* NEWS: Mention the bug.
* src/digest.c (split_3): Check that the base64 digest matches the
length supported by the algorithm.
(digest_check): Check that the read digest matches the base64 length of
the algorithm's digest. The previous condition would not work for
'cksum -a blake2b -l 8 ...'.
* tests/cksum/cksum-base64-untagged.sh: New file.
* tests/local.mk (all_tests): Add the new test.
`basenc --base58` would not operate correctly with input > 15561475 bytes.
[bug introduced with --base58 in coreutils-9.8]
+ 'cksum --check' now supports base64 encoded input in untagged format,
+ for all length adjustable algorithms (blake2b, sha2, sha3).
+ [bug introduced in coreutils-9.2]
+
'tail' outputs the correct number of lines again for non-small -n values.
Previously it may have output too few lines.
[bug introduced in coreutils-9.8]
# endif
unsigned char const *hp = *digest;
digest_hex_bytes = 0;
- while (c_isxdigit (*hp++))
- digest_hex_bytes++;
+ for (; c_isxdigit (*hp); ++hp, ++digest_hex_bytes)
+ ;
# if HASH_ALGO_CKSUM
+ /* Check the number of base64 characters. This works because the hexadecimal
+ character set is a subset of the base64 character set. */
+ size_t digest_base64_bytes = digest_hex_bytes;
+ size_t trailing_equals = 0;
+ for (; isubase64 (*hp); ++hp, ++digest_base64_bytes)
+ ;
+ for (; *hp == '='; ++hp, ++trailing_equals)
+ ;
if ((cksum_algorithm == sha2 || cksum_algorithm == sha3)
&& digest_hex_bytes / 2 != SHA224_DIGEST_SIZE
&& digest_hex_bytes / 2 != SHA256_DIGEST_SIZE
&& digest_hex_bytes / 2 != SHA384_DIGEST_SIZE
&& digest_hex_bytes / 2 != SHA512_DIGEST_SIZE)
- return false;
+ {
+ if (digest_base64_bytes + trailing_equals
+ == BASE64_LENGTH (SHA224_DIGEST_SIZE))
+ digest_hex_bytes = SHA224_DIGEST_SIZE * 2;
+ else if (digest_base64_bytes + trailing_equals
+ == BASE64_LENGTH (SHA256_DIGEST_SIZE))
+ digest_hex_bytes = SHA256_DIGEST_SIZE * 2;
+ else if (digest_base64_bytes + trailing_equals
+ == BASE64_LENGTH (SHA384_DIGEST_SIZE))
+ digest_hex_bytes = SHA384_DIGEST_SIZE * 2;
+ else if (digest_base64_bytes + trailing_equals
+ == BASE64_LENGTH (SHA512_DIGEST_SIZE))
+ digest_hex_bytes = SHA512_DIGEST_SIZE * 2;
+ else
+ return false;
+ }
+ else if (cksum_algorithm == blake2b
+ && digest_hex_bytes < digest_base64_bytes)
+ {
+ for (int j = 8; j <= DIGEST_MAX_LEN * 8; j += 8)
+ {
+ if (BASE64_LENGTH (j / 8) == digest_base64_bytes + trailing_equals
+ && j % 3 == trailing_equals)
+ {
+ digest_hex_bytes = j / 4;
+ break;
+ }
+ }
+ }
# endif
if (digest_hex_bytes < 2 || digest_hex_bytes % 2
|| DIGEST_MAX_LEN * 2 < digest_hex_bytes)
{
bool match = false;
#if HASH_ALGO_CKSUM
- if (d_len < digest_hex_bytes)
+ if (d_len == BASE64_LENGTH (digest_length / 8))
match = b64_equal (digest, bin_buffer);
else
#endif
--- /dev/null
+#!/bin/sh
+# Test that cksum can guess the digest length from base64 checksums.
+
+# Copyright (C) 2025 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ cksum
+
+echo 'test input' > inp
+echo 'inp: OK' > expout
+echo 'cksum: truncated: no properly formatted checksum lines found' > experr
+
+for algorithm in sha2 sha3; do
+ for length in 224 256 384 512; do
+ # Create files with base64 checksums in the untagged format.
+ cksum -a $algorithm --length $length --base64 --untagged inp \
+ > check || fail=1
+ # Check that the length can be determined from the base64 checksum.
+ cksum -a $algorithm --check check > out || fail=1
+ compare expout out || fail=1
+ # Check that only valid lengths are supported.
+ sed 's|[a-zA-Z0-9+/=] inp$| inp|g' check > truncated || fail=1
+ returns_ 1 cksum -a $algorithm --check truncated 2> err || fail=1
+ compare experr err || fail=1
+ done
+done
+
+for length in 8 216 224 232 248 256 264 376 384 392 504 512; do
+ # Create files with base64 checksums in the untagged format.
+ cksum -a blake2b --length $length --base64 --untagged inp \
+ > check || fail=1
+ # Check that the length can be determined from the base64 checksum.
+ cksum -a blake2b --check check > out || fail=1
+ compare expout out || fail=1
+done
+
+Exit $fail
tests/cksum/cksum-a.sh \
tests/cksum/cksum-c.sh \
tests/cksum/cksum-base64.pl \
+ tests/cksum/cksum-base64-untagged.sh \
tests/cksum/cksum-raw.sh \
tests/misc/comm.pl \
tests/csplit/csplit.sh \
projects / thirdparty / coreutils.git / commitdiff
