1") + && strcasecmp (mchksum->type, "sha224") + && strcasecmp (mchksum->type, "sha-224") + && strcasecmp (mchksum->type, "sha256") + && strcasecmp (mchksum->type, "sha-256") + && strcasecmp (mchksum->type, "sha384") + && strcasecmp (mchksum->type, "sha-384") + && strcasecmp (mchksum->type, "sha512") + && strcasecmp (mchksum->type, "sha-512")) { DEBUGP (("Ignoring unsupported checksum type %s.\n", quote (mchksum->type))); @@ -194,22 +223,72 @@ retrieve_from_metalink (const metalink_t* metalink) logprintf (LOG_VERBOSE, _("Computing checksum for %s\n"), quote (mfile->name)); - sha256_stream (local_file, sha256); - wg_hex_to_string (sha256_txt, sha256, SHA256_DIGEST_SIZE); DEBUGP (("Declared hash: %s\n", mchksum->hash)); - DEBUGP (("Computed hash: %s\n", sha256_txt)); - if (!strcmp (sha256_txt, mchksum->hash)) + + if (strcasecmp (mchksum->type, "md5") == 0) + { + md5_stream (local_file, md5); + wg_hex_to_string (md5_txt, md5, MD5_DIGEST_SIZE); + DEBUGP (("Computed hash: %s\n", md5_txt)); + if (!strcmp (md5_txt, mchksum->hash)) + hash_ok = true; + } + else if (strcasecmp (mchksum->type, "sha1") == 0 + || strcasecmp (mchksum->type, "sha-1") == 0) + { + sha1_stream (local_file, sha1); + wg_hex_to_string (sha1_txt, sha1, SHA1_DIGEST_SIZE); + DEBUGP (("Computed hash: %s\n", sha1_txt)); + if (!strcmp (sha1_txt, mchksum->hash)) + hash_ok = true; + } + else if (strcasecmp (mchksum->type, "sha224") == 0 + || strcasecmp (mchksum->type, "sha-224") == 0) + { + sha224_stream (local_file, sha224); + wg_hex_to_string (sha224_txt, sha224, SHA224_DIGEST_SIZE); + DEBUGP (("Computed hash: %s\n", sha224_txt)); + if (!strcmp (sha224_txt, mchksum->hash)) + hash_ok = true; + } + else if (strcasecmp (mchksum->type, "sha256") == 0 + || strcasecmp (mchksum->type, "sha-256") == 0) + { + sha256_stream (local_file, sha256); + wg_hex_to_string (sha256_txt, sha256, SHA256_DIGEST_SIZE); + DEBUGP (("Computed hash: %s\n", sha256_txt)); + if (!strcmp (sha256_txt, mchksum->hash)) + hash_ok = true; + } + else if (strcasecmp (mchksum->type, "sha384") == 0 + || strcasecmp (mchksum->type, "sha-384") == 0) + { + sha384_stream (local_file, sha384); + wg_hex_to_string (sha384_txt, sha384, SHA384_DIGEST_SIZE); + DEBUGP (("Computed hash: %s\n", sha384_txt)); + if (!strcmp (sha384_txt, mchksum->hash)) + hash_ok = true; + } + else if (strcasecmp (mchksum->type, "sha512") == 0 + || strcasecmp (mchksum->type, "sha-512") == 0) + { + sha512_stream (local_file, sha512); + wg_hex_to_string (sha512_txt, sha512, SHA512_DIGEST_SIZE); + DEBUGP (("Computed hash: %s\n", sha512_txt)); + if (!strcmp (sha512_txt, mchksum->hash)) + hash_ok = true; + } + + if (hash_ok) { logputs (LOG_VERBOSE, _("Checksum matches.\n")); - hash_ok = true; } else { logprintf (LOG_NOTQUIET, _("Checksum mismatch for file %s.\n"), quote (mfile->name)); - hash_ok = false; } /* Stop as soon as we checked the supported checksum. */ -- 2.7.3
>From 57eaa1338c744d7fb04797e6ba8379889df474f9 Mon Sep 17 00:00:00 2001 From: Matthew White <[email protected]> Date: Tue, 2 Aug 2016 08:41:30 +0200 Subject: [PATCH 2/2] Add support for Metalink's md2, and md4 hashes * bootstrap.conf: Add crypto/md2, and crypto/md4 * src/metalink.c (retrieve_from_metalink): Add md2, and md4 support This patch adds support for the deprecated (insecure) md2, and md4 Message-Digest algorithms to the Metalink module. --- bootstrap.conf | 2 ++ src/metalink.c | 30 ++++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/bootstrap.conf b/bootstrap.conf index 5187e96..6d73192 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -64,6 +64,8 @@ memrchr mkdir mkstemp mkostemp +crypto/md2 +crypto/md4 crypto/md5 crypto/sha1 crypto/sha256 diff --git a/src/metalink.c b/src/metalink.c index fc44b75..9f34b32 100644 --- a/src/metalink.c +++ b/src/metalink.c @@ -34,6 +34,8 @@ as that of the covered work. */ #include "retr.h" #include "exits.h" #include "utils.h" +#include "md2.h" +#include "md4.h" #include "md5.h" #include "sha1.h" #include "sha256.h" @@ -182,6 +184,12 @@ retrieve_from_metalink (const metalink_t* metalink) { hash_ok = false; + char md2[MD2_DIGEST_SIZE]; + char md2_txt[2 * MD2_DIGEST_SIZE + 1]; + + char md4[MD4_DIGEST_SIZE]; + char md4_txt[2 * MD4_DIGEST_SIZE + 1]; + char md5[MD5_DIGEST_SIZE]; char md5_txt[2 * MD5_DIGEST_SIZE + 1]; @@ -203,7 +211,9 @@ retrieve_from_metalink (const metalink_t* metalink) mchksum = *mchksum_ptr; /* I have seen both variants... */ - if (strcasecmp (mchksum->type, "md5") + if (strcasecmp (mchksum->type, "md2") + && strcasecmp (mchksum->type, "md4") + && strcasecmp (mchksum->type, "md5") && strcasecmp (mchksum->type, "sha1") && strcasecmp (mchksum->type, "sha-1") && strcasecmp (mchksum->type, "sha224") @@ -225,7 +235,23 @@ retrieve_from_metalink (const metalink_t* metalink) DEBUGP (("Declared hash: %s\n", mchksum->hash)); - if (strcasecmp (mchksum->type, "md5") == 0) + if (strcasecmp (mchksum->type, "md2") == 0) + { + md2_stream (local_file, md2); + wg_hex_to_string (md2_txt, md2, MD2_DIGEST_SIZE); + DEBUGP (("Computed hash: %s\n", md2_txt)); + if (!strcmp (md2_txt, mchksum->hash)) + hash_ok = true; + } + else if (strcasecmp (mchksum->type, "md4") == 0) + { + md4_stream (local_file, md4); + wg_hex_to_string (md4_txt, md4, MD4_DIGEST_SIZE); + DEBUGP (("Computed hash: %s\n", md4_txt)); + if (!strcmp (md4_txt, mchksum->hash)) + hash_ok = true; + } + else if (strcasecmp (mchksum->type, "md5") == 0) { md5_stream (local_file, md5); wg_hex_to_string (md5_txt, md5, MD5_DIGEST_SIZE); -- 2.7.3
