veriexecgen

Sevan Janiyan Sat, 09 Sep 2017 14:28:33 -0700

Module Name:    src
Committed By:   sevan
Date:           Sat Sep  9 21:27:23 UTC 2017


Modified Files:
        src/usr.sbin/veriexecgen: veriexecgen.8 veriexecgen.c

Log Message:
Remove the ability to generate a signature database with the hash algorithms
MD5, SHA1 & RMD160 which are either broken or on their way to being broken.

Discussed on tech-security
http://mail-index.netbsd.org/tech-security/2017/08/21/msg000936.html

ok riastradh


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/usr.sbin/veriexecgen/veriexecgen.8 \
    src/usr.sbin/veriexecgen/veriexecgen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.sbin/veriexecgen/veriexecgen.8
diff -u src/usr.sbin/veriexecgen/veriexecgen.8:1.17 src/usr.sbin/veriexecgen/veriexecgen.8:1.18
--- src/usr.sbin/veriexecgen/veriexecgen.8:1.17	Thu Apr 28 11:24:28 2011
+++ src/usr.sbin/veriexecgen/veriexecgen.8	Sat Sep  9 21:27:23 2017
@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexecgen.8,v 1.17 2011/04/28 11:24:28 wiz Exp $
+.\" $NetBSD: veriexecgen.8,v 1.18 2017/09/09 21:27:23 sevan Exp $
 .\"
 .\" Copyright (c) 2006 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd February 18, 2008
+.Dd September 9, 2017
 .Dt VERIEXECGEN 8
 .Os
 .Sh NAME
@@ -102,13 +102,9 @@ Use
 .Ar algorithm
 for the fingerprints.
 Must be one of
-.Dq md5 ,
-.Dq sha1 ,
 .Dq sha256 ,
 .Dq sha384 ,
 .Dq sha512 ,
-or
-.Dq rmd160 .
 .It Fl v
 Verbose mode.
 Print messages describing what operations are being done.
@@ -147,11 +143,11 @@ appending to the default fingerprint dat
 .Pp
 Fingerprint files in
 .Pa /path/to/somewhere using
-.Dq rmd160
+.Dq sha512
 as the hashing algorithm, saving to
 .Pa /etc/somewhere.fp :
 .Bd -literal -offset indent
-# veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp
+# veriexecgen -d /path/to/somewhere -t sha512 -o /etc/somewhere.fp
 .Ed
 .Sh SEE ALSO
 .Xr veriexec 4 ,
Index: src/usr.sbin/veriexecgen/veriexecgen.c
diff -u src/usr.sbin/veriexecgen/veriexecgen.c:1.17 src/usr.sbin/veriexecgen/veriexecgen.c:1.18
--- src/usr.sbin/veriexecgen/veriexecgen.c:1.17	Fri Aug 21 04:09:41 2009
+++ src/usr.sbin/veriexecgen/veriexecgen.c	Sat Sep  9 21:27:23 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: veriexecgen.c,v 1.17 2009/08/21 04:09:41 elad Exp $ */
+/* $NetBSD: veriexecgen.c,v 1.18 2017/09/09 21:27:23 sevan Exp $ */
 
 /*-
  * Copyright (c) 2006 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
 
 #ifndef lint
 #ifdef __RCSID
-__RCSID("$NetBSD: veriexecgen.c,v 1.17 2009/08/21 04:09:41 elad Exp $");
+__RCSID("$NetBSD: veriexecgen.c,v 1.18 2017/09/09 21:27:23 sevan Exp $");
 #endif
 #endif /* not lint */
 
@@ -57,10 +57,7 @@ __RCSID("$NetBSD: veriexecgen.c,v 1.17 2
 #include <unistd.h>
 #include <util.h>
 
-#include <md5.h>
-#include <sha1.h>
 #include <sha2.h>
-#include <rmd160.h>
 
 #define IS_EXEC(mode) ((mode) & (S_IXUSR | S_IXGRP | S_IXOTH))
 
@@ -100,12 +97,9 @@ TAILQ_HEAD(, fentry) fehead;
 
 /* define the possible hash algorithms */
 static hash_t	 hashes[] = {
-	{ "MD5", MD5File },
-	{ "SHA1", SHA1File },
 	{ "SHA256", SHA256_File },
 	{ "SHA384", SHA384_File },
 	{ "SHA512", SHA512_File },
-	{ "RMD160", RMD160File },
 	{ NULL, NULL },
 };

CVS commit: src/usr.sbin/veriexecgen

Reply via email to