From ecb47eeef0b279a2bd93f154d23772c75ff333dd Mon Sep 17 00:00:00 2001 From: yunimoo Date: Fri, 26 Jul 2024 11:38:15 -0400 Subject: [PATCH 1/6] Add initial sha256 lib test --- libclammspack/test/sha256.c | 432 ++++++++++++++++++++++++++++++++++++ libclammspack/test/sha256.h | 144 ++++++++++++ 2 files changed, 576 insertions(+) create mode 100644 libclammspack/test/sha256.c create mode 100644 libclammspack/test/sha256.h diff --git a/libclammspack/test/sha256.c b/libclammspack/test/sha256.c new file mode 100644 index 0000000000..7f6b643e60 --- /dev/null +++ b/libclammspack/test/sha256.c @@ -0,0 +1,432 @@ +/* sha256.c - Functions to compute SHA256 and SHA224 message digest of files or + memory blocks according to the NIST specification FIPS-180-2. + + Copyright (C) 2005-2006, 2008-2024 Free Software Foundation, Inc. + + This file is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + This file is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . */ + +/* Written by David Madore, considerably copypasting from + Scott G. Miller's sha1.c +*/ + +#include + +/* Specification. */ +#if HAVE_OPENSSL_SHA256 +# define GL_OPENSSL_INLINE _GL_EXTERN_INLINE +#endif +#include "sha256.h" + +#include +#include + +#include +#ifdef WORDS_BIGENDIAN +# define SWAP(n) (n) +#else +# define SWAP(n) bswap_32 (n) +#endif + +#if ! HAVE_OPENSSL_SHA256 + +/* This array contains the bytes used to pad the buffer to the next + 64-byte boundary. */ +static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; + + +/* + Takes a pointer to a 256 bit block of data (eight 32 bit ints) and + initializes it to the start constants of the SHA256 algorithm. This + must be called before using hash in the call to sha256_hash +*/ +void +sha256_init_ctx (struct sha256_ctx *ctx) +{ + ctx->state[0] = 0x6a09e667UL; + ctx->state[1] = 0xbb67ae85UL; + ctx->state[2] = 0x3c6ef372UL; + ctx->state[3] = 0xa54ff53aUL; + ctx->state[4] = 0x510e527fUL; + ctx->state[5] = 0x9b05688cUL; + ctx->state[6] = 0x1f83d9abUL; + ctx->state[7] = 0x5be0cd19UL; + + ctx->total[0] = ctx->total[1] = 0; + ctx->buflen = 0; +} + +void +sha224_init_ctx (struct sha256_ctx *ctx) +{ + ctx->state[0] = 0xc1059ed8UL; + ctx->state[1] = 0x367cd507UL; + ctx->state[2] = 0x3070dd17UL; + ctx->state[3] = 0xf70e5939UL; + ctx->state[4] = 0xffc00b31UL; + ctx->state[5] = 0x68581511UL; + ctx->state[6] = 0x64f98fa7UL; + ctx->state[7] = 0xbefa4fa4UL; + + ctx->total[0] = ctx->total[1] = 0; + ctx->buflen = 0; +} + +/* Copy the value from v into the memory location pointed to by *CP, + If your architecture allows unaligned access, this is equivalent to + * (__typeof__ (v) *) cp = v */ +static void +set_uint32 (char *cp, uint32_t v) +{ + memcpy (cp, &v, sizeof v); +} + +/* Put result from CTX in first 32 bytes following RESBUF. + The result must be in little endian byte order. */ +void * +sha256_read_ctx (const struct sha256_ctx *ctx, void *resbuf) +{ + int i; + char *r = resbuf; + + for (i = 0; i < 8; i++) + set_uint32 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i])); + + return resbuf; +} + +void * +sha224_read_ctx (const struct sha256_ctx *ctx, void *resbuf) +{ + int i; + char *r = resbuf; + + for (i = 0; i < 7; i++) + set_uint32 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i])); + + return resbuf; +} + +/* Process the remaining bytes in the internal buffer and the usual + prolog according to the standard and write the result to RESBUF. */ +static void +sha256_conclude_ctx (struct sha256_ctx *ctx) +{ + /* Take yet unprocessed bytes into account. */ + size_t bytes = ctx->buflen; + size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4; + + /* Now count remaining bytes. */ + ctx->total[0] += bytes; + if (ctx->total[0] < bytes) + ++ctx->total[1]; + + /* Put the 64-bit file length in *bits* at the end of the buffer. + Use set_uint32 rather than a simple assignment, to avoid risk of + unaligned access. */ + set_uint32 ((char *) &ctx->buffer[size - 2], + SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29))); + set_uint32 ((char *) &ctx->buffer[size - 1], + SWAP (ctx->total[0] << 3)); + + memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes); + + /* Process last bytes. */ + sha256_process_block (ctx->buffer, size * 4, ctx); +} + +void * +sha256_finish_ctx (struct sha256_ctx *ctx, void *resbuf) +{ + sha256_conclude_ctx (ctx); + return sha256_read_ctx (ctx, resbuf); +} + +void * +sha224_finish_ctx (struct sha256_ctx *ctx, void *resbuf) +{ + sha256_conclude_ctx (ctx); + return sha224_read_ctx (ctx, resbuf); +} + +/* Compute SHA256 message digest for LEN bytes beginning at BUFFER. The + result is always in little endian byte order, so that a byte-wise + output yields to the wanted ASCII representation of the message + digest. */ +void * +sha256_buffer (const char *buffer, size_t len, void *resblock) +{ + struct sha256_ctx ctx; + + /* Initialize the computation context. */ + sha256_init_ctx (&ctx); + + /* Process whole buffer but last len % 64 bytes. */ + sha256_process_bytes (buffer, len, &ctx); + + /* Put result in desired memory area. */ + return sha256_finish_ctx (&ctx, resblock); +} + +void * +sha224_buffer (const char *buffer, size_t len, void *resblock) +{ + struct sha256_ctx ctx; + + /* Initialize the computation context. */ + sha224_init_ctx (&ctx); + + /* Process whole buffer but last len % 64 bytes. */ + sha256_process_bytes (buffer, len, &ctx); + + /* Put result in desired memory area. */ + return sha224_finish_ctx (&ctx, resblock); +} + +void +sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) +{ + /* When we already have some bits in our internal buffer concatenate + both inputs first. */ + if (ctx->buflen != 0) + { + size_t left_over = ctx->buflen; + size_t add = 128 - left_over > len ? len : 128 - left_over; + + memcpy (&((char *) ctx->buffer)[left_over], buffer, add); + ctx->buflen += add; + + if (ctx->buflen > 64) + { + sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx); + + ctx->buflen &= 63; + /* The regions in the following copy operation cannot overlap, + because ctx->buflen < 64 ≤ (left_over + add) & ~63. */ + memcpy (ctx->buffer, + &((char *) ctx->buffer)[(left_over + add) & ~63], + ctx->buflen); + } + + buffer = (const char *) buffer + add; + len -= add; + } + + /* Process available complete blocks. */ + if (len >= 64) + { +#if !(_STRING_ARCH_unaligned || _STRING_INLINE_unaligned) +# define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0) + if (UNALIGNED_P (buffer)) + while (len > 64) + { + sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); + buffer = (const char *) buffer + 64; + len -= 64; + } + else +#endif + { + sha256_process_block (buffer, len & ~63, ctx); + buffer = (const char *) buffer + (len & ~63); + len &= 63; + } + } + + /* Move remaining bytes in internal buffer. */ + if (len > 0) + { + size_t left_over = ctx->buflen; + + memcpy (&((char *) ctx->buffer)[left_over], buffer, len); + left_over += len; + if (left_over >= 64) + { + sha256_process_block (ctx->buffer, 64, ctx); + left_over -= 64; + /* The regions in the following copy operation cannot overlap, + because left_over ≤ 64. */ + memcpy (ctx->buffer, &ctx->buffer[16], left_over); + } + ctx->buflen = left_over; + } +} + +/* --- Code below is the primary difference between sha1.c and sha256.c --- */ + +/* SHA256 round constants */ +#define K(I) sha256_round_constants[I] +static const uint32_t sha256_round_constants[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL, +}; + +/* Round functions. */ +#define F2(A,B,C) ( ( A & B ) | ( C & ( A | B ) ) ) +#define F1(E,F,G) ( G ^ ( E & ( F ^ G ) ) ) + +/* Process LEN bytes of BUFFER, accumulating context into CTX. + It is assumed that LEN % 64 == 0. + Most of this code comes from GnuPG's cipher/sha1.c. */ + +void +sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) +{ + const uint32_t *words = buffer; + size_t nwords = len / sizeof (uint32_t); + const uint32_t *endp = words + nwords; + uint32_t x[16]; + uint32_t a = ctx->state[0]; + uint32_t b = ctx->state[1]; + uint32_t c = ctx->state[2]; + uint32_t d = ctx->state[3]; + uint32_t e = ctx->state[4]; + uint32_t f = ctx->state[5]; + uint32_t g = ctx->state[6]; + uint32_t h = ctx->state[7]; + uint32_t lolen = len; + + /* First increment the byte count. FIPS PUB 180-2 specifies the possible + length of the file up to 2^64 bits. Here we only compute the + number of bytes. Do a double word increment. */ + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); + +#define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) +#define S0(x) (rol(x,25)^rol(x,14)^(x>>3)) +#define S1(x) (rol(x,15)^rol(x,13)^(x>>10)) +#define SS0(x) (rol(x,30)^rol(x,19)^rol(x,10)) +#define SS1(x) (rol(x,26)^rol(x,21)^rol(x,7)) + +#define M(I) ( tm = S1(x[(I-2)&0x0f]) + x[(I-7)&0x0f] \ + + S0(x[(I-15)&0x0f]) + x[I&0x0f] \ + , x[I&0x0f] = tm ) + +#define R(A,B,C,D,E,F,G,H,K,M) do { t0 = SS0(A) + F2(A,B,C); \ + t1 = H + SS1(E) \ + + F1(E,F,G) \ + + K \ + + M; \ + D += t1; H = t0 + t1; \ + } while(0) + + while (words < endp) + { + uint32_t tm; + uint32_t t0, t1; + int t; + /* FIXME: see sha1.c for a better implementation. */ + for (t = 0; t < 16; t++) + { + x[t] = SWAP (*words); + words++; + } + + R( a, b, c, d, e, f, g, h, K( 0), x[ 0] ); + R( h, a, b, c, d, e, f, g, K( 1), x[ 1] ); + R( g, h, a, b, c, d, e, f, K( 2), x[ 2] ); + R( f, g, h, a, b, c, d, e, K( 3), x[ 3] ); + R( e, f, g, h, a, b, c, d, K( 4), x[ 4] ); + R( d, e, f, g, h, a, b, c, K( 5), x[ 5] ); + R( c, d, e, f, g, h, a, b, K( 6), x[ 6] ); + R( b, c, d, e, f, g, h, a, K( 7), x[ 7] ); + R( a, b, c, d, e, f, g, h, K( 8), x[ 8] ); + R( h, a, b, c, d, e, f, g, K( 9), x[ 