repairing the documentation for the -c option.
-# $OpenBSD: Makefile,v 1.12 2013/12/23 23:00:38 tedu Exp $
+# $OpenBSD: Makefile,v 1.13 2014/01/10 17:47:44 deraadt Exp $
PROG= md5
SRCS= crc.c md5.c
-MAN= cksum.1 md5.1 sha1.1 sha256.1
+MAN= cksum.1 md5.1
LINKS= ${BINDIR}/md5 ${BINDIR}/sha1 \
${BINDIR}/md5 ${BINDIR}/sha256 \
${BINDIR}/md5 ${BINDIR}/sha512 \
${BINDIR}/md5 ${BINDIR}/cksum \
${BINDIR}/md5 ${BINDIR}/sum
MLINKS= cksum.1 sum.1
-MLINKS+= sha256.1 sha512.1
+MLINKS+= md5.1 sha1.1
+MLINKS+= md5.1 sha256.1
+MLINKS+= md5.1 sha512.1
CPPFLAGS+= -I${.CURDIR}
COPTS+= -Wall -Wconversion -Wmissing-prototypes
-.\" $OpenBSD: md5.1,v 1.37 2014/01/10 05:34:46 tedu Exp $
+.\" $OpenBSD: md5.1,v 1.38 2014/01/10 17:47:44 deraadt Exp $
.\"
.\" Copyright (c) 2003, 2004, 2006 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.Nd calculate a message digest (checksum) for a file
.Sh SYNOPSIS
.Nm md5
-.Op Fl bprtx
+.Op Fl bcprtx
+.Op Fl h Ar hashfile
+.Op Fl s Ar string
+.Op Ar
+.Nm sha1
+.Op Fl bcprtx
+.Op Fl h Ar hashfile
+.Op Fl s Ar string
+.Op Ar
+.Nm sha256
+.Op Fl bcprtx
+.Op Fl h Ar hashfile
+.Op Fl s Ar string
+.Op Ar
+.Nm sha512
+.Op Fl bcprtx
.Op Fl h Ar hashfile
.Op Fl s Ar string
.Op Ar
-.Nm md5
-.Op Fl q
-.Fl c Op Ar checklist ...
.Sh DESCRIPTION
-.Nm
-takes as input a message of arbitrary length and produces
-as output a 128-bit message digest (checksum) of the input.
+These utilities take as input a message of arbitrary length and produces
+as output a message digest (checksum) of the input.
It is conjectured that it is computationally infeasible to produce
two messages having the same message digest (a collision),
or to produce any message having a given prespecified target message digest.
-However, collisions have now been produced for MD5,
-so the use of other message digest functions, such as
-.Xr sha256 1 ,
-is now preferred.
+The algorithm (MD5, SHA-1, SHA-256, SHA-512) is determined by the
+name used to invoke the utility.
.Pp
-The MD5 algorithm is intended for digital signature applications,
-where a large file must be compressed in a secure manner before
-being encrypted with a private (secret) key under a public-key
-cryptosystem, such as RSA.
+Collisions have now been produced for MD5, and are theorized for SHA-1,
+so their use is deprecated.
.Pp
-The options are as follows:
+The options for use with each command are as follows:
.Bl -tag -width Ds
.It Fl b
Output checksums in base64 notation, not hexadecimal.
-.It Fl c Op Ar checklist ...
-Compares all checksums contained in the file
-.Ar checklist
-with newly computed checksums for the corresponding files.
+.It Fl c
+If this option is specified, the
+.Ar file
+options become checklists.
+Each checklist should contain hash results in the normal format,
+which will be verified against the specified paths.
Output consists of the digest used, the file name,
and an OK or FAILED for the result of the comparison.
