offscale
diff --git a/‎acquire/acquire_checksums.h‎
Lines changed: 7 additions & 6 deletions b/‎acquire/acquire_checksums.h‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎acquire/acquire_common_defs.h‎
Lines changed: 1 addition & 0 deletions b/‎acquire/acquire_common_defs.h‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎acquire/acquire_libcurl.h‎
Lines changed: 5 additions & 1 deletion b/‎acquire/acquire_libcurl.h‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎acquire/acquire_libfetch.h‎
Lines changed: 5 additions & 1 deletion b/‎acquire/acquire_libfetch.h‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎acquire/acquire_librhash.h‎
Lines changed: 12 additions & 8 deletions b/‎acquire/acquire_librhash.h‎
Lines changed: 12 additions & 8 deletions
diff --git a/‎acquire/acquire_openssl.h‎
Lines changed: 31 additions & 16 deletions b/‎acquire/acquire_openssl.h‎
Lines changed: 31 additions & 16 deletions
diff --git a/‎acquire/acquire_wininet.h‎
Lines changed: 5 additions & 1 deletion b/‎acquire/acquire_wininet.h‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎acquire/cli/cli.c‎
Lines changed: 0 additions & 3 deletions b/‎acquire/cli/cli.c‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎acquire/tests/test_checksum.h‎
Lines changed: 37 additions & 1 deletion b/‎acquire/tests/test_checksum.h‎
Lines changed: 37 additions & 1 deletion
@@ -54,7 +54,7 @@ int acquire_verify_async_start(struct acquire_handle *handle,
   if (!handle || !filepath || !expected_hash) {
     if (handle)
       acquire_handle_set_error(handle, ACQUIRE_ERROR_INVALID_ARGUMENT,
-                               "Invalid arguments");
+                               "Invalid arguments provided for verification");
     return -1;
   }
   handle->active_backend = ACQUIRE_BACKEND_NONE;
@@ -99,8 +99,9 @@ int acquire_verify_async_start(struct acquire_handle *handle,
   if (handle->error.code != ACQUIRE_OK)
     return -1;
 #endif /* defined(LIBACQUIRE_USE_CRC32C) && LIBACQUIRE_USE_CRC32C */
-  acquire_handle_set_error(handle, ACQUIRE_ERROR_UNSUPPORTED_CHECKSUM_FORMAT,
-                           "Unsupported checksum or no backend");
+  acquire_handle_set_error(
+      handle, ACQUIRE_ERROR_UNSUPPORTED_CHECKSUM_FORMAT,
+      "Unsupported checksum algorithm or no backend available");
   return -1;
 }
 
@@ -130,7 +131,7 @@ enum acquire_status acquire_verify_async_poll(struct acquire_handle *handle) {
     if (handle->status != ACQUIRE_IN_PROGRESS)
       return handle->status;
     acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN,
-                             "No active backend");
+                             "No active backend for checksum operation");
     return ACQUIRE_ERROR;
   }
 }
@@ -149,9 +150,9 @@ int acquire_verify_sync(struct acquire_handle *handle, const char *filepath,
   do {
     status = acquire_verify_async_poll(handle);
 #if defined(WIN32) || defined(_WIN32) || defined(__WIN32__) || defined(__NT__)
-    Sleep(100); /* 100ms */
+    Sleep(10); /* 10ms poll interval */
 #else
-    usleep(100000); /* 100ms */
+    usleep(10000); /* 10ms poll interval */
 #endif
   } while (status == ACQUIRE_IN_PROGRESS);
   return (status == ACQUIRE_COMPLETE) ? 0 : -1;
 
@@ -11,6 +11,7 @@ enum Checksum {
   LIBACQUIRE_CRC32C,
   LIBACQUIRE_SHA256,
   LIBACQUIRE_SHA512,
+  LIBACQUIRE_INVALID_CHECKSUM,
   LIBACQUIRE_UNSUPPORTED_CHECKSUM
 };
 
 
@@ -114,8 +114,12 @@ int acquire_download_sync(struct acquire_handle *handle, const char *url,
 int acquire_download_async_start(struct acquire_handle *handle, const char *url,
                                  const char *dest_path) {
   struct curl_backend *be;
-  if (!handle)
+  if (!handle || !url || !dest_path) {
+    if (handle)
+      acquire_handle_set_error(handle, ACQUIRE_ERROR_INVALID_ARGUMENT,
+                               "Invalid arguments");
     return -1;
+  }
 
   be = (struct curl_backend *)calloc(1, sizeof(struct curl_backend));
   if (!be) {
 
