[vlc-commits] update: sha1 is not mandatory anymore

Rafaël Carré git at videolan.org
Sun May 11 13:13:41 CEST 2014 

vlc | branch: master | Rafaël Carré <funman at videolan.org> | Sun May 11 13:12:30 2014 +0200| [db8f517649bb57eefd71076fb60735bd136c7dee] | committer: Rafaël Carré

update: sha1 is not mandatory anymore

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=db8f517649bb57eefd71076fb60735bd136c7dee
---

 src/misc/update.c        |   12 ++++++------
 src/misc/update.h        |   35 +++++++++--------------------------
 src/misc/update_crypto.c |   20 ++++++++++----------
 3 files changed, 25 insertions(+), 42 deletions(-)

diff --git a/src/misc/update.c b/src/misc/update.c
index cefb6e3..b00eb27 100644
--- a/src/misc/update.c
+++ b/src/misc/update.c
@@ -307,7 +307,7 @@ static bool GetUpdateFile( update_t *p_update )
             goto error;
         }
 
-        uint8_t *p_hash = hash_sha1_from_public_key( p_new_pkey );
+        uint8_t *p_hash = hash_from_public_key( p_new_pkey );
         if( !p_hash )
         {
             msg_Err( p_update->p_libvlc, "Failed to hash signature" );
@@ -332,17 +332,17 @@ static bool GetUpdateFile( update_t *p_update )
         }
     }
 
-    uint8_t *p_hash = hash_sha1_from_text( psz_update_data, &sign );
+    uint8_t *p_hash = hash_from_text( psz_update_data, &sign );
     if( !p_hash )
     {
-        msg_Warn( p_update->p_libvlc, "Can't compute SHA1 hash for status file" );
+        msg_Warn( p_update->p_libvlc, "Can't compute hash for status file" );
         goto error;
     }
 
     else if( p_hash[0] != sign.hash_verification[0] ||
         p_hash[1] != sign.hash_verification[1] )
     {
-        msg_Warn( p_update->p_libvlc, "Bad SHA1 hash for status file" );
+        msg_Warn( p_update->p_libvlc, "Bad hash for status file" );
         free( p_hash );
         goto error;
     }
@@ -671,7 +671,7 @@ static void* update_DownloadReal( void *obj )
         goto end;
     }
 
-    uint8_t *p_hash = hash_sha1_from_file( psz_destfile, &sign );
+    uint8_t *p_hash = hash_from_file( psz_destfile, &sign );
     if( !p_hash )
     {
         msg_Err( p_udt, "Unable to hash %s", psz_destfile );
@@ -691,7 +691,7 @@ static void* update_DownloadReal( void *obj )
         dialog_FatalWait( p_udt, _("File corrupted"),
             _("Downloaded file \"%s\" was corrupted. Thus, it was deleted."),
              psz_destfile );
-        msg_Err( p_udt, "Bad SHA1 hash for %s", psz_destfile );
+        msg_Err( p_udt, "Bad hash for %s", psz_destfile );
         free( p_hash );
         goto end;
     }
diff --git a/src/misc/update.h b/src/misc/update.h
index ed9f71a..906b056 100644
--- a/src/misc/update.h
+++ b/src/misc/update.h
@@ -20,23 +20,6 @@
  * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
  *****************************************************************************/
 
-/* Go reading the rfc 4880 ! NOW !! */
-
-/*
- * XXX
- *  When PGP-signing a file, we only sign a SHA-1 hash of this file
- *  The DSA key size requires that we use an algorithm which produce
- *  a 160 bits long hash
- *  An alternative is RIPEMD160 , which you can use by giving the option
- *      --digest-algo RIPEMD160 to GnuPG
- *
- *  As soon as SHA-1 is broken, this method is not secure anymore, because an
- *  attacker could generate a file with the same SHA-1 hash.
- *
- *  Whenever this happens, we need to use another algorithm / type of key.
- * XXX
- */
-
 #include <vlc_update.h>
 #include <vlc_atomic.h>
 
@@ -65,7 +48,7 @@ enum    /* Signature subpacket types */
 };
 
 struct public_key_packet_t
-{ /* a public key packet (DSA/SHA-1) is 418 bytes */
+{ /* a public key packet (DSA) is 418 bytes */
 
     uint8_t version;      /* we use only version 4 */
     uint8_t timestamp[4]; /* creation time of the key */
@@ -84,7 +67,7 @@ struct signature_packet_t
 
     uint8_t type;
     uint8_t public_key_algo;    /* DSA only */
-    uint8_t digest_algo;        /* SHA-1 only */
+    uint8_t digest_algo;
 
     uint8_t hash_verification[2];
     uint8_t issuer_longid[8];
@@ -191,7 +174,7 @@ parse_public_key(
         const uint8_t *p_sig_issuer );
 