This will validate any of the supported checksums (see
.Sh EXIT STATUS
.Ex -std md5
.Sh SEE ALSO
-.Xr cksum 1 ,
-.Xr sha1 1 ,
-.Xr sha256 1
+.Xr cksum 1
.Sh STANDARDS
.Rs
.%A R. Rivest
.%R RFC 1321
.%T The MD5 Message-Digest Algorithm
.Re
+.Rs
+.%A J. Burrows
+.%O FIPS PUB 180-1
+.%T The Secure Hash Standard
+.Re
+.Pp
+.Rs
+.%A D. Eastlake
+.%A P. Jones
+.%D September 2001
+.%R RFC 3174
+.%T US Secure Hash Algorithm 1 (SHA1)
+.Re
+.Rs
+.%T Secure Hash Standard
+.%O FIPS PUB 180-2
+.Re
.Sh CAVEATS
Since collisions have been found for
.Em MD5 ,
+++ /dev/null
-.\" $OpenBSD: sha1.1,v 1.35 2014/01/10 05:34:46 tedu Exp $
-.\"
-.\" Copyright (c) 2003, 2004, 2006 Todd C. Miller <Todd.Miller@courtesan.com>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" Sponsored in part by the Defense Advanced Research Projects
-.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
-.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
-.\"
-.Dd $Mdocdate: January 10 2014 $
-.Dt SHA1 1
-.Os
-.Sh NAME
-.Nm sha1
-.Nd calculate a message digest (checksum) for a file
-.Sh SYNOPSIS
-.Nm sha1
-.Op Fl bprtx
-.Op Fl h Ar hashfile
-.Op Fl s Ar string
-.Op Ar
-.Nm sha1
-.Op Fl q
-.Fl c Op Ar checklist ...
-.Sh DESCRIPTION
-.Nm
-takes as input a message of arbitrary length and produces
-as output a 160-bit message digest (checksum) of the input.
-It is conjectured that it is computationally infeasible to produce
-two messages having the same message digest (a collision),
-or to produce any message having a given prespecified target message digest.
-However, researchers have developed theoretical attacks that significantly
-reduce the amount of time needed to find a collision in SHA-1.
-The use of other message digest functions, such as
-.Xr sha256 1 ,
-is now preferred.
-.Pp
-The SHA-1 algorithm is intended for digital signature applications,
-where a large file must be "compressed" in a secure manner before
-being encrypted with a private (secret) key under a public-key
-cryptosystem such as RSA.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl b
-Output checksums in base64 notation, not hexadecimal.
-.It Fl c Op Ar checklist ...
-Compares all checksums contained in the file
-.Ar checklist
-with newly computed checksums for the corresponding files.
-Output consists of the digest used, the file name,
-and an OK or FAILED for the result of the comparison.
-This will validate any of the supported checksums (see
-.Xr cksum 1 ) .
-If no file is given, stdin is used.
-.It Fl h Ar hashfile
-Place the checksum into
-.Ar hashfile
-instead of stdout.
-.It Fl p
-Echoes stdin to stdout and appends the
-checksum to stdout.
-.It Fl q
-Only print the checksum (quiet mode).
-.It Fl r
-Reverse the format of the hash algorithm output, making
-it match the output format used by
-.Xr cksum 1 .
-.It Fl s Ar string
-Prints a checksum of the given
-.Ar string .
-.It Fl t
-Runs a built-in time trial.
-Specifying
-.Fl t
-multiple times results in the number of rounds being multiplied
-by 10 for each additional flag.
-.It Fl x
-Runs a built-in test script.
-.El
-.Pp
-The checksum of each file listed on the command line is printed
-after the options are processed.
-.Pp
-The
-.Nm
-command is shorthand for:
-.Bd -literal -offset indent
-$ cksum -a sha1
-.Ed
-.Pp
-The
-.Xr cksum 1
-command can also be used to compute digests from the SHA-2 family:
-sha256, sha384 and sha512.