@@ -121,8 +121,12 @@ int acquire_download_sync(struct acquire_handle *handle, const char *url,
  */
 int acquire_download_async_start(struct acquire_handle *handle, const char *url,
                                  const char *dest_path) {
-  if (handle == NULL)
+  if (!handle || !url || !dest_path) {
+    if (handle)
+      acquire_handle_set_error(handle, ACQUIRE_ERROR_INVALID_ARGUMENT,
+                               "Invalid arguments");
     return -1;
+  }
   handle->status = ACQUIRE_IN_PROGRESS;
   /* This implementation is blocking, all work done here. */
   return acquire_download_sync(handle, url, dest_path);
 
@@ -82,7 +82,8 @@ int _librhash_verify_async_start(struct acquire_handle *handle,
   default:
     return -1;
   }
-  if (strlen(expected_hash) != expected_len) {
+  if (strlen(expected_hash) != expected_len &&
+      !(algorithm == LIBACQUIRE_SHA512 && strlen(expected_hash) == 128)) {
     acquire_handle_set_error(handle, ACQUIRE_ERROR_UNSUPPORTED_CHECKSUM_FORMAT,
                              "Invalid hash length for selected algorithm");
     return -1;
@@ -93,7 +94,8 @@ int _librhash_verify_async_start(struct acquire_handle *handle,
   }
   be = (struct rhash_backend *)calloc(1, sizeof(struct rhash_backend));
   if (!be) {
-    acquire_handle_set_error(handle, ACQUIRE_ERROR_OUT_OF_MEMORY, "rhash");
+    acquire_handle_set_error(handle, ACQUIRE_ERROR_OUT_OF_MEMORY,
+                             "rhash backend allocation failed");
     return -1;
   }
   be->file = fopen(filepath, "rb");
@@ -106,7 +108,8 @@ int _librhash_verify_async_start(struct acquire_handle *handle,
   be->handle = rhash_init(rhash_algo_id);
   if (!be->handle) {
     cleanup_rhash_backend(handle);
-    acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN, "rhash_init");
+    acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN,
+                             "rhash_init failed");
     return -1;
   }
   be->algorithm_id = rhash_algo_id;
@@ -125,15 +128,17 @@ enum acquire_status _librhash_verify_async_poll(struct acquire_handle *handle) {
   if (handle->status != ACQUIRE_IN_PROGRESS)
     return handle->status;
   if (handle->cancel_flag) {
-    acquire_handle_set_error(handle, ACQUIRE_ERROR_CANCELLED, "Cancelled");
+    acquire_handle_set_error(handle, ACQUIRE_ERROR_CANCELLED,
+                             "Checksum cancelled");
     cleanup_rhash_backend(handle);
     return ACQUIRE_ERROR;
   }
   be = (struct rhash_backend *)handle->backend_handle;
   bytes_read = fread(buffer, 1, sizeof(buffer), be->file);
   if (bytes_read > 0) {
     if (rhash_update(be->handle, buffer, bytes_read) < 0) {
-      acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN, "rhash_update");
+      acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN,
+                               "rhash_update failed");
     } else {
       handle->bytes_processed += bytes_read;
       return ACQUIRE_IN_PROGRESS;
@@ -148,14 +153,13 @@ enum acquire_status _librhash_verify_async_poll(struct acquire_handle *handle) {
     int digest_size = 0;
     rhash_final(be->handle, hash);
     digest_size = rhash_get_digest_size(be->algorithm_id);
-    /*rhash_print_hex(computed_hex, hash, digest_size, RHPR_DEFAULT);*/
     to_hex(computed_hex, hash, (size_t)digest_size);
     if (strncasecmp(computed_hex, be->expected_hash, digest_size * 2) == 0) {
       handle->status = ACQUIRE_COMPLETE;
     } else {
       acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN,
-                               "Hash mismatch: %s != %s", be->expected_hash,
-                               computed_hex);
+                               "Hash mismatch: expected %s, got %s",
+                               be->expected_hash, computed_hex);
     }
   }
   cleanup_rhash_backend(handle);
 