9] ); + R( g, h, a, b, c, d, e, f, K(10), x[10] ); + R( f, g, h, a, b, c, d, e, K(11), x[11] ); + R( e, f, g, h, a, b, c, d, K(12), x[12] ); + R( d, e, f, g, h, a, b, c, K(13), x[13] ); + R( c, d, e, f, g, h, a, b, K(14), x[14] ); + R( b, c, d, e, f, g, h, a, K(15), x[15] ); + R( a, b, c, d, e, f, g, h, K(16), M(16) ); + R( h, a, b, c, d, e, f, g, K(17), M(17) ); + R( g, h, a, b, c, d, e, f, K(18), M(18) ); + R( f, g, h, a, b, c, d, e, K(19), M(19) ); + R( e, f, g, h, a, b, c, d, K(20), M(20) ); + R( d, e, f, g, h, a, b, c, K(21), M(21) ); + R( c, d, e, f, g, h, a, b, K(22), M(22) ); + R( b, c, d, e, f, g, h, a, K(23), M(23) ); + R( a, b, c, d, e, f, g, h, K(24), M(24) ); + R( h, a, b, c, d, e, f, g, K(25), M(25) ); + R( g, h, a, b, c, d, e, f, K(26), M(26) ); + R( f, g, h, a, b, c, d, e, K(27), M(27) ); + R( e, f, g, h, a, b, c, d, K(28), M(28) ); + R( d, e, f, g, h, a, b, c, K(29), M(29) ); + R( c, d, e, f, g, h, a, b, K(30), M(30) ); + R( b, c, d, e, f, g, h, a, K(31), M(31) ); + R( a, b, c, d, e, f, g, h, K(32), M(32) ); + R( h, a, b, c, d, e, f, g, K(33), M(33) ); + R( g, h, a, b, c, d, e, f, K(34), M(34) ); + R( f, g, h, a, b, c, d, e, K(35), M(35) ); + R( e, f, g, h, a, b, c, d, K(36), M(36) ); + R( d, e, f, g, h, a, b, c, K(37), M(37) ); + R( c, d, e, f, g, h, a, b, K(38), M(38) ); + R( b, c, d, e, f, g, h, a, K(39), M(39) ); + R( a, b, c, d, e, f, g, h, K(40), M(40) ); + R( h, a, b, c, d, e, f, g, K(41), M(41) ); + R( g, h, a, b, c, d, e, f, K(42), M(42) ); + R( f, g, h, a, b, c, d, e, K(43), M(43) ); + R( e, f, g, h, a, b, c, d, K(44), M(44) ); + R( d, e, f, g, h, a, b, c, K(45), M(45) ); + R( c, d, e, f, g, h, a, b, K(46), M(46) ); + R( b, c, d, e, f, g, h, a, K(47), M(47) ); + R( a, b, c, d, e, f, g, h, K(48), M(48) ); + R( h, a, b, c, d, e, f, g, K(49), M(49) ); + R( g, h, a, b, c, d, e, f, K(50), M(50) ); + R( f, g, h, a, b, c, d, e, K(51), M(51) ); + R( e, f, g, h, a, b, c, d, K(52), M(52) ); + R( d, e, f, g, h, a, b, c, K(53), M(53) ); + R( c, d, e, f, g, h, a, b, K(54), M(54) ); + R( b, c, d, e, f, g, h, a, K(55), M(55) ); + R( a, b, c, d, e, f, g, h, K(56), M(56) ); + R( h, a, b, c, d, e, f, g, K(57), M(57) ); + R( g, h, a, b, c, d, e, f, K(58), M(58) ); + R( f, g, h, a, b, c, d, e, K(59), M(59) ); + R( e, f, g, h, a, b, c, d, K(60), M(60) ); + R( d, e, f, g, h, a, b, c, K(61), M(61) ); + R( c, d, e, f, g, h, a, b, K(62), M(62) ); + R( b, c, d, e, f, g, h, a, K(63), M(63) ); + + a = ctx->state[0] += a; + b = ctx->state[1] += b; + c = ctx->state[2] += c; + d = ctx->state[3] += d; + e = ctx->state[4] += e; + f = ctx->state[5] += f; + g = ctx->state[6] += g; + h = ctx->state[7] += h; + } +} + +#endif + +/* + * Hey Emacs! + * Local Variables: + * coding: utf-8 + * End: + */ \ No newline at end of file diff --git a/libclammspack/test/sha256.h b/libclammspack/test/sha256.h new file mode 100644 index 0000000000..dfc26851eb --- /dev/null +++ b/libclammspack/test/sha256.h @@ -0,0 +1,144 @@ +/* Declarations of functions and data types used for SHA256 and SHA224 sum + library functions. + Copyright (C) 2005-2006, 2008-2024 Free Software Foundation, Inc. + + This file is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + This file is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . */ + +/* Written by David Madore, considerably copypasting from + Scott G. Miller's sha1.c +*/ + +#ifndef SHA256_H +# define SHA256_H 1 + +/* This file uses HAVE_OPENSSL_SHA256. */ +# if !_GL_CONFIG_H_INCLUDED +# error "Please include config.h first." +# endif + +# include +# include + +# if HAVE_OPENSSL_SHA256 +# ifndef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT 0x10101000L /* FIXME: Use OpenSSL 1.1+ API. */ +# endif +/* If would give a compile-time error, don't use OpenSSL. */ +# include +# if OPENSSL_VERSION_MAJOR >= 3 +# include +# if (OPENSSL_CONFIGURED_API \ + < (OPENSSL_API_COMPAT < 0x900000L ? OPENSSL_API_COMPAT : \ + ((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ + + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ + + ((OPENSSL_API_COMPAT >> 12) & 0xFF))) +# undef HAVE_OPENSSL_SHA256 +# endif +# endif +# if HAVE_OPENSSL_SHA256 +# include +# endif +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +enum { SHA224_DIGEST_SIZE = 224 / 8 }; +enum { SHA256_DIGEST_SIZE = 256 / 8 }; + +# if HAVE_OPENSSL_SHA256 +# define GL_OPENSSL_NAME 224 +# include "gl_openssl.h" +# define GL_OPENSSL_NAME 256 +# include "gl_openssl.h" +# else +/* Structure to save state of computation between the single steps. */ +struct sha256_ctx +{ + uint32_t state[8]; + + uint32_t total[2]; + size_t buflen; /* ≥ 0, ≤ 128 */ + uint32_t buffer[32]; /* 128 bytes; the first buflen bytes are in use */ +}; + +/* Initialize structure containing state of computation. */ +extern void sha256_init_ctx (struct sha256_ctx *ctx); +extern void sha224_init_ctx (struct sha256_ctx *ctx); + +/* Starting with the result of former calls of this function (or the + initialization function update the context for the next LEN bytes + starting at BUFFER. + It is necessary that LEN is a multiple of 64!!! */ +extern void sha256_process_block (const void *buffer, size_t len, + struct sha256_ctx *ctx); + +/* Starting with the result of former calls of this function (or the + initialization function update the context for the next LEN bytes + starting at BUFFER. + It is NOT required that LEN is a multiple of 64. */ +extern void sha256_process_bytes (const void *buffer, size_t len, + struct sha256_ctx *ctx); + +/* Process the remaining bytes in the buffer and put result from CTX + in first 32 (28) bytes following RESBUF. The result is always in little + endian byte order, so that a byte-wise output yields to the wanted + ASCII representation of the message digest. */ +extern void *sha256_finish_ctx (struct sha256_ctx *ctx, void *restrict resbuf); +extern void *sha224_finish_ctx (struct sha256_ctx *ctx, void *restrict resbuf); + + +/* Put result from CTX in first 32 (28) bytes following RESBUF. The result is + always in little endian byte order, so that a byte-wise output yields + to the wanted ASCII representation of the message digest. */ +extern void *sha256_read_ctx (const struct sha256_ctx *ctx, + void *restrict resbuf); +extern void *sha224_read_ctx (const struct sha256_ctx *ctx, + void *restrict resbuf); + + +/* Compute SHA256 (SHA224) message digest for LEN bytes beginning at BUFFER. + The result is always in little endian byte order, so that a byte-wise + output yields to the wanted ASCII representation of the message + digest. */ +extern void *sha256_buffer (const char *buffer, size_t len, + void *restrict resblock); +extern void *sha224_buffer (const char *buffer, size_t len, + void *restrict resblock); + +# endif + +/* Compute SHA256 (SHA224) message digest for bytes read from STREAM. + STREAM is an open file stream. Regular files are handled more efficiently. + The contents of STREAM from its current position to its end will be read. + The case that the last operation on STREAM was an 'ungetc' is not supported. + The resulting message digest number will be written into the 32 (28) bytes + beginning at RESBLOCK. */ +extern int sha256_stream (FILE *stream, void *resblock); +extern int sha224_stream (FILE *stream, void *resblock); + + +# ifdef __cplusplus +} +# endif + +#endif + +/* + * Hey Emacs! + * Local Variables: + * coding: utf-8 + * End: + */ \ No newline at end of file From ebc7fc0523d24f24745c55bd8f445dea14ff9a51 Mon Sep 17 00:00:00 2001 From: yunimoo Date: Fri, 26 Jul 2024 11:38:29 -0400 Subject: [PATCH 2/6] Add initial byteswap lib test --- libclammspack/test/byteswap.c | 21 +++++++ libclammspack/test/byteswap.h | 115 ++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+) create mode 100644 libclammspack/test/byteswap.c create mode 100644 libclammspack/test/byteswap.h diff --git a/libclammspack/test/byteswap.c b/libclammspack/test/byteswap.c new file mode 100644 index 0000000000..6e3dad74ea --- /dev/null +++ b/libclammspack/test/byteswap.c @@ -0,0 +1,21 @@ +/* Inline functions for . + + Copyright 2024 Free Software Foundation, Inc. + + This file is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + This file is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . */ + +#include + +#define _GL_BYTESWAP_INLINE _GL_EXTERN_INLINE +#include diff --git a/libclammspack/test/byteswap.h b/libclammspack/test/byteswap.h new file mode 100644 index 0000000000..4be335d915 --- /dev/null +++ b/libclammspack/test/byteswap.h @@ -0,0 +1,115 @@ +/* byteswap.h - Byte swapping + Copyright (C) 2005, 2007, 2009-2024 Free Software Foundation, Inc. + Written by Oskar Liljeblad , 2005. + + This file is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + This file is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . */ + +#ifndef _GL_BYTESWAP_H +#define _GL_BYTESWAP_H 1 + +/* This file uses _GL_INLINE. */ +#if !_GL_CONFIG_H_INCLUDED + #error "Please include config.h first." +#endif + +#include + +_GL_INLINE_HEADER_BEGIN +#ifndef _GL_BYTESWAP_INLINE +# define _GL_BYTESWAP_INLINE _GL_INLINE +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 8) +# define _GL_BYTESWAP_HAS_BUILTIN_BSWAP16 true +#elif defined __has_builtin +# if __has_builtin (__builtin_bswap16) +# define _GL_BYTESWAP_HAS_BUILTIN_BSWAP16 true +# endif +#endif + +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3) +# define _GL_BYTESWAP_HAS_BUILTIN_BSWAP32 true +# define _GL_BYTESWAP_HAS_BUILTIN_BSWAP64 true +#elif defined __has_builtin +# if __has_builtin (__builtin_bswap32) +# define _GL_BYTESWAP_HAS_BUILTIN_BSWAP32 true +# endif +# if __has_builtin (__builtin_bswap64) +# define _GL_BYTESWAP_HAS_BUILTIN_BSWAP64 true +# endif +#endif + +/* Given an unsigned 16-bit argument X, return the value corresponding to + X with reversed byte order. */ +_GL_BYTESWAP_INLINE uint_least16_t +bswap_16 (uint_least16_t x) +{ +#ifdef _GL_BYTESWAP_HAS_BUILTIN_BSWAP16 + return __builtin_bswap16 (x); +#else + uint_fast16_t mask = 0xff; + return ( (x & mask << 8 * 1) >> 8 * 1 + | (x & mask << 8 * 0) << 8 * 1); +#endif +} + +/* Given an unsigned 32-bit argument X, return the value corresponding to + X with reversed byte order. */ +_GL_BYTESWAP_INLINE uint_least32_t +bswap_32 (uint_least32_t x) +{ +#ifdef _GL_BYTESWAP_HAS_BUILTIN_BSWAP32 + return __builtin_bswap32 (x); +#else + uint_fast32_t mask = 0xff; + return ( (x & mask << 8 * 3) >> 8 * 3 + | (x & mask << 8 * 2) >> 8 * 1 + | (x & mask << 8 * 1) << 8 * 1 + | (x & mask << 8 * 0) << 8 * 3); +#endif +} + +#ifdef UINT_LEAST64_MAX +/* Given an unsigned 64-bit argument X, return the value corresponding to + X with reversed byte order. */ +_GL_BYTESWAP_INLINE uint_least64_t +bswap_64 (uint_least64_t x) +{ +# ifdef _GL_BYTESWAP_HAS_BUILTIN_BSWAP64 + return __builtin_bswap64 (x); +# else + uint_fast64_t mask = 0xff; + return ( (x & mask << 8 * 7) >> 8 * 7 + | (x & mask << 8 * 6) >> 8 * 5 + | (x & mask << 8 * 5) >> 8 * 3 + | (x & mask << 8 * 4) >> 8 * 1 + | (x & mask << 8 * 3) << 8 * 1 + | (x & mask << 8 * 2) << 8 * 3 + | (x & mask << 8 * 1) << 8 * 5 + | (x & mask << 8 * 0) << 8 * 7); +# endif +} +#endif + +#ifdef __cplusplus +} +#endif + +_GL_INLINE_HEADER_END + +#endif /* _GL_BYTESWAP_H */ From 9bda6697bc6dab4c553fff1f3af903052b157cd7 Mon Sep 17 00:00:00 2001 From: yunimoo Date: Fri, 26 Jul 2024 11:38:44 -0400 Subject: [PATCH 3/6] Add ansidecl.h lib test --- libclammspack/test/ansidecl.h | 354 ++++++++++++++++++++++++++++++++++ 1 file changed, 354 insertions(+) create mode 100644 libclammspack/test/ansidecl.h diff --git a/libclammspack/test/ansidecl.h b/libclammspack/test/ansidecl.h new file mode 100644 index 0000000000..7284aad39c --- /dev/null +++ b/libclammspack/test/ansidecl.h @@ -0,0 +1,354 @@ +/* Compiler compatibility macros + Copyright (C) 1991-2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ + +/* For ease of writing code which uses GCC extensions but needs to be + portable to other compilers, we provide the GCC_VERSION macro that + simplifies testing __GNUC__ and __GNUC_MINOR__ together, and various + wrappers around __attribute__. Also, __extension__ will be #defined + to nothing if it doesn't work. See below. */ + +#ifndef _ANSIDECL_H +#define _ANSIDECL_H 1 + +#ifdef __cplusplus +extern "C" { +#endif + +/* Every source file includes this file, + so they will all get the switch for lint. */ +/* LINTLIBRARY */ + +/* Using MACRO(x,y) in cpp #if conditionals does not work with some + older preprocessors. Thus we can't define something like this: + +#define HAVE_GCC_VERSION(MAJOR, MINOR) \ + (__GNUC__ > (MAJOR) || (__GNUC__ == (MAJOR) && __GNUC_MINOR__ >= (MINOR))) + +and then test "#if HAVE_GCC_VERSION(2,7)". + +So instead we use the macro below and test it against specific values. */ + +/* This macro simplifies testing whether we are using gcc, and if it + is of a particular minimum version. (Both major & minor numbers are + significant.) This macro will evaluate to 0 if we are not using + gcc at all. */ +#ifndef GCC_VERSION +#define GCC_VERSION (__GNUC__ * 1000 + __GNUC_MINOR__) +#endif /* GCC_VERSION */ + +/* inline requires special treatment; it's in C99, and GCC >=2.7 supports + it too, but it's not in C89. */ +#undef inline +#if (!defined(__cplusplus) && __STDC_VERSION__ >= 199901L) || defined(__cplusplus) || (defined(__SUNPRO_C) && defined(__C99FEATURES__)) +/* it's a keyword */ +#else +# if GCC_VERSION >= 2007 +# define inline __inline__ /* __inline__ prevents -pedantic warnings */ +# else +# define inline /* nothing */ +# endif +#endif + +/* Define macros for some gcc attributes. This permits us to use the + macros freely, and know that they will come into play for the + version of gcc in which they are supported. */ + +#if (GCC_VERSION < 2007) +# define __attribute__(x) +#endif + +/* Attribute __malloc__ on functions was valid as of gcc 2.96. */ +#ifndef ATTRIBUTE_MALLOC +# if (GCC_VERSION >= 2096) +# define ATTRIBUTE_MALLOC __attribute__ ((__malloc__)) +# else +# define ATTRIBUTE_MALLOC +# endif /* GNUC >= 2.96 */ +#endif /* ATTRIBUTE_MALLOC */ + +/* Attributes on labels were valid as of gcc 2.93 and g++ 4.5. For + g++ an attribute on a label must be followed by a semicolon. */ +#ifndef ATTRIBUTE_UNUSED_LABEL +# ifndef __cplusplus +# if GCC_VERSION >= 2093 +# define ATTRIBUTE_UNUSED_LABEL ATTRIBUTE_UNUSED +# else +# define ATTRIBUTE_UNUSED_LABEL +# endif +# else +# if GCC_VERSION >= 4005 +# define ATTRIBUTE_UNUSED_LABEL ATTRIBUTE_UNUSED ; +# else +# define ATTRIBUTE_UNUSED_LABEL +# endif +# endif +#endif + +/* Similarly to ARG_UNUSED below. Prior to GCC 3.4, the C++ frontend + couldn't parse attributes placed after the identifier name, and now + the entire compiler is built with C++. */ +#ifndef ATTRIBUTE_UNUSED +#if GCC_VERSION >= 3004 +# define ATTRIBUTE_UNUSED __attribute__ ((__unused__)) +#else +#define ATTRIBUTE_UNUSED +#endif +#endif /* ATTRIBUTE_UNUSED */ + +/* Before GCC 3.4, the C++ frontend couldn't parse attributes placed after the + identifier name. */ +#if ! defined(__cplusplus) || (GCC_VERSION >= 3004) +# define ARG_UNUSED(NAME) NAME ATTRIBUTE_UNUSED +#else /* !