From b7c17fd730ca4e8806a506b617ad32218aa0b826 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Stefan=20E=C3=9Fer?= <se@FreeBSD.org>
Date: Sat, 19 Jun 2021 13:27:16 +0200
Subject: [PATCH] sbin/md5: add md5sum to synopsis in the man-page

When invoked with "sum" following the hash name, the -c option takes a
file argument, not a string argument.

(cherry picked from commit 84f35b6f86efd004a8f25ef6eecea0f5d02733c4)

sbin/md5: improve compatibility with coreutils -c option

The -c option expects a digest file in either BSD or coreutils format.

The output for matched and mismatched files is identical to that
of the coreutils version.

The review of these changes included test cases that have already
been committed for the functionality that existed before.
Another test script is added to cover the coreutils compatible
extension implemented by this patch.

This commit contains a tests/Makefile that has been cleaned up
compared to the review version, using an implicit rule to apply the
TESTBASE path at build time (and the scripts have been renamed to
have an extension of .SH instead of .sh to trigger this rule).

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D30812

(cherry picked from commit b33d1898c1b0e6d76b52eb48078260588802dc95)

md5: Improve compatibility with coreutils and format fix

The previous changes that added support for the coreutils -c option
modified the output generated by passing -r to match that of the
coreutils versions. The difference is that coreutils separates the
hash from the file name by two blanks "  " (or a blank followed by
an asterisk " *" with the -b option denoting).

While most scripts or users will not notice the difference, it might
be considered a violation of POLA and this commit reverts the change
for the non-sum programs. These will print a single blank " " as the
separator, as they die before the previous commit.

In order to still generate output that is identical to that of the
coreutils programs, this commit generates the "  " or " *" separator
used by them for the -sum versions, depending on the presence of the
-b option.

(cherry picked from commit b33d1898c1b0e6d76b52eb48078260588802dc95)

md5: Fix cross-build after c2870e576bd2

On macOS and Linux the current set of headers do not end up pulling in
sys/param.h, causing MAXPATHLEN to not be defined and the build to fail.

(cherry picked from commit cab31e0e216c7defefd4aba14693ba2252ea7308)
---
 sbin/md5/md5.1                     | 114 +++++++++++++++++--
 sbin/md5/md5.c                     | 171 +++++++++++++++++++++++++----
 sbin/md5/tests/Makefile            |   1 +
 sbin/md5/tests/coreutils-c-test.SH |  21 ++++
 4 files changed, 274 insertions(+), 33 deletions(-)
 create mode 100644 sbin/md5/tests/coreutils-c-test.SH