@@ -27,13 +27,15 @@ void _openssl_verify_async_cancel(struct acquire_handle *handle);
 #endif
 
 #ifdef LIBACQUIRE_IMPLEMENTATION
-#ifndef ACQUIRE_OPENSSL_IMPL_
-#define ACQUIRE_OPENSSL_IMPL_
 
 #if (defined(LIBACQUIRE_USE_COMMON_CRYPTO) && LIBACQUIRE_USE_COMMON_CRYPTO ||  \
      defined(LIBACQUIRE_USE_OPENSSL) && LIBACQUIRE_USE_OPENSSL ||              \
      defined(LIBACQUIRE_USE_LIBRESSL) && LIBACQUIRE_USE_LIBRESSL)
 
+#ifndef EVP_MAX_MD_SIZE
+#define EVP_MAX_MD_SIZE 64
+#endif /* !EVP_MAX_MD_SIZE */
+
 #include "acquire_handle.h"
 #include <errno.h>
 #include <stdlib.h>
@@ -97,7 +99,8 @@ int _openssl_verify_async_start(struct acquire_handle *handle,
   }
   be = (struct openssl_backend *)calloc(1, sizeof(struct openssl_backend));
   if (!be) {
-    acquire_handle_set_error(handle, ACQUIRE_ERROR_OUT_OF_MEMORY, "openssl");
+    acquire_handle_set_error(handle, ACQUIRE_ERROR_OUT_OF_MEMORY,
+                             "openssl backend memory allocation failed");
     return -1;
   }
   be->file = fopen(filepath, "rb");
@@ -108,7 +111,7 @@ int _openssl_verify_async_start(struct acquire_handle *handle,
     return -1;
   }
 