 /*
- * Verify an OpenPGP signature made on some SHA-1 hash, with some DSA public key
+ * Verify an OpenPGP signature made on some hash, with some DSA public key
  */
 int
 verify_signature(signature_packet_t *sign, public_key_packet_t *p_key,
@@ -206,21 +189,21 @@ download_signature(
         vlc_object_t *p_this, signature_packet_t *p_sig, const char *psz_url );
 
 /*
- * return a sha1 hash of a text
+ * return a hash of a text
  */
 uint8_t *
-hash_sha1_from_text(
+hash_from_text(
         const char *psz_text, signature_packet_t *p_sig );
 
 /*
- * return a sha1 hash of a file
+ * return a hash of a file
  */
 uint8_t *
-hash_sha1_from_file(
+hash_from_file(
         const char *psz_file, signature_packet_t *p_sig );
 
 /*
- * return a sha1 hash of a public key
+ * return a hash of a public key
  */
 uint8_t *
-hash_sha1_from_public_key( public_key_t *p_pkey );
+hash_from_public_key( public_key_t *p_pkey );
diff --git a/src/misc/update_crypto.c b/src/misc/update_crypto.c
index 3555f4f..97b55c6 100644
--- a/src/misc/update_crypto.c
+++ b/src/misc/update_crypto.c
@@ -1,5 +1,5 @@
 /*****************************************************************************
- * update_crypto.c: DSA/SHA1 related functions used for updating
+ * update_crypto.c: DSA related functions used for updating
  *****************************************************************************
  * Copyright © 2008-2009 VLC authors and VideoLAN
  * $Id$
@@ -158,7 +158,7 @@ static size_t parse_signature_v3_packet( signature_packet_t *p_sig,
 
 /*
  * fill a signature_packet_v4_t from signature packet data
- * verify that it was used with a DSA public key, using SHA-1 digest
+ * verify that it was used with a DSA public key
  */
 static size_t parse_signature_v4_packet( signature_packet_t *p_sig,
                                       const uint8_t *p_buf, size_t i_sig_len )
@@ -412,12 +412,12 @@ static int pgp_unarmor( const char *p_ibuf, size_t i_ibuf_len,
 
 
 /*
- * Verify an OpenPGP signature made on some SHA-1 hash, with some DSA public key
+ * Verify an OpenPGP signature made with some DSA public key
  */
 int verify_signature( signature_packet_t *sign, public_key_packet_t *p_key,
                       uint8_t *p_hash )
 {
-    /* the data to be verified (a SHA-1 hash) */
+    /* the data to be verified (a hash) */
     const char *hash_sexp_s = "(data(flags raw)(value %m))";
     /* the public key */
     const char *key_sexp_s = "(public-key(dsa(p %m)(q %m)(g %m)(y %m)))";
@@ -668,9 +668,9 @@ static uint8_t *hash_finish( gcry_md_hd_t hd, signature_packet_t *p_sig )
 
 
 /*
- * return a sha1 hash of a text
+ * return a hash of a text
  */
-uint8_t *hash_sha1_from_text( const char *psz_string,
+uint8_t *hash_from_text( const char *psz_string,
         signature_packet_t *p_sig )
 {
     gcry_md_hd_t hd;
@@ -703,9 +703,9 @@ uint8_t *hash_sha1_from_text( const char *psz_string,
 
 
 /*
- * return a sha1 hash of a file
+ * return a hash of a file
  */
-uint8_t *hash_sha1_from_file( const char *psz_file, signature_packet_t *p_sig )
+uint8_t *hash_from_file( const char *psz_file, signature_packet_t *p_sig )
 {
     gcry_md_hd_t hd;
     if( gcry_md_open( &hd, p_sig->digest_algo, 0 ) )
@@ -722,10 +722,10 @@ uint8_t *hash_sha1_from_file( const char *psz_file, signature_packet_t *p_sig )
 
 
 /*
- * Generate a SHA1 hash on a public key, to verify a signature made on that hash
+ * Generate a hash on a public key, to verify a signature made on that hash
  * Note that we need the signature (v4) to compute the hash
  */
-uint8_t *hash_sha1_from_public_key( public_key_t *p_pkey )
+uint8_t *hash_from_public_key( public_key_t *p_pkey )
 {
     if( p_pkey->sig.version != 4 )
         return NULL;

More information about the vlc-commits mailing list