__cplusplus || GNUC >= 3.4 */ +# define ARG_UNUSED(NAME) NAME +#endif /* !__cplusplus || GNUC >= 3.4 */ + +#ifndef ATTRIBUTE_NORETURN +#define ATTRIBUTE_NORETURN __attribute__ ((__noreturn__)) +#endif /* ATTRIBUTE_NORETURN */ + +/* Attribute `nonnull' was valid as of gcc 3.3. */ +#ifndef ATTRIBUTE_NONNULL +# if (GCC_VERSION >= 3003) +# define ATTRIBUTE_NONNULL(m) __attribute__ ((__nonnull__ (m))) +# else +# define ATTRIBUTE_NONNULL(m) +# endif /* GNUC >= 3.3 */ +#endif /* ATTRIBUTE_NONNULL */ + +/* Attribute `returns_nonnull' was valid as of gcc 4.9. */ +#ifndef ATTRIBUTE_RETURNS_NONNULL +# if (GCC_VERSION >= 4009) +# define ATTRIBUTE_RETURNS_NONNULL __attribute__ ((__returns_nonnull__)) +# else +# define ATTRIBUTE_RETURNS_NONNULL +# endif /* GNUC >= 4.9 */ +#endif /* ATTRIBUTE_RETURNS_NONNULL */ + +/* Attribute `pure' was valid as of gcc 3.0. */ +#ifndef ATTRIBUTE_PURE +# if (GCC_VERSION >= 3000) +# define ATTRIBUTE_PURE __attribute__ ((__pure__)) +# else +# define ATTRIBUTE_PURE +# endif /* GNUC >= 3.0 */ +#endif /* ATTRIBUTE_PURE */ + +/* Use ATTRIBUTE_PRINTF when the format specifier must not be NULL. + This was the case for the `printf' format attribute by itself + before GCC 3.3, but as of 3.3 we need to add the `nonnull' + attribute to retain this behavior. */ +#ifndef ATTRIBUTE_PRINTF +#define ATTRIBUTE_PRINTF(m, n) __attribute__ ((__format__ (__printf__, m, n))) ATTRIBUTE_NONNULL(m) +#define ATTRIBUTE_PRINTF_1 ATTRIBUTE_PRINTF(1, 2) +#define ATTRIBUTE_PRINTF_2 ATTRIBUTE_PRINTF(2, 3) +#define ATTRIBUTE_PRINTF_3 ATTRIBUTE_PRINTF(3, 4) +#define ATTRIBUTE_PRINTF_4 ATTRIBUTE_PRINTF(4, 5) +#define ATTRIBUTE_PRINTF_5 ATTRIBUTE_PRINTF(5, 6) +#endif /* ATTRIBUTE_PRINTF */ + +/* Use ATTRIBUTE_FPTR_PRINTF when the format attribute is to be set on + a function pointer. Format attributes were allowed on function + pointers as of gcc 3.1. */ +#ifndef ATTRIBUTE_FPTR_PRINTF +# if (GCC_VERSION >= 3001) +# define ATTRIBUTE_FPTR_PRINTF(m, n) ATTRIBUTE_PRINTF(m, n) +# else +# define ATTRIBUTE_FPTR_PRINTF(m, n) +# endif /* GNUC >= 3.1 */ +# define ATTRIBUTE_FPTR_PRINTF_1 ATTRIBUTE_FPTR_PRINTF(1, 2) +# define ATTRIBUTE_FPTR_PRINTF_2 ATTRIBUTE_FPTR_PRINTF(2, 3) +# define ATTRIBUTE_FPTR_PRINTF_3 ATTRIBUTE_FPTR_PRINTF(3, 4) +# define ATTRIBUTE_FPTR_PRINTF_4 ATTRIBUTE_FPTR_PRINTF(4, 5) +# define ATTRIBUTE_FPTR_PRINTF_5 ATTRIBUTE_FPTR_PRINTF(5, 6) +#endif /* ATTRIBUTE_FPTR_PRINTF */ + +/* Use ATTRIBUTE_NULL_PRINTF when the format specifier may be NULL. A + NULL format specifier was allowed as of gcc 3.3. */ +#ifndef ATTRIBUTE_NULL_PRINTF +# if (GCC_VERSION >= 3003) +# define ATTRIBUTE_NULL_PRINTF(m, n) __attribute__ ((__format__ (__printf__, m, n))) +# else +# define ATTRIBUTE_NULL_PRINTF(m, n) +# endif /* GNUC >= 3.3 */ +# define ATTRIBUTE_NULL_PRINTF_1 ATTRIBUTE_NULL_PRINTF(1, 2) +# define ATTRIBUTE_NULL_PRINTF_2 ATTRIBUTE_NULL_PRINTF(2, 3) +# define ATTRIBUTE_NULL_PRINTF_3 ATTRIBUTE_NULL_PRINTF(3, 4) +# define ATTRIBUTE_NULL_PRINTF_4 ATTRIBUTE_NULL_PRINTF(4, 5) +# define ATTRIBUTE_NULL_PRINTF_5 ATTRIBUTE_NULL_PRINTF(5, 6) +#endif /* ATTRIBUTE_NULL_PRINTF */ + +/* Attribute `sentinel' was valid as of gcc 3.5. */ +#ifndef ATTRIBUTE_SENTINEL +# if (GCC_VERSION >= 3005) +# define ATTRIBUTE_SENTINEL __attribute__ ((__sentinel__)) +# else +# define ATTRIBUTE_SENTINEL +# endif /* GNUC >= 3.5 */ +#endif /* ATTRIBUTE_SENTINEL */ + + +#ifndef ATTRIBUTE_ALIGNED_ALIGNOF +# if (GCC_VERSION >= 3000) +# define ATTRIBUTE_ALIGNED_ALIGNOF(m) __attribute__ ((__aligned__ (__alignof__ (m)))) +# else +# define ATTRIBUTE_ALIGNED_ALIGNOF(m) +# endif /* GNUC >= 3.0 */ +#endif /* ATTRIBUTE_ALIGNED_ALIGNOF */ + +/* Useful for structures whose layout must match some binary specification + regardless of the alignment and padding qualities of the compiler. */ +#ifndef ATTRIBUTE_PACKED +# define ATTRIBUTE_PACKED __attribute__ ((packed)) +#endif + +/* Attribute `hot' and `cold' was valid as of gcc 4.3. */ +#ifndef ATTRIBUTE_COLD +# if (GCC_VERSION >= 4003) +# define ATTRIBUTE_COLD __attribute__ ((__cold__)) +# else +# define ATTRIBUTE_COLD +# endif /* GNUC >= 4.3 */ +#endif /* ATTRIBUTE_COLD */ +#ifndef ATTRIBUTE_HOT +# if (GCC_VERSION >= 4003) +# define ATTRIBUTE_HOT __attribute__ ((__hot__)) +# else +# define ATTRIBUTE_HOT +# endif /* GNUC >= 4.3 */ +#endif /* ATTRIBUTE_HOT */ + +/* Attribute 'no_sanitize_undefined' was valid as of gcc 4.9. */ +#ifndef ATTRIBUTE_NO_SANITIZE_UNDEFINED +# if (GCC_VERSION >= 4009) +# define ATTRIBUTE_NO_SANITIZE_UNDEFINED __attribute__ ((no_sanitize_undefined)) +# else +# define ATTRIBUTE_NO_SANITIZE_UNDEFINED +# endif /* GNUC >= 4.9 */ +#endif /* ATTRIBUTE_NO_SANITIZE_UNDEFINED */ + +/* Attribute 'nonstring' was valid as of gcc 8. */ +#ifndef ATTRIBUTE_NONSTRING +# if GCC_VERSION >= 8000 +# define ATTRIBUTE_NONSTRING __attribute__ ((__nonstring__)) +# else +# define ATTRIBUTE_NONSTRING +# endif +#endif + +/* Attribute `alloc_size' was valid as of gcc 4.3. */ +#ifndef ATTRIBUTE_RESULT_SIZE_1 +# if (GCC_VERSION >= 4003) +# define ATTRIBUTE_RESULT_SIZE_1 __attribute__ ((alloc_size (1))) +# else +# define ATTRIBUTE_RESULT_SIZE_1 +#endif +#endif + +#ifndef ATTRIBUTE_RESULT_SIZE_2 +# if (GCC_VERSION >= 4003) +# define ATTRIBUTE_RESULT_SIZE_2 __attribute__ ((alloc_size (2))) +# else +# define ATTRIBUTE_RESULT_SIZE_2 +#endif +#endif + +#ifndef ATTRIBUTE_RESULT_SIZE_1_2 +# if (GCC_VERSION >= 4003) +# define ATTRIBUTE_RESULT_SIZE_1_2 __attribute__ ((alloc_size (1, 2))) +# else +# define ATTRIBUTE_RESULT_SIZE_1_2 +#endif +#endif + +/* Attribute `warn_unused_result' was valid as of gcc 3.3. */ +#ifndef ATTRIBUTE_WARN_UNUSED_RESULT +# if GCC_VERSION >= 3003 +# define ATTRIBUTE_WARN_UNUSED_RESULT __attribute__ ((__warn_unused_result__)) +# else +# define ATTRIBUTE_WARN_UNUSED_RESULT +# endif +#endif + +/* We use __extension__ in some places to suppress -pedantic warnings + about GCC extensions. This feature didn't work properly before + gcc 2.8. */ +#if GCC_VERSION < 2008 +#define __extension__ +#endif + +/* This is used to declare a const variable which should be visible + outside of the current compilation unit. Use it as + EXPORTED_CONST int i = 1; + This is because the semantics of const are different in C and C++. + "extern const" is permitted in C but it looks strange, and gcc + warns about it when -Wc++-compat is not used. */ +#ifdef __cplusplus +#define EXPORTED_CONST extern const +#else +#define EXPORTED_CONST const +#endif + +/* Be conservative and only use enum bitfields with C++ or GCC. + FIXME: provide a complete autoconf test for buggy enum bitfields. */ + +#ifdef __cplusplus +#define ENUM_BITFIELD(TYPE) enum TYPE +#elif (GCC_VERSION > 2000) +#define ENUM_BITFIELD(TYPE) __extension__ enum TYPE +#else +#define ENUM_BITFIELD(TYPE) unsigned int +#endif + +#if defined(__cplusplus) && __cpp_constexpr >= 200704 +#define CONSTEXPR constexpr +#else +#define CONSTEXPR +#endif + +/* A macro to disable the copy constructor and assignment operator. + When building with C++11 and above, the methods are explicitly + deleted, causing a compile-time error if something tries to copy. + For C++03, this just declares the methods, causing a link-time + error if the methods end up called (assuming you don't + define them). For C++03, for best results, place the macro + under the private: access specifier, like this, + + class name_lookup + { + private: + DISABLE_COPY_AND_ASSIGN (name_lookup); + }; + + so that most attempts at copy are caught at compile-time. */ + +#if defined(__cplusplus) && __cplusplus >= 201103 +#define DISABLE_COPY_AND_ASSIGN(TYPE) \ + TYPE (const TYPE&) = delete; \ + void operator= (const TYPE &) = delete + #else +#define DISABLE_COPY_AND_ASSIGN(TYPE) \ + TYPE (const TYPE&); \ + void operator= (const TYPE &) +#endif /* __cplusplus >= 201103 */ + +#ifdef __cplusplus +} +#endif + +#endif /* ansidecl.h */ \ No newline at end of file From 90c1bcda0402b8db3f5c3fa63a37c070a8aa76bf Mon Sep 17 00:00:00 2001 From: yunimoo Date: Fri, 26 Jul 2024 12:51:32 -0400 Subject: [PATCH 4/6] Replace MD5 struct member with SHA256 --- libclamav/clamav.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libclamav/clamav.h b/libclamav/clamav.h index 6e12699266..8e81736ac0 100644 --- a/libclamav/clamav.h +++ b/libclamav/clamav.h @@ -1101,7 +1101,7 @@ struct cl_cvd { /* field no. */ unsigned int sigs; /* 4 */ unsigned int fl; /* 5 */ /* padding */ - char *md5; /* 6 */ + char *sha256; /* 6 */ char *dsig; /* 7 */ char *builder; /* 8 */ unsigned int stime; /* 9 */ From 4aca56870385bfebc752f6e0788e9f853e75f2e6 Mon Sep 17 00:00:00 2001 From: yunimoo Date: Fri, 26 Jul 2024 12:52:21 -0400 Subject: [PATCH 5/6] Use SHA256 instead of MD5 for hashing --- libclamav/cvd.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/libclamav/cvd.c b/libclamav/cvd.c index 6d54dc7998..574463535e 100644 --- a/libclamav/cvd.c +++ b/libclamav/cvd.c @@ -445,8 +445,8 @@ struct cl_cvd *cl_cvdparse(const char *head) cvd->fl = atoi(pt); free(pt); - if (!(cvd->md5 = cli_strtok(head, 5, ":"))) { - cli_errmsg("cli_cvdparse: Can't parse the MD5 checksum\n"); + if (!(cvd->sha256= cli_strtok(head, 5, ":"))) { + cli_errmsg("cli_cvdparse: Can't parse the SHA256 checksum\n"); free(cvd->time); free(cvd); return NULL; @@ -455,7 +455,7 @@ struct cl_cvd *cl_cvdparse(const char *head) if (!(cvd->dsig = cli_strtok(head, 6, ":"))) { cli_errmsg("cli_cvdparse: Can't parse the digital signature\n"); free(cvd->time); - free(cvd->md5); + free(cvd->sha256); free(cvd); return NULL; } @@ -463,7 +463,7 @@ struct cl_cvd *cl_cvdparse(const char *head) if (!