-#if defined(LIBACQUIRE_USE_COMMON_CRYPTO) || !LIBACQUIRE_USE_COMMON_CRYPTO
+#if defined(LIBACQUIRE_USE_COMMON_CRYPTO) && LIBACQUIRE_USE_COMMON_CRYPTO
   be->algorithm = algorithm;
   switch (algorithm) {
   case LIBACQUIRE_SHA256:
@@ -118,15 +121,21 @@ int _openssl_verify_async_start(struct acquire_handle *handle,
     CC_SHA512_Init(&be->ctx.sha512);
     break;
   default:
-    break;
+    /* Should have been caught by the switch above, but for safety: */
+    cleanup_openssl_backend(handle);
+    acquire_handle_set_error(
+        handle, ACQUIRE_ERROR_UNSUPPORTED_CHECKSUM_FORMAT,
+        "Internal error: unsupported algorithm in CommonCrypto backend");
+    return -1;
   }
 #else
   const EVP_MD *md =
       (algorithm == LIBACQUIRE_SHA256) ? EVP_sha256() : EVP_sha512();
   be->ctx = EVP_MD_CTX_new();
   if (!be->ctx || (1 != EVP_DigestInit_ex(be->ctx, md, NULL))) {
     cleanup_openssl_backend(handle);
-    acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN, "EVP init failed");
+    acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN,
+                             "EVP_DigestInit_ex failed");
     return -1;
   }
 #endif
@@ -146,7 +155,8 @@ enum acquire_status _openssl_verify_async_poll(struct acquire_handle *handle) {
   if (handle->status != ACQUIRE_IN_PROGRESS)
     return handle->status;
   if (handle->cancel_flag) {
-    acquire_handle_set_error(handle, ACQUIRE_ERROR_CANCELLED, "Cancelled");
+    acquire_handle_set_error(handle, ACQUIRE_ERROR_CANCELLED,
+                             "Checksum cancelled");
     cleanup_openssl_backend(handle);
     return ACQUIRE_ERROR;
   }
@@ -162,11 +172,14 @@ enum acquire_status _openssl_verify_async_poll(struct acquire_handle *handle) {
       CC_SHA512_Update(&be->ctx.sha512, buffer, (CC_LONG)bytes_read);
       break;
     default:
+      acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN,
+                               "Internal CC algorithm error");
       break;
     }
 #else
     if (1 != EVP_DigestUpdate(be->ctx, buffer, bytes_read))
-      acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN, "EVP_Update");
+      acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN,
+                               "EVP_DigestUpdate failed");
 #endif
     if (handle->error.code == ACQUIRE_OK) {
       handle->bytes_processed += bytes_read;
@@ -177,11 +190,11 @@ enum acquire_status _openssl_verify_async_poll(struct acquire_handle *handle) {
     acquire_handle_set_error(handle, ACQUIRE_ERROR_FILE_READ_FAILED, "%s",
                              strerror(errno));
   } else {
-    unsigned char hash[CC_SHA512_DIGEST_LENGTH];
-    char computed_hex[130];
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    char computed_hex[EVP_MAX_MD_SIZE * 2 + 1];
     unsigned int len = 0;
     int i;
-#ifdef LIBACQUIRE_USE_COMMON_CRYPTO
+#if defined(LIBACQUIRE_USE_COMMON_CRYPTO) && LIBACQUIRE_USE_COMMON_CRYPTO
     switch (be->algorithm) {
     case LIBACQUIRE_SHA256:
       len = CC_SHA256_DIGEST_LENGTH;
@@ -192,22 +205,25 @@ enum acquire_status _openssl_verify_async_poll(struct acquire_handle *handle) {
       CC_SHA512_Final(hash, &be->ctx.sha512);
       break;
     default:
+      acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN,
+                               "Internal CC algorithm error");
       break;
     }
 #else
     if (1 != EVP_DigestFinal_ex(be->ctx, hash, &len))
-      acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN, "EVP_Final");
+      acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN,
+                               "EVP_DigestFinal_ex failed");
 #endif
     if (handle->error.code == ACQUIRE_OK) {
-      for (i = 0; i < len; i++)
+      for (i = 0; (unsigned int)i < len; i++)
         sprintf(computed_hex + (i * 2), "%02x", hash[i]);
       computed_hex[len * 2] = '\0';
       if (strncasecmp(computed_hex, be->expected_hash, len * 2) == 0)
         handle->status = ACQUIRE_COMPLETE;
       else
         acquire_handle_set_error(handle, ACQUIRE_ERROR_UNKNOWN,
-                                 "Hash mismatch: %s != %s", be->expected_hash,
-                                 computed_hex);
+                                 "Hash mismatch: expected %s, got %s",
+                                 be->expected_hash, computed_hex);
     }
   }
   cleanup_openssl_backend(handle);
@@ -222,7 +238,6 @@ void _openssl_verify_async_cancel(struct acquire_handle *handle) {
           LIBACQUIRE_USE_COMMON_CRYPTO || defined(LIBACQUIRE_USE_OPENSSL) &&   \
           LIBACQUIRE_USE_OPENSSL || defined(LIBACQUIRE_USE_LIBRESSL) &&        \
           LIBACQUIRE_USE_LIBRESSL) */
-#endif /* ACQUIRE_OPENSSL_IMPL_ */
 #endif /* defined(LIBACQUIRE_IMPLEMENTATION) */
 
 #ifdef __cplusplus
 
@@ -114,8 +114,12 @@ int acquire_download_sync(struct acquire_handle *handle, const char *url,
  */
 int acquire_download_async_start(struct acquire_handle *handle, const char *url,
                                  const char *dest_path) {
-  if (handle == NULL)
+  if (!handle || !url || !dest_path) {
+    if (handle)
+      acquire_handle_set_error(handle, ACQUIRE_ERROR_INVALID_ARGUMENT,
+                               "Invalid arguments");
     return -1;
+  }
   handle->status = ACQUIRE_IN_PROGRESS;
   /* This implementation is blocking, so all work completes here. */
   return acquire_download_sync(handle, url, dest_path);
 
@@ -80,7 +80,6 @@ int docopt(struct DocoptArgs *args, int argc, char *argv[], const bool help,
       continue;
     }
 
-    /* Options with arguments */
     if (strncmp(arg, "--directory=", 12) == 0) {
       args->directory = (char *)(arg + 12);
     } else if (strcmp(arg, "-d") == 0 || strcmp(arg, "--directory") == 0) {
@@ -121,12 +120,10 @@ int docopt(struct DocoptArgs *args, int argc, char *argv[], const bool help,
       fprintf(stderr, "Unknown option: %s\n", arg);
       return EXIT_FAILURE;
     } else {
-      /* Positional argument */
       if (!url_is_set) {
         args->url = (char *)arg;
         url_is_set = 1;
       }
-      /* Note: This simple parser only handles one URL. */
     }
   }
 
