update: sha1 is not mandatory anymore

db8f5176 · Rafaël Carré · a3a04b83 · db8f5176 · db8f5176 · db8f5176
Commit db8f5176 authored May 11, 2014 by Rafaël Carré
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 42 deletions

src/misc/update.c src/misc/update.c +6 -6

src/misc/update.h src/misc/update.h +9 -26

src/misc/update_crypto.c src/misc/update_crypto.c +10 -10

No files found.
--- a/src/misc/update.c
+++ b/src/misc/update.c
@@ -307,7 +307,7 @@ static bool GetUpdateFile( update_t *p_update )
            goto error;
        }

-        uint8_t *p_hash = hash_sha1_from_public_key( p_new_pkey );
+        uint8_t *p_hash = hash_from_public_key( p_new_pkey );
        if( !p_hash )
        {
            msg_Err( p_update->p_libvlc, "Failed to hash signature" );
@@ -332,17 +332,17 @@ static bool GetUpdateFile( update_t *p_update )
        }
    }

-    uint8_t *p_hash = hash_sha1_from_text( psz_update_data, &sign );
+    uint8_t *p_hash = hash_from_text( psz_update_data, &sign );
    if( !p_hash )
    {
-        msg_Warn( p_update->p_libvlc, "Can't compute SHA1 hash for status file" );
+        msg_Warn( p_update->p_libvlc, "Can't compute hash for status file" );
        goto error;
    }

    else if( p_hash[0] != sign.hash_verification[0] ||
        p_hash[1] != sign.hash_verification[1] )
    {
-        msg_Warn( p_update->p_libvlc, "Bad SHA1 hash for status file" );
+        msg_Warn( p_update->p_libvlc, "Bad hash for status file" );
        free( p_hash );
        goto error;
    }
@@ -671,7 +671,7 @@ static void* update_DownloadReal( void *obj )
        goto end;
    }

-    uint8_t *p_hash = hash_sha1_from_file( psz_destfile, &sign );
+    uint8_t *p_hash = hash_from_file( psz_destfile, &sign );
    if( !p_hash )
    {
        msg_Err( p_udt, "Unable to hash %s", psz_destfile );
@@ -691,7 +691,7 @@ static void* update_DownloadReal( void *obj )
        dialog_FatalWait( p_udt, _("File corrupted"),
            _("Downloaded file \"%s\" was corrupted. Thus, it was deleted."),
             psz_destfile );
-        msg_Err( p_udt, "Bad SHA1 hash for %s", psz_destfile );
+        msg_Err( p_udt, "Bad hash for %s", psz_destfile );
        free( p_hash );
        goto end;
    }

--- a/src/misc/update.h
+++ b/src/misc/update.h
@@ -20,23 +20,6 @@
 * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
 *****************************************************************************/

-/* Go reading the rfc 4880 ! NOW !! */
-
-/*
- * XXX
- *  When PGP-signing a file, we only sign a SHA-1 hash of this file
- *  The DSA key size requires that we use an algorithm which produce
- *  a 160 bits long hash
- *  An alternative is RIPEMD160 , which you can use by giving the option
- *      --digest-algo RIPEMD160 to GnuPG
- *
- *  As soon as SHA-1 is broken, this method is not secure anymore, because an
- *  attacker could generate a file with the same SHA-1 hash.
- *
- *  Whenever this happens, we need to use another algorithm / type of key.
- * XXX
- */
-
 #include <vlc_update.h>
 #include <vlc_atomic.h>

@@ -65,7 +48,7 @@ enum    /* Signature subpacket types */
 };

 struct public_key_packet_t
-{ /* a public key packet (DSA/SHA-1) is 418 bytes */
+{ /* a public key packet (DSA) is 418 bytes */

    uint8_t version;      /* we use only version 4 */
    uint8_t timestamp[4]; /* creation time of the key */
@@ -84,7 +67,7 @@ struct signature_packet_t

    uint8_t type;
    uint8_t public_key_algo;    /* DSA only */
-    uint8_t digest_algo;        /* SHA-1 only */
+    uint8_t digest_algo;

    uint8_t hash_verification[2];
    uint8_t issuer_longid[8];
@@ -191,7 +174,7 @@ parse_public_key(
        const uint8_t *p_sig_issuer );