diff --git a/sbin/md5/md5.1 b/sbin/md5/md5.1
index af4e606b62e..f91e0b759dc 100644
--- a/sbin/md5/md5.1
+++ b/sbin/md5/md5.1
@@ -15,6 +15,12 @@
 .Op Fl s Ar string
 .Op Ar
 .Pp
+.Nm md5sum
+.Op Fl pqrtx
+.Op Fl c Ar file
+.Op Fl s Ar string
+.Op Ar
+.Pp
 (All other hashes have the same options and usage.)
 .Sh DESCRIPTION
 The
@@ -85,17 +91,34 @@ The hexadecimal checksum of each file listed on the command line is printed
 after the options are processed.
 .Bl -tag -width indent
 .It Fl b
-Ignored for compatibility with the coreutils
+Make the
 .Nm -sum
-programs.
+programs separate hash and digest with a blank followed by an asterisk instead
+of by 2 blank characters for full compatibility with the output generated by the
+coreutils versions of these programs.
 .It Fl c Ar string
-Compare the digest of the file against this string.
+If the program was called with a name that does not end in
+.Nm sum ,
+compare the digest of the file against this string.
 .Pq Note that this option is not yet useful if multiple files are specified.
-This option causes an error in for the
-.Nm -sum
-programs because it check the checksums listed in a file for the coreutils
-.Nm -sum
-programs that is not yet implemented.
+.It Fl c Ar file
+If the program was called with a name that does end in
+.Nm sum ,
+the file passed as argument must contain digest lines generated by the same
+digest algorithm with or without the
+.Fl r
+option
+.Pq i.e. in either classical BSD format or in GNU coreutils format .
+A line with the file name followed by a colon
+.Dq ":"
+and either OK or FAILED is written for each well-formed line in the digest file.
+If applicable, the number of failed comparisons and the number of lines that were
+skipped since they were not well-formed are printed at the end.
+The
+.Fl q
+option can be used to quiesce the output unless there are mismatched entries in
+the digest.
+.Pp
 .It Fl s Ar string
 Print a checksum of the given
 .Ar string .
@@ -132,6 +155,77 @@ utilities exit 0 on success,
 and 2 if at least one file does not have the same hash as the
 .Fl c
 option.
+<<<<<<< HEAD
+=======
+.Sh EXAMPLES
+Calculate the MD5 checksum of the string
+.Dq Hello .
+.Bd -literal -offset indent
+$ md5 -s Hello
+MD5 ("Hello") = 8b1a9953c4611296a827abf8c47804d7
+.Ed
+.Pp
+Same as above, but note the absence of the newline character in the input
+string:
+.Bd -literal -offset indent
+$ echo -n Hello | md5
+8b1a9953c4611296a827abf8c47804d7
+.Ed
+.Pp
+Calculate the checksum of multiple files reversing the output:
+.Bd -literal -offset indent
+$ md5 -r /boot/loader.conf /etc/rc.conf
+ada5f60f23af88ff95b8091d6d67bef6 /boot/loader.conf
+d80bf36c332dc0fdc479366ec3fa44cd /etc/rc.conf
+.Pd
+The
+.Nm -sum
+variants put 2 blank characters between hash and file name for full compatibilty
+with the coreutils versions of these commands.
+.Ed
+.Pp
+Write the digest for
+.Pa /boot/loader.conf
+in a file named
+.Pa digest .
+Then calculate the checksum again and validate it against the checksum string
+extracted from the
+.Pa digest
+file:
+.Bd -literal -offset indent
+$ md5 /boot/loader.conf > digest && md5 -c $(cut -f2 -d= digest) /boot/loader.conf
+MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6
+.Ed
+.Pp
+Same as above but comparing the digest against an invalid string
+.Pq Dq randomstring ,
+which results in a failure.
+.Bd -literal -offset indent
+$ md5 -c randomstring /boot/loader.conf
+MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6 [ Failed ]
+.Ed
+.Pp
+If invoked with a name ending in
+.Nm -sum
+the
+.Fl c
+option does not compare against a hash string passed as parameter.
+Instead, it expects a digest file, as created under the name
+.Pa digest
+for
+.Pa /boot/loader.conf
+in the example above.
+.Bd -literal -offset indent
+$ md5 -c digest /boot/loader.conf
+/boot/loader.conf: OK
+.Ed
+.Pp
+The digest file may contain any number of lines in the format generated with or without the
+.Fl r
+option
+.Pq i.e. in either classical BSD format or in GNU coreutils format .
+If a hash value does not match the file, FAILED is printed instead of OK.
+>>>>>>> c2870e576bd2 (sbin/md5: improve compatibility with coreutils -c option)
 .Sh SEE ALSO
 .Xr cksum 1 ,
 .Xr md5 3 ,
@@ -171,9 +265,7 @@ The RIPEMD-160 page:
 All of the utilities that end in
 .Sq sum
 are intended to be compatible with the GNU coreutils programs.
-However, the long arguments and the
-.Fl -check
-functionality are not provided.
+However, the long option functionality is not provided.
 .Sh ACKNOWLEDGMENTS
 This program is placed in the public domain for free general use by
 RSA Data Security.
diff --git a/sbin/md5/md5.c b/sbin/md5/md5.c
index e553d4c56e8..7235e6e0a39 100644
--- a/sbin/md5/md5.c
+++ b/sbin/md5/md5.c
@@ -21,6 +21,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
+#include <sys/param.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <err.h>
@@ -53,6 +54,8 @@ __FBSDID("$FreeBSD$");
 #define TEST_BLOCK_COUNT 100000
 #define MDTESTCOUNT 8
 
+static int bflag;
+static int cflag;
 static int pflag;
 static int qflag;
 static int rflag;
@@ -152,12 +155,93 @@ static const struct Algorithm_t Algorithm[] = {
 		(DIGEST_End*)&SKEIN1024_End, &SKEIN1024_Data, &SKEIN1024_Fd }
 };
 
+static unsigned	digest;
+static unsigned	malformed;
+static bool	gnu_emu = false;
+
 static void
 MD5_Update(MD5_CTX *c, const unsigned char *data, size_t len)
 {
 	MD5Update(c, data, len);
 }
 
