From 2289b1f2e8f8a7caf74eae50a8a65257fd67c626 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Thu, 19 Feb 2015 17:55:05 -0800 Subject: [PATCH] Replace unsupported hashes with supported Remote md5 and sha1 hashes which are not supported by distribution. Add more secure hashes sha384 and sha512. Signed-off-by: Derek McGowan (github: dmcgowan) --- digest/digest.go | 2 +- digest/digest_test.go | 6 +++--- digest/verifiers.go | 13 ++++++------- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/digest/digest.go b/digest/digest.go index 3c5ae403..efbe49bd 100644 --- a/digest/digest.go +++ b/digest/digest.go @@ -123,7 +123,7 @@ func (d Digest) Validate() error { } switch s[:i] { - case "md5", "sha1", "sha256": + case "sha256", "sha384", "sha512": break default: return ErrDigestUnsupported diff --git a/digest/digest_test.go b/digest/digest_test.go index 9c1e70e5..52da0333 100644 --- a/digest/digest_test.go +++ b/digest/digest_test.go @@ -34,9 +34,9 @@ func TestParseDigest(t *testing.T) { hex: "e58fcf7418d4390dec8e8fb69d88c06ec07039d651fedd3aa72af9972e7d046b", }, { - input: "md5:d41d8cd98f00b204e9800998ecf8427e", - algorithm: "md5", - hex: "d41d8cd98f00b204e9800998ecf8427e", + input: "sha384:d3fc7881460b7e22e3d172954463dddd7866d17597e7248453c48b3e9d26d9596bf9c4a9cf8072c9d5bad76e19af801d", + algorithm: "sha384", + hex: "d3fc7881460b7e22e3d172954463dddd7866d17597e7248453c48b3e9d26d9596bf9c4a9cf8072c9d5bad76e19af801d", }, { // empty hex diff --git a/digest/verifiers.go b/digest/verifiers.go index 26b2b2b2..59b16446 100644 --- a/digest/verifiers.go +++ b/digest/verifiers.go @@ -1,9 +1,8 @@ package digest import ( - "crypto/md5" - "crypto/sha1" "crypto/sha256" + "crypto/sha512" "hash" "io" "io/ioutil" @@ -32,7 +31,7 @@ type Verifier interface { func NewDigestVerifier(d Digest) Verifier { alg := d.Algorithm() switch alg { - case "md5", "sha1", "sha256": + case "sha256", "sha384", "sha512": return hashVerifier{ hash: newHash(alg), digest: d, @@ -97,10 +96,10 @@ func newHash(name string) hash.Hash { switch name { case "sha256": return sha256.New() - case "sha1": - return sha1.New() - case "md5": - return md5.New() + case "sha384": + return sha512.New384() + case "sha512": + return sha512.New() default: panic("unsupport algorithm: " + name) }