 /*
- * Verify an OpenPGP signature made on some SHA-1 hash, with some DSA public key
+ * Verify an OpenPGP signature made on some hash, with some DSA public key
 */
 int
 verify_signature(signature_packet_t *sign, public_key_packet_t *p_key,
@@ -206,21 +189,21 @@ download_signature(
        vlc_object_t *p_this, signature_packet_t *p_sig, const char *psz_url );

 /*
- * return a sha1 hash of a text
+ * return a hash of a text
 */
 uint8_t *
-hash_sha1_from_text(
+hash_from_text(
        const char *psz_text, signature_packet_t *p_sig );

 /*
- * return a sha1 hash of a file
+ * return a hash of a file
 */
 uint8_t *
-hash_sha1_from_file(
+hash_from_file(
        const char *psz_file, signature_packet_t *p_sig );

 /*
- * return a sha1 hash of a public key
+ * return a hash of a public key
 */
 uint8_t *
-hash_sha1_from_public_key( public_key_t *p_pkey );
+hash_from_public_key( public_key_t *p_pkey );
--- a/src/misc/update_crypto.c
+++ b/src/misc/update_crypto.c
 /*****************************************************************************
- * update_crypto.c: DSA/SHA1 related functions used for updating
+ * update_crypto.c: DSA related functions used for updating
 *****************************************************************************
 * Copyright © 2008-2009 VLC authors and VideoLAN
 * $Id$
@@ -158,7 +158,7 @@ static size_t parse_signature_v3_packet( signature_packet_t *p_sig,

 /*
 * fill a signature_packet_v4_t from signature packet data
- * verify that it was used with a DSA public key, using SHA-1 digest
+ * verify that it was used with a DSA public key
 */
 static size_t parse_signature_v4_packet( signature_packet_t *p_sig,
                                      const uint8_t *p_buf, size_t i_sig_len )
@@ -412,12 +412,12 @@ static int pgp_unarmor( const char *p_ibuf, size_t i_ibuf_len,


 /*
- * Verify an OpenPGP signature made on some SHA-1 hash, with some DSA public key
+ * Verify an OpenPGP signature made with some DSA public key
 */
 int verify_signature( signature_packet_t *sign, public_key_packet_t *p_key,
                      uint8_t *p_hash )
 {
-    /* the data to be verified (a SHA-1 hash) */
+    /* the data to be verified (a hash) */
    const char *hash_sexp_s = "(data(flags raw)(value %m))";
    /* the public key */
    const char *key_sexp_s = "(public-key(dsa(p %m)(q %m)(g %m)(y %m)))";
@@ -668,9 +668,9 @@ static uint8_t *hash_finish( gcry_md_hd_t hd, signature_packet_t *p_sig )


 /*
- * return a sha1 hash of a text
+ * return a hash of a text
 */
-uint8_t *hash_sha1_from_text( const char *psz_string,
+uint8_t *hash_from_text( const char *psz_string,
        signature_packet_t *p_sig )
 {
    gcry_md_hd_t hd;
@@ -703,9 +703,9 @@ uint8_t *hash_sha1_from_text( const char *psz_string,


 /*
- * return a sha1 hash of a file
+ * return a hash of a file
 */
-uint8_t *hash_sha1_from_file( const char *psz_file, signature_packet_t *p_sig )
+uint8_t *hash_from_file( const char *psz_file, signature_packet_t *p_sig )
 {
    gcry_md_hd_t hd;
    if( gcry_md_open( &hd, p_sig->digest_algo, 0 ) )
@@ -722,10 +722,10 @@ uint8_t *hash_sha1_from_file( const char *psz_file, signature_packet_t *p_sig )


 /*
- * Generate a SHA1 hash on a public key, to verify a signature made on that hash
+ * Generate a hash on a public key, to verify a signature made on that hash
 * Note that we need the signature (v4) to compute the hash
 */
-uint8_t *hash_sha1_from_public_key( public_key_t *p_pkey )
+uint8_t *hash_from_public_key( public_key_t *p_pkey )
 {
    if( p_pkey->sig.version != 4 )
        return NULL;