-.Sh EXIT STATUS
-.Ex -std sha1
-.Sh SEE ALSO
-.Xr cksum 1 ,
-.Xr md5 1 ,
-.Xr sha256 1
-.Rs
-.%A X. Wang
-.%A Y. Yin
-.%A H. Yu
-.%D 2005
-.%J Crypto
-.%T Finding Collisions in the Full SHA-1
-.Re
-.Sh STANDARDS
-.Rs
-.%A J. Burrows
-.%O FIPS PUB 180-1
-.%T The Secure Hash Standard
-.Re
-.Pp
-.Rs
-.%A D. Eastlake
-.%A P. Jones
-.%D September 2001
-.%R RFC 3174
-.%T US Secure Hash Algorithm 1 (SHA1)
-.Re
-.Sh CAVEATS
-Theoretical attacks that significantly reduce the amount of time needed
-to find a collision in
-.Em SHA-1
-have been developed.
-The use of
-.Xr sha256 1
-is recommended instead.
+++ /dev/null
-.\" $OpenBSD: sha256.1,v 1.10 2014/01/10 05:34:46 tedu Exp $
-.\"
-.\" Copyright (c) 2003, 2004, 2006 Todd C. Miller <Todd.Miller@courtesan.com>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" Sponsored in part by the Defense Advanced Research Projects
-.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
-.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
-.\"
-.Dd $Mdocdate: January 10 2014 $
-.Dt SHA256 1
-.Os
-.Sh NAME
-.Nm sha256 ,
-.Nm sha512
-.Nd calculate a message digest (checksum) for a file
-.Sh SYNOPSIS
-.Nm sha256
-.Op Fl bprtx
-.Op Fl h Ar hashfile
-.Op Fl s Ar string
-.Op Ar
-.Nm sha256
-.Op Fl q
-.Fl c Op Ar checklist ...
-.Nm sha512
-.Op Fl bprtx
-.Op Fl h Ar hashfile
-.Op Fl s Ar string
-.Op Ar
-.Nm sha512
-.Op Fl q
-.Fl c Op Ar checklist ...
-.Sh DESCRIPTION
-.Nm
-takes as input a message of arbitrary length and produces
-as output a 256-bit message digest (checksum) of the input.
-It is conjectured that it is computationally infeasible to produce
-two messages having the same message digest (a collision),
-or to produce any message having a given prespecified target message digest.
-.Pp
-When invoked as
-.Nm sha512 ,
-the SHA-512 algorithm is used instead, generating a 512-bit digest.
-.Pp
-These algorithms are intended for digital signature applications,
-where a large file must be compressed in a secure manner before
-being encrypted with a private (secret) key under a public-key
-cryptosystem, such as RSA.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl b
-Output checksums in base64 notation, not hexadecimal.
-.It Fl c Op Ar checklist ...
-Compares all checksums contained in the file
-.Ar checklist
-with newly computed checksums for the corresponding files.
-Output consists of the digest used, the file name,
-and an OK or FAILED for the result of the comparison.
-This will validate any of the supported checksums (see
-.Xr cksum 1 ) .
-If no file is given, stdin is used.
-.It Fl h Ar hashfile
-Place the checksum into
-.Ar hashfile
-instead of stdout.
-.It Fl p
-Echoes stdin to stdout and appends the
-checksum to stdout.
-.It Fl q
-Only print the checksum (quiet mode).
-.It Fl r
-Reverse the format of the hash algorithm output, making
-it match the output format used by
-.Xr cksum 1 .
-.It Fl s Ar string
-Prints a checksum of the given
-.Ar string .
-.It Fl t
-Runs a built-in time trial.
-Specifying
-.Fl t
-multiple times results in the number of rounds being multiplied
-by 10 for each additional flag.
-.It Fl x
-Runs a built-in test script.
-.El
-.Pp
-The checksum of each file listed on the command line is printed
-after the options are processed.
-.Pp
-The
-.Nm
-command is shorthand for:
-.Bd -literal -offset indent
-$ cksum -a sha256
-.Ed
-.Sh EXIT STATUS
-The
-.Nm sha256
-and
-.Nm sha512
-utilities exit 0 on success,
-and >0 if an error occurs.
-.Sh SEE ALSO
-.Xr cksum 1 ,
-.Xr md5 1 ,
-.Xr sha1 1
-.Rs
-.%T Secure Hash Standard
-.%O FIPS PUB 180-2
-.Re
projects / openbsd / commitdiff