Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use SHA-2 hash over MD5 #1320

Closed
wants to merge 6 commits into from
Closed

Use SHA-2 hash over MD5 #1320

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ecb47ee
Add initial sha256 lib test
yunimoo Jul 26, 2024
ebc7fc0
Add initial byteswap lib test
yunimoo Jul 26, 2024
9bda669
Add ansidecl.h lib test
yunimoo Jul 26, 2024
90c1bcd
Replace MD5 struct member with SHA256
yunimoo Jul 26, 2024
4aca568
Use SHA256 instead of MD5 for hashing
yunimoo Jul 26, 2024
b34e0a7
Use SHA256 over MD5 for libtool
yunimoo Jul 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion libclamav/clamav.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1101,7 +1101,7 @@ struct cl_cvd { /* field no. */
unsigned int sigs; /* 4 */
unsigned int fl; /* 5 */
/* padding */
char *md5; /* 6 */
char *sha256; /* 6 */
char *dsig; /* 7 */
char *builder; /* 8 */
unsigned int stime; /* 9 */
Expand Down
30 changes: 15 additions & 15 deletions libclamav/cvd.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -445,8 +445,8 @@ struct cl_cvd *cl_cvdparse(const char *head)
cvd->fl = atoi(pt);
free(pt);

if (!(cvd->md5 = cli_strtok(head, 5, ":"))) {
cli_errmsg("cli_cvdparse: Can't parse the MD5 checksum\n");
if (!(cvd->sha256= cli_strtok(head, 5, ":"))) {
cli_errmsg("cli_cvdparse: Can't parse the SHA256 checksum\n");
free(cvd->time);
free(cvd);
return NULL;
Expand All @@ -455,15 +455,15 @@ struct cl_cvd *cl_cvdparse(const char *head)
if (!(cvd->dsig = cli_strtok(head, 6, ":"))) {
cli_errmsg("cli_cvdparse: Can't parse the digital signature\n");
free(cvd->time);
free(cvd->md5);
free(cvd->sha256);
free(cvd);
return NULL;
}

if (!(cvd->builder = cli_strtok(head, 7, ":"))) {
cli_errmsg("cli_cvdparse: Can't parse the builder name\n");
free(cvd->time);
free(cvd->md5);
free(cvd->sha256);
free(cvd->dsig);
free(cvd);
return NULL;
Expand Down Expand Up @@ -513,7 +513,7 @@ struct cl_cvd *cl_cvdhead(const char *file)
void cl_cvdfree(struct cl_cvd *cvd)
{
free(cvd->time);
free(cvd->md5);
free(cvd->sha256);
free(cvd->dsig);
free(cvd->builder);
free(cvd);
Expand All @@ -530,7 +530,7 @@ void cl_cvdfree(struct cl_cvd *cvd)
static cl_error_t cli_cvdverify(FILE *fs, struct cl_cvd *cvdpt, unsigned int skipsig)
{
struct cl_cvd *cvd;
char *md5, head[513];
char *sha256, head[513];
int i;

fseek(fs, 0, SEEK_SET);
Expand All @@ -554,29 +554,29 @@ static cl_error_t cli_cvdverify(FILE *fs, struct cl_cvd *cvdpt, unsigned int ski
return CL_SUCCESS;
}

md5 = cli_hashstream(fs, NULL, 1);
if (md5 == NULL) {
sha256 = cli_hashstream(fs, NULL, -1);
if (sha256 == NULL) {
cli_dbgmsg("cli_cvdverify: Cannot generate hash, out of memory\n");
cl_cvdfree(cvd);
return CL_EMEM;
}
cli_dbgmsg("MD5(.tar.gz) = %s\n", md5);
cli_dbgmsg("SHA256(.tar.gz) = %s\n", sha256);

if (strncmp(md5, cvd->md5, 32)) {
cli_dbgmsg("cli_cvdverify: MD5 verification error\n");
free(md5);
if (strncmp(sha256, cvd->sha256, 32)) {
cli_dbgmsg("cli_cvdverify: SHA256 verification error\n");
free(sha256);
cl_cvdfree(cvd);
return CL_EVERIFY;
}

if (cli_versig(md5, cvd->dsig)) {
if (cli_versig(sha256, cvd->dsig)) {
cli_dbgmsg("cli_cvdverify: Digital signature verification error\n");
free(md5);
free(sha256);
cl_cvdfree(cvd);
return CL_EVERIFY;
}

free(md5);
free(sha256);
cl_cvdfree(cvd);
return CL_SUCCESS;
}
Expand Down
Loading