(cvd->builder = cli_strtok(head, 7, ":"))) { cli_errmsg("cli_cvdparse: Can't parse the builder name\n"); free(cvd->time); - free(cvd->md5); + free(cvd->sha256); free(cvd->dsig); free(cvd); return NULL; @@ -513,7 +513,7 @@ struct cl_cvd *cl_cvdhead(const char *file) void cl_cvdfree(struct cl_cvd *cvd) { free(cvd->time); - free(cvd->md5); + free(cvd->sha256); free(cvd->dsig); free(cvd->builder); free(cvd); @@ -530,7 +530,7 @@ void cl_cvdfree(struct cl_cvd *cvd) static cl_error_t cli_cvdverify(FILE *fs, struct cl_cvd *cvdpt, unsigned int skipsig) { struct cl_cvd *cvd; - char *md5, head[513]; + char *sha256, head[513]; int i; fseek(fs, 0, SEEK_SET); @@ -554,29 +554,29 @@ static cl_error_t cli_cvdverify(FILE *fs, struct cl_cvd *cvdpt, unsigned int ski return CL_SUCCESS; } - md5 = cli_hashstream(fs, NULL, 1); - if (md5 == NULL) { + sha256 = cli_hashstream(fs, NULL, -1); + if (sha256 == NULL) { cli_dbgmsg("cli_cvdverify: Cannot generate hash, out of memory\n"); cl_cvdfree(cvd); return CL_EMEM; } - cli_dbgmsg("MD5(.tar.gz) = %s\n", md5); + cli_dbgmsg("SHA256(.tar.gz) = %s\n", sha256); - if (strncmp(md5, cvd->md5, 32)) { - cli_dbgmsg("cli_cvdverify: MD5 verification error\n"); - free(md5); + if (strncmp(sha256, cvd->sha256, 32)) { + cli_dbgmsg("cli_cvdverify: SHA256 verification error\n"); + free(sha256); cl_cvdfree(cvd); return CL_EVERIFY; } - if (cli_versig(md5, cvd->dsig)) { + if (cli_versig(sha256, cvd->dsig)) { cli_dbgmsg("cli_cvdverify: Digital signature verification error\n"); - free(md5); + free(sha256); cl_cvdfree(cvd); return CL_EVERIFY; } - free(md5); + free(sha256); cl_cvdfree(cvd); return CL_SUCCESS; } From b34e0a7e74cfc7242e204e43d54362f4c4a8e8fb Mon Sep 17 00:00:00 2001 From: yunimoo Date: Fri, 26 Jul 2024 12:53:15 -0400 Subject: [PATCH 6/6] Use SHA256 over MD5 for libtool --- sigtool/sigtool.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/sigtool/sigtool.c b/sigtool/sigtool.c index 8e36a4684b..d825fe0223 100644 --- a/sigtool/sigtool.c +++ b/sigtool/sigtool.c @@ -1054,7 +1054,7 @@ static int build(const struct optstruct *opts) real_header = strlen(header); - /* add fake MD5 and dsig (for writeinfo) */ + /* add fake SHA256 and dsig (for writeinfo) */ strcat(header, "X:X:"); if ((pt = getenv("SIGNDUSER"))) { @@ -1140,7 +1140,7 @@ static int build(const struct optstruct *opts) gzclose(tar); FREE_LS(dblist2); - /* MD5 + dsig */ + /* SHA256 + dsig */ if (!(fh = fopen(tarfile, "rb"))) { mprintf(LOGG_ERROR, "build: Can't open file %s for reading\n", tarfile); unlink(tarfile); @@ -1148,8 +1148,8 @@ static int build(const struct optstruct *opts) return -1; } - if (!(pt = cli_hashstream(fh, buffer, 1))) { - mprintf(LOGG_ERROR, "build: Can't generate MD5 checksum for %s\n", tarfile); + if (!(pt = cli_hashstream(fh, buffer, -1))) { + mprintf(LOGG_ERROR, "build: Can't generate SHA256 checksum for %s\n", tarfile); fclose(fh); unlink(tarfile); free(tarfile); @@ -1365,7 +1365,7 @@ static int cvdinfo(const struct optstruct *opts) pt = optget(opts, "info")->strarg; if (cli_strbcasestr(pt, ".cvd")) { - mprintf(LOGG_INFO, "MD5: %s\n", cvd->md5); + mprintf(LOGG_INFO, "SHA256: %s\n", cvd->sha256); mprintf(LOGG_INFO, "Digital signature: %s\n", cvd->dsig); } cl_cvdfree(cvd); @@ -2009,24 +2009,24 @@ static int maxlinelen(const char *file) static int compare(const char *oldpath, const char *newpath, FILE *diff) { FILE *old, *new; - char *obuff, *nbuff, *tbuff, *pt, *omd5, *nmd5; + char *obuff, *nbuff, *tbuff, *pt, *osha256, *nsha256; unsigned int oline = 0, tline, found, i, badxchg = 0; int l1 = 0, l2; long opos; - if (!access(oldpath, R_OK) && (omd5 = cli_hashfile(oldpath, 1))) { - if (!(nmd5 = cli_hashfile(newpath, 1))) { - mprintf(LOGG_ERROR, "compare: Can't get MD5 checksum of %s\n", newpath); - free(omd5); + if (!access(oldpath, R_OK) && (osha256 = cli_hashfile(oldpath, NULL))) { + if (!(nsha256 = cli_hashfile(newpath, NULL))) { + mprintf(LOGG_ERROR, "compare: Can't get SHA256 checksum of %s\n", newpath); + free(osha256); return -1; } - if (!strcmp(omd5, nmd5)) { - free(omd5); - free(nmd5); + if (!strcmp(osha256, nsha256)) { + free(osha256); + free(nsha256); return 0; } - free(omd5); - free(nmd5); + free(osha256); + free(nsha256); l1 = maxlinelen(oldpath); } @@ -3646,8 +3646,8 @@ static void help(void) mprintf(LOGG_INFO, " --stdout Write to stdout instead of stderr. Does not affect 'debug' messages.\n"); mprintf(LOGG_INFO, " --hex-dump Convert data from stdin to a hex\n"); mprintf(LOGG_INFO, " string and print it on stdout\n"); - mprintf(LOGG_INFO, " --md5 [FILES] Generate MD5 checksum from stdin\n"); - mprintf(LOGG_INFO, " or MD5 sigs for FILES\n"); + mprintf(LOGG_INFO, " --md5 [FILES] Generate md5 checksum from stdin\n"); + mprintf(LOGG_INFO, " or SHA256 sigs for FILES\n"); mprintf(LOGG_INFO, " --sha1 [FILES] Generate SHA1 checksum from stdin\n"); mprintf(LOGG_INFO, " or SHA1 sigs for FILES\n"); mprintf(LOGG_INFO, " --sha256 [FILES] Generate SHA256 checksum from stdin\n");