From 92920dd0b9efed3e7467b4b18b68df86f9eee9d8 Mon Sep 17 00:00:00 2001 From: Fabian Groffen Date: Mon, 1 Jan 2024 14:17:56 +0100 Subject: *: remove WHIRLPOOL hash support WHIRLPOOL has not been in use since mid 2017, and its support is bound to be removed from OpenSSL. Signed-off-by: Fabian Groffen --- libq/hash.c | 26 +++----------------------- libq/hash.h | 14 +++++++------- libq/tree.c | 2 +- qcheck.c | 2 +- qmanifest.c | 31 +++++++++---------------------- qmerge.c | 4 ++-- qpkg.c | 2 +- qtegrity.c | 4 ++-- 8 files changed, 26 insertions(+), 59 deletions(-) diff --git a/libq/hash.c b/libq/hash.c index b5aec469..4a1202a1 100644 --- a/libq/hash.c +++ b/libq/hash.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2020 Gentoo Foundation + * Copyright 2018-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2018- Fabian Groffen - @@ -15,7 +15,6 @@ #ifdef HAVE_SSL # include # include -# include #else # include "hash_md5_sha1.h" #endif @@ -120,7 +119,6 @@ hash_multiple_file_fd( char *sha1, char *sha256, char *sha512, - char *whrlpl, char *blak2b, size_t *flen, int hashes) @@ -133,13 +131,11 @@ hash_multiple_file_fd( SHA_CTX s1; SHA256_CTX s256; SHA512_CTX s512; - WHIRLPOOL_CTX whrl; #else struct md5_ctx_t m5; struct sha1_ctx_t s1; (void)sha256; (void)sha512; - (void)whrlpl; #endif #ifdef HAVE_BLAKE2B blake2b_state bl2b; @@ -156,7 +152,6 @@ hash_multiple_file_fd( SHA1_Init(&s1); SHA256_Init(&s256); SHA512_Init(&s512); - WHIRLPOOL_Init(&whrl); #else md5_begin(&m5); sha1_begin(&s1); @@ -190,11 +185,6 @@ hash_multiple_file_fd( if (hashes & HASH_SHA512) SHA512_Update(&s512, data, len); } -#pragma omp section - { - if (hashes & HASH_WHIRLPOOL) - WHIRLPOOL_Update(&whrl, data, len); - } #else #pragma omp section { @@ -253,14 +243,6 @@ hash_multiple_file_fd( hash_hex(sha512, sha512buf, SHA512_DIGEST_LENGTH); } } -#pragma omp section - { - if (hashes & HASH_WHIRLPOOL) { - unsigned char whrlplbuf[WHIRLPOOL_DIGEST_LENGTH]; - WHIRLPOOL_Final(whrlplbuf, &whrl); - hash_hex(whrlpl, whrlplbuf, WHIRLPOOL_DIGEST_LENGTH); - } - } #else #pragma omp section { @@ -303,7 +285,6 @@ hash_multiple_file_at_cb( char *sha1, char *sha256, char *sha512, - char *whrlpl, char *blak2b, size_t *flen, int hashes) @@ -321,7 +302,7 @@ hash_multiple_file_at_cb( } ret = hash_multiple_file_fd(fd, md5, sha1, sha256, sha512, - whrlpl, blak2b, flen, hashes); + blak2b, flen, hashes); if (ret != 0) close(fd); @@ -340,11 +321,10 @@ hash_file_at_cb(int pfd, const char *fname, int hash, hash_cb_t cb) case HASH_SHA1: case HASH_SHA256: case HASH_SHA512: - case HASH_WHIRLPOOL: case HASH_BLAKE2B: if (hash_multiple_file_at_cb(pfd, fname, cb, _hash_file_buf, _hash_file_buf, _hash_file_buf, - _hash_file_buf, _hash_file_buf, _hash_file_buf, + _hash_file_buf, _hash_file_buf, &dummy, hash) != 0) return NULL; break; diff --git a/libq/hash.h b/libq/hash.h index f85080df..fb4ab5f2 100644 --- a/libq/hash.h +++ b/libq/hash.h @@ -18,7 +18,7 @@ enum hash_impls { HASH_SHA1 = 1<<1, HASH_SHA256 = 1<<2, HASH_SHA512 = 1<<3, - HASH_WHIRLPOOL = 1<<4, + HASH_WHIRLPOOL = 1<<4, /* removed */ HASH_BLAKE2B = 1<<5 }; @@ -32,15 +32,15 @@ typedef int (*hash_cb_t) (int, const