Add support for SHA-1 and RIPEMD160, now that libmd includes them. Make

all of the hashes (including MD5) conditionalized in case we want
to turn one of them off later.

usr.sbin/mtree/Makefile

@@ -1,5 +1,5 @@
 #	From: @(#)Makefile	8.1 (Berkeley) 6/6/93
-#	$Id$
+#	$Id: Makefile,v 1.6 1997/02/22 16:07:51 peter Exp $
 
 PROG=	mtree
 SRCS=	compare.c crc.c create.c misc.c mtree.c spec.c verify.c
@@ -8,5 +8,6 @@ MAN8=	mtree.8
 
 DPADD+=	${LIBMD}
 LDADD+=	-lmd
+CFLAGS+= -DMD5 -DSHA1 -DRMD160
 
 .include <bsd.prog.mk>

usr.sbin/mtree/compare.c

@@ -36,7 +36,7 @@
 static char sccsid[] = "@(#)compare.c	8.1 (Berkeley) 6/6/93";
 #endif
 static const char rcsid[] =
-	"$Id: compare.c,v 1.9 1998/06/09 05:02:29 imp Exp $";
+	"$Id: compare.c,v 1.10 1998/08/02 14:41:34 bde Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -45,7 +45,15 @@ static const char rcsid[] =
 #include <errno.h>
 #include <fcntl.h>
 #include <fts.h>
+#ifdef MD5
 #include <md5.h>
+#endif
+#ifdef SHA1
+#include <sha.h>
+#endif
+#ifdef RMD160
+#include <ripemd.h>
+#endif
 #include <stdio.h>
 #include <time.h>
 #include <unistd.h>
@@ -207,10 +215,11 @@ typeerr:		LABEL;
 			}
 			tab = "\t";
 		}
+#ifdef MD5
 	if (s->flags & F_MD5) {
 		char *new_digest, buf[33];
 
-		new_digest = MD5File(p->fts_accpath,buf);
+		new_digest = MD5File(p->fts_accpath, buf);
 		if (!new_digest) {
 			LABEL;
 			printf("%sMD5File: %s: %s\n", tab, p->fts_accpath,
@@ -223,6 +232,43 @@ typeerr:		LABEL;
 			tab = "\t";
 		}
 	}
+#endif /* MD5 */
+#ifdef SHA1
+	if (s->flags & F_SHA1) {
+		char *new_digest, buf[41];
+
+		new_digest = SHA1_File(p->fts_accpath, buf);
+		if (!new_digest) {
+			LABEL;
+			printf("%sSHA1_File: %s: %s\n", tab, p->fts_accpath,
+			       strerror(errno));
+			tab = "\t";
+		} else if (strcmp(new_digest, s->sha1digest)) {
+			LABEL;
+			printf("%sSHA-1 (%s, %s)\n", tab, s->sha1digest,
+			       new_digest);
+			tab = "\t";
+		}
+	}
+#endif /* SHA1 */
+#ifdef RMD160
+	if (s->flags & F_RMD160) {
+		char *new_digest, buf[41];
+
+		new_digest = RIPEMD160_File(p->fts_accpath, buf);
+		if (!new_digest) {
+			LABEL;
+			printf("%sRIPEMD160_File: %s: %s\n", tab,
+			       p->fts_accpath, strerror(errno));
+			tab = "\t";
+		} else if (strcmp(new_digest, s->rmd160digest)) {
+			LABEL;
+			printf("%sRIPEMD160 (%s, %s)\n", tab, s->rmd160digest,
+			       new_digest);
+			tab = "\t";
+		}
+	}
+#endif /* RMD160 */
 
 	if (s->flags & F_SLINK && strcmp(cp = rlink(name), s->slink)) {
 		LABEL;