 
@@ -170,6 +170,35 @@ TEST test_invalid_hash_length(void) {
   PASS();
 }
 
+#if defined(LIBACQUIRE_USE_LIBRHASH) && LIBACQUIRE_USE_LIBRHASH
+TEST test_librhash_invalid_hash_length_sha512(void) {
+  struct acquire_handle *h = acquire_handle_init();
+  int result;
+  /* SHA512 has special handling for 128 vs 129, test a different failure */
+  result = acquire_verify_sync(h, GREATEST_FILE, LIBACQUIRE_SHA512, "short");
+  ASSERT_EQ(-1, result);
+  ASSERT_EQ(ACQUIRE_ERROR_UNSUPPORTED_CHECKSUM_FORMAT,
+            acquire_handle_get_error_code(h));
+  acquire_handle_free(h);
+  PASS();
+}
+#endif
+
+#if (defined(LIBACQUIRE_USE_OPENSSL) && LIBACQUIRE_USE_OPENSSL) ||             \
+    (defined(LIBACQUIRE_USE_COMMON_CRYPTO) && LIBACQUIRE_USE_COMMON_CRYPTO)
+TEST test_openssl_unsupported_algorithm(void) {
+  struct acquire_handle *h = acquire_handle_init();
+  /* crc32c is unsupported by the openssl backend */
+  const int result = acquire_verify_sync(
+      h, GREATEST_FILE, LIBACQUIRE_INVALID_CHECKSUM, "12345678");
+  ASSERT_EQ(-1, result);
+  ASSERT_EQ(ACQUIRE_ERROR_UNSUPPORTED_CHECKSUM_FORMAT,
+            acquire_handle_get_error_code(h));
+  acquire_handle_free(h);
+  PASS();
+}
+#endif
+
 TEST test_verify_reusability(void) {
   struct acquire_handle *h = acquire_handle_init();
   int result;
@@ -198,8 +227,15 @@ TEST test_verify_reusability(void) {
 }
 
 SUITE(checksums_suite) {
-  RUN_TEST(test_invalid_hash_length);
   RUN_TEST(test_unsupported_algorithm);
+  RUN_TEST(test_invalid_hash_length);
+#if defined(LIBACQUIRE_USE_LIBRHASH) && LIBACQUIRE_USE_LIBRHASH
+  RUN_TEST(test_librhash_invalid_hash_length_sha512);
+#endif
+#if (defined(LIBACQUIRE_USE_OPENSSL) && LIBACQUIRE_USE_OPENSSL) ||             \
+    (defined(LIBACQUIRE_USE_COMMON_CRYPTO) && LIBACQUIRE_USE_COMMON_CRYPTO)
+  RUN_TEST(test_openssl_unsupported_algorithm);
+#endif
   RUN_TEST(test_verify_sync_success_sha256);
   RUN_TEST(test_verify_sync_success_sha512);
 #if defined(LIBACQUIRE_USE_LIBRHASH) && LIBACQUIRE_USE_LIBRHASH ||             \
Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,6 @@ int docopt(struct DocoptArgs args, int argc, char argv[], const bool help,`
`80`	`80`	`continue;`
`81`	`81`	`}`
`82`	`82`
`83`		`- /* Options with arguments */`
`84`	`83`	`if (strncmp(arg, "--directory=", 12) == 0) {`
`85`	`84`	`args->directory = (char *)(arg + 12);`
`86`	`85`	`} else if (strcmp(arg, "-d") == 0 \|\| strcmp(arg, "--directory") == 0) {`
`@@ -121,12 +120,10 @@ int docopt(struct DocoptArgs args, int argc, char argv[], const bool help,`
`121`	`120`	`fprintf(stderr, "Unknown option: %s\n", arg);`
`122`	`121`	`return EXIT_FAILURE;`
`123`	`122`	`} else {`
`124`		`- /* Positional argument */`
`125`	`123`	`if (!url_is_set) {`
`126`	`124`	`args->url = (char *)arg;`
`127`	`125`	`url_is_set = 1;`
`128`	`126`	`}`
`129`		`- /* Note: This simple parser only handles one URL. */`
`130`	`127`	`}`
`131`	`128`	`}`
`132`	`129`