char *); void hash_hex(char *out, const unsigned char *buf, const int length); int hash_multiple_file_fd( int fd, char *md5, char *sha1, char *sha256, char *sha512, - char *whrlpl, char *blak2b, size_t *flen, int hashes); + char *blak2b, size_t *flen, int hashes); int hash_multiple_file_at_cb( int pfd, const char *fname, hash_cb_t cb, char *md5, - char *sha1, char *sha256, char *sha512, char *whrlpl, + char *sha1, char *sha256, char *sha512, char *blak2b, size_t *flen, int hashes); -#define hash_multiple_file(f, m, s1, s2, s5, w, b, l, h) \ - hash_multiple_file_at_cb(AT_FDCWD, f, NULL, m, s1, s2, s5, w, b, l, h) -#define hash_compute_file(f, s2, s5, w, b, l, h) \ - hash_multiple_file_at_cb(AT_FDCWD, f, NULL, NULL, NULL, s2, s5, w, b, l, h) +#define hash_multiple_file(f, m, s1, s2, s5, b, l, h) \ + hash_multiple_file_at_cb(AT_FDCWD, f, NULL, m, s1, s2, s5, b, l, h) +#define hash_compute_file(f, s2, s5, b, l, h) \ + hash_multiple_file_at_cb(AT_FDCWD, f, NULL, NULL, NULL, s2, s5, b, l, h) char *hash_file_at_cb(int pfd, const char *filename, int hash_algo, hash_cb_t cb); #define hash_file(f, h) hash_file_at_cb(AT_FDCWD, f, h, NULL) #define hash_file_at(fd, f, h) hash_file_at_cb(fd, f, h, NULL) diff --git a/libq/tree.c b/libq/tree.c index 1922b7d1..15d82674 100644 --- a/libq/tree.c +++ b/libq/tree.c @@ -1075,7 +1075,7 @@ tree_read_file_binpkg(tree_pkg_ctx *pkg_ctx) lseek(newfd, 0, SEEK_SET); /* reposition at the whole file */ if (hash_multiple_file_fd(newfd, NULL, m->Q_SHA1, NULL, NULL, - NULL, NULL, &fsize, HASH_SHA1) == 0) + NULL, &fsize, HASH_SHA1) == 0) snprintf(m->Q_SIZE, 19 + 1, "%zu", fsize); } diff --git a/qcheck.c b/qcheck.c index 813c1f79..7c1fd0e5 100644 --- a/qcheck.c +++ b/qcheck.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2022 Gentoo Foundation + * Copyright 2005-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2005-2010 Ned Ludd - diff --git a/qmanifest.c b/qmanifest.c index 72d63625..2bb0f11c 100644 --- a/qmanifest.c +++ b/qmanifest.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 Gentoo Foundation + * Copyright 2018-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2018- Fabian Groffen - @@ -30,7 +30,6 @@ #include #include #include -#include #include #include #include @@ -188,7 +187,6 @@ write_hashes( size_t flen = 0; char sha256[(SHA256_DIGEST_LENGTH * 2) + 1]; char sha512[(SHA512_DIGEST_LENGTH * 2) + 1]; - char whrlpl[(WHIRLPOOL_DIGEST_LENGTH * 2) + 1]; char blak2b[(BLAKE2B_OUTBYTES * 2) + 1]; char data[8192]; char fname[8192]; @@ -202,7 +200,7 @@ write_hashes( update_times(tv, &s); - hash_compute_file(fname, sha256, sha512, whrlpl, blak2b, &flen, hashes); + hash_compute_file(fname, sha256, sha512, blak2b, &flen, hashes); len = snprintf(data, sizeof(data), "%s %s %zd", type, name, flen); if (hashes & HASH_BLAKE2B) @@ -214,9 +212,6 @@ write_hashes( if (hashes & HASH_SHA512) len += snprintf(data + len, sizeof(data) - len, " SHA512 %s", sha512); - if (hashes & HASH_WHIRLPOOL) - len += snprintf(data + len, sizeof(data) - len, - " WHIRLPOOL %s", whrlpl); len += snprintf(data + len, sizeof(data) - len, "\n"); if (m != NULL) @@ -1034,7 +1029,6 @@ verify_file(const char *dir, char *mfline, const char *mfest, verify_msg **msgs) size_t flen = 0; char sha256[(SHA256_DIGEST_LENGTH * 2) + 1]; char sha512[(SHA512_DIGEST_LENGTH * 2) + 1]; - char whrlpl[(WHIRLPOOL_DIGEST_LENGTH * 2) + 1]; char blak2b[(BLAKE2B_OUTBYTES * 2) + 1]; char ret = 0; @@ -1065,9 +1059,9 @@ verify_file(const char *dir, char *mfline, const char *mfest, verify_msg **msgs) return 1; } - sha256[0] = sha512[0] = whrlpl[0] = blak2b[0] = '\0'; + sha256[0] = sha512[0] = blak2b[0] = '\0'; snprintf(buf, sizeof(buf), "%s/%s", dir, path); - hash_compute_file(buf, sha256, sha512, whrlpl, blak2b, &flen, hashes); + hash_compute_file(buf, sha256, sha512, blak2b, &flen, hashes); if (flen == 0) { msgs_add(msgs, mfest, path, "cannot open file!"); @@ -1139,15 +1133,12 @@ verify_file(const char *dir, char *mfline, const char *mfest, verify_msg **msgs) msgs_add(msgs, mfest, path, "hash WHIRLPOOL is not " "enabled for this repository"); - } else if (strcmp(hash, whrlpl) != 0) { - msgs_add(msgs, mfest, path, - "WHIRLPOOL hash mismatch\n" - "computed: '%s'\n" - "Manifest: '%s'", - whrlpl, hash); - ret = 1; + } else { + if (strict) + msgs_add(msgs, mfest, path, + "hash WHIRLPOOL is not " + "supported by qmanifest"); } - whrlpl[0] = '\0'; } else if (strcmp(hashtype, "BLAKE2B") == 0) { if (!(hashes & HASH_BLAKE2B)) { if (strict) @@ -1177,10 +1168,6 @@ verify_file(const char *dir, char *mfline, const char *mfest, verify_msg **msgs) msgs_add(msgs, mfest, path, "missing hash: SHA512"); ret = 1; } - if (whrlpl[0] != '\0') { - msgs_add(msgs, mfest, path, "missing hash: WHIRLPOOL"); - ret = 1; - } if (blak2b[0] != '\0') { msgs_add(msgs, mfest, path, "missing hash: BLAKE2B"); ret = 1; diff --git a/qmerge.c b/qmerge.c index cbf94e6d..b16b4b59 100644 --- a/qmerge.c +++ b/qmerge.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2022 Gentoo Authors + * Copyright 2005-2024 Gentoo Authors * Distributed under the terms of the GNU General Public License v2 * * Copyright 2005-2010 Ned Ludd - @@ -1806,7 +1806,7 @@ pkg_verify_checksums( size_t flen; int mlen; - if (hash_multiple_file(pkg->path, md5, sha1, NULL, NULL, NULL, NULL, + if (hash_multiple_file(pkg->path, md5, sha1, NULL, NULL, NULL, &flen, HASH_MD5 | HASH_SHA1) == -1) errf("failed to compute hashes for %s: %s\n", atom_to_string(pkg->atom), strerror(errno)); diff --git a/qpkg.c b/qpkg.c index 7da0263d..c165989a 100644 --- a/qpkg.c +++ b/qpkg.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2020 Gentoo Foundation + * Copyright 2005-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2005-2010 Ned Ludd - diff --git a/qtegrity.c b/qtegrity.c index 19fd5094..0a8989b9 100644 --- a/qtegrity.c +++ b/qtegrity.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2019 Gentoo Foundation + * Copyright 2005-2024 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2005-2010 Ned Ludd - @@ -77,7 +77,7 @@ check_sha(char *ret_digest, char *path, char *algo) return; } - hash_compute_file(path, ret_digest, ret_digest, NULL, NULL, &flen, hashes); + hash_compute_file(path, ret_digest, ret_digest, NULL, &flen, hashes); (void)flen; /* we don't use the file size */ return; -- cgit v1.2.3-65-gdbad