usr.sbin/mtree/create.c

@@ -36,7 +36,7 @@
 static char sccsid[] = "@(#)create.c	8.1 (Berkeley) 6/6/93";
 #endif
 static const char rcsid[] =
-	"$Id: create.c,v 1.12 1999/01/12 02:58:23 jkoshy Exp $";
+	"$Id: create.c,v 1.13 1999/01/18 06:58:25 jkoshy Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -47,7 +47,15 @@ static const char rcsid[] =
 #include <fcntl.h>
 #include <fts.h>
 #include <grp.h>
+#ifdef MD5
 #include <md5.h>
+#endif
+#ifdef SHA1
+#include <sha.h>
+#endif
+#ifdef RMD160
+#include <ripemd.h>
+#endif
 #include <pwd.h>
 #include <stdio.h>
 #include <time.h>
@@ -203,16 +211,42 @@ statf(indent, p)
 		(void)close(fd);
 		output(indent, &offset, "cksum=%lu", val);
 	}
+#ifdef MD5
 	if (keys & F_MD5 && S_ISREG(p->fts_statp->st_mode)) {
-		char *md5digest, buf[33];
+		char *digest, buf[33];
 
-		md5digest = MD5File(p->fts_accpath,buf);
+		digest = MD5File(p->fts_accpath, buf);
-		if (!md5digest) {
+		if (!digest) {
 			err(1, "line %d: %s", lineno, p->fts_accpath);
 		} else {
-			output(indent, &offset, "md5digest=%s", md5digest);
+			output(indent, &offset, "md5digest=%s", digest);
 		}
 	}
+#endif /* MD5 */
+#ifdef SHA1
+	if (keys & F_SHA1 && S_ISREG(p->fts_statp->st_mode)) {
+		char *digest, buf[41];
+
+		digest = SHA1_File(p->fts_accpath, buf);
+		if (!digest) {
+			err(1, "line %d: %s", lineno, p->fts_accpath);
+		} else {
+			output(indent, &offset, "sha1digest=%s", digest);
+		}
+	}
+#endif /* SHA1 */
+#ifdef RMD160
+	if (keys & F_RMD160 && S_ISREG(p->fts_statp->st_mode)) {
+		char *digest, buf[41];
+
+		digest = RIPEMD160_File(p->fts_accpath, buf);
+		if (!digest) {
+			err(1, "line %d: %s", lineno, p->fts_accpath);
+		} else {
+			output(indent, &offset, "ripemd160digest=%s", digest);
+		}
+	}
+#endif /* RMD160 */
 	if (keys & F_SLINK &&
 	    (p->fts_info == FTS_SL || p->fts_info == FTS_SLNONE))
 		output(indent, &offset, "link=%s", rlink(p->fts_accpath));

usr.sbin/mtree/misc.c

@@ -36,7 +36,7 @@
 static char sccsid[] = "@(#)misc.c	8.1 (Berkeley) 6/6/93";
 #endif
 static const char rcsid[] =
-	"$Id: misc.c,v 1.4 1997/10/01 06:30:01 charnier Exp $";
+	"$Id: misc.c,v 1.5 1998/06/05 14:43:40 peter Exp $";
 #endif /*not lint */
 
 #include <sys/types.h>
@@ -64,10 +64,18 @@ static KEY keylist[] = {
 	{"gname",	F_GNAME,	NEEDVALUE},
 	{"ignore",	F_IGN,		0},
 	{"link",	F_SLINK,	NEEDVALUE},
+#ifdef MD5
 	{"md5digest",	F_MD5,		NEEDVALUE},
+#endif
 	{"mode",	F_MODE,		NEEDVALUE},
 	{"nlink",	F_NLINK,	NEEDVALUE},
 	{"nochange",	F_NOCHANGE,	0},
+#ifdef RMD160
+	{"ripemd160digest", F_RMD160,	NEEDVALUE},
+#endif
+#ifdef SHA1
+	{"sha1digest",	F_SHA1,		NEEDVALUE},
+#endif
 	{"size",	F_SIZE,		NEEDVALUE},
 	{"time",	F_TIME,		NEEDVALUE},
 	{"type",	F_TYPE,		NEEDVALUE},

usr.sbin/mtree/mtree.8

@@ -30,9 +30,9 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     From: @(#)mtree.8	8.2 (Berkeley) 12/11/93
-.\"	$Id: mtree.8,v 1.12 1998/06/05 14:43:40 peter Exp $
+.\"	$Id: mtree.8,v 1.13 1998/06/10 06:45:08 peter Exp $
 .\"
-.Dd February 9, 1995
+.Dd February 26, 1999
 .Dt MTREE 8
 .Os
 .Sh NAME
@@ -139,6 +139,16 @@ The file group as a numeric value.
 The file group as a symbolic name.
 .It Cm md5digest
 The MD5 message digest of the file.
+.It Cm sha1digest
+The 
+.Tn FIPS
+160-1
+.Pq Dq Tn SHA-1
+message digest of the file.
+.It Cm ripemd160digest
+The
+.Tn RIPEMD160
+message digest of the file.
 .It Cm mode
 The current file's permissions as a numeric (octal) or symbolic
 value.
@@ -240,7 +250,7 @@ To detect system binaries that have been ``trojan horsed'', it is recommended
 that
 .Nm
 .Fl K
-.Cm md5digest
+.Cm sha1digest
 be run on the file systems, and a copy of the results stored on a different
 machine, or, at least, in encrypted form.
 The output file itself should be digested using the
@@ -285,8 +295,17 @@ The
 .Nm
 utility appeared in
 .Bx 4.3 Reno .
-The MD5 digest capability was added in
+The 
+.Tn MD5
+digest capability was added in
 .Fx 2.1 ,
 in response to the widespread use of programs which can spoof
 .Xr cksum 1 .
-
+The
+.Tn SHA-1
+and
+.Tn RIPEMD160
+digests were added in
+.Fx 4.0 ,
+as new attacks have demonstrated weaknesses in
+.Tn MD5 .

usr.sbin/mtree/mtree.h

@@ -48,6 +48,8 @@ typedef struct _node {
 	struct timespec	st_mtimespec;		/* last modification time */
 	u_long	cksum;				/* check sum */
 	char	*md5digest;			/* MD5 digest */
+	char	*sha1digest;			/* SHA-1 digest */
+	char	*rmd160digest;			/* RIPEMD160 digest */
 	char	*slink;				/* symbolic link reference */
 	uid_t	st_uid;				/* uid */
 	gid_t	st_gid;				/* gid */
@@ -73,6 +75,8 @@ typedef struct _node {
 #define F_MD5	0x8000				/* MD5 digest */
 #define F_NOCHANGE 0x10000			/* If owner/mode "wrong", do */
 						/* not change */
+#define	F_SHA1	0x20000				/* SHA-1 digest */
+#define	F_RMD160 0x40000			/* RIPEMD160 digest */
 	u_int	flags;				/* items set */
 
 #define	F_BLOCK	0x001				/* block special */

usr.sbin/mtree/spec.c

@@ -36,7 +36,7 @@
 static char sccsid[] = "@(#)spec.c	8.1 (Berkeley) 6/6/93";
 #endif
 static const char rcsid[] =
-	"$Id: spec.c,v 1.8 1998/12/16 04:54:08 imp Exp $";
+	"$Id: spec.c,v 1.9 1999/01/12 02:58:23 jkoshy Exp $";
 #endif /* not lint */
 
 #include <sys/types.h>
@@ -199,6 +199,18 @@ set(t, ip)
 				errx(1, "strdup");
 			}
 			break;
+		case F_SHA1:
+			ip->sha1digest = strdup(val);
+			if(!ip->sha1digest) {
+				errx(1, "strdup");
+			}
+			break;
+		case F_RMD160:
+			ip->rmd160digest = strdup(val);
+			if(!ip->rmd160digest) {
+				errx(1, "strdup");
+			}
+			break;
 		case F_GID:
 			ip->st_gid = strtoul(val, &ep, 10);
 			if (*ep)