+struct chksumrec {
+	char	*filename;
+	char	*chksum;
+	struct	chksumrec	*next;
+};
+
+static struct chksumrec *head = NULL;
+static struct chksumrec **next = &head;
+
+#define PADDING	7	/* extra padding for "SHA512t256 (...) = ...\n" style */
+#define CHKFILELINELEN	(HEX_DIGEST_LENGTH + MAXPATHLEN + PADDING)
+
+static int gnu_check(const char *checksumsfile)
+{
+	FILE	*inp;
+	char	linebuf[CHKFILELINELEN];
+	int	linelen;
+	int	lineno;
+	char	*filename;
+	char	*hashstr;
+	struct chksumrec	*rec;
+	const char	*digestname;
+	int	digestnamelen;
+	int	hashstrlen;
+
+	if ((inp = fopen(checksumsfile, "r")) == NULL)
+		err(1, "%s", checksumsfile);
+	digestname = Algorithm[digest].name;
+	digestnamelen = strlen(digestname);
+	hashstrlen = strlen(*(Algorithm[digest].TestOutput[0]));
+	lineno = 1;
+	while (fgets(linebuf, sizeof(linebuf), inp) != NULL) {
+		linelen = strlen(linebuf) - 1;
+		if (linelen <= 0)
+			break;
+		if (linebuf[linelen] != '\n')
+			errx(1, "malformed input line %d (len=%d)", lineno, linelen);
+		linebuf[linelen] = '\0';
+		filename = linebuf + digestnamelen + 2;
+		hashstr = linebuf + linelen - hashstrlen;
+		/*
+		 * supported formats:
+		 * BSD: <DigestName> (<Filename>): <Digest>
+		 * GNU: <Digest> [ *]<Filename>
+		 */
+		if (linelen >= digestnamelen + hashstrlen + 6 &&
+		    strncmp(linebuf, digestname, digestnamelen) == 0 &&
+		    strncmp(filename - 2, " (", 2) == 0 &&
+		    strncmp(hashstr - 4, ") = ", 4) == 0) {
+			*(hashstr - 4) = '\0';
+		} else if (linelen >= hashstrlen + 3 &&
+		    linebuf[hashstrlen] == ' ') {
+			linebuf[hashstrlen] = '\0';
+			hashstr = linebuf;
+			filename = linebuf + hashstrlen + 1;
+			if (*filename == ' ' || *filename == '*')
+				filename++;
+		} else {
+			malformed++;
+			continue;
+		}
+		rec = malloc(sizeof (*rec));
+		if (rec == NULL)
+			errx(1, "malloc failed");
+		rec->chksum = strdup(hashstr);
+		rec->filename = strdup(filename);
+		if (rec->chksum == NULL || rec->filename == NULL)
+			errx(1, "malloc failed");
+		rec->next = NULL;
+		*next = rec;
+		next = &rec->next;
+		lineno++;
+	}
+	fclose(inp);
+	return (lineno - 1);
+}
+
 /* Main driver.
 
 Arguments (may be any combination):
@@ -177,9 +261,9 @@ main(int argc, char *argv[])
 	char   *p, *string;
 	char	buf[HEX_DIGEST_LENGTH];
 	size_t	len;
- 	unsigned	digest;
 	char	*progname;
-	bool	gnu_emu = false;
+	struct chksumrec	*rec;
+	int	numrecs;
 
  	if ((progname = strrchr(argv[0], '/')) == NULL)
  		progname = argv[0];
@@ -199,13 +283,13 @@ main(int argc, char *argv[])
 	 */
 	len = strlen(progname);
 	if (len > 3 && strcmp(progname + len - 3, "sum") == 0) {
-		progname[len - 3] = '\0';
+		len -= 3;
 		rflag = 1;
 		gnu_emu = true;
 	}
 
  	for (digest = 0; digest < sizeof(Algorithm)/sizeof(*Algorithm); digest++)
- 		if (strcasecmp(Algorithm[digest].progname, progname) == 0)
+ 		if (strncasecmp(Algorithm[digest].progname, progname, len) == 0)
  			break;
 
  	if (digest == sizeof(Algorithm)/sizeof(*Algorithm))
@@ -218,11 +302,14 @@ main(int argc, char *argv[])
 	while ((ch = getopt(argc, argv, "bc:pqrs:tx")) != -1)
 		switch (ch) {
 		case 'b':
+			bflag = 1;
 			break;
 		case 'c':
+			cflag = 1;
 			if (gnu_emu)
-				errx(1, "-c check option not supported");
-			checkAgainst = optarg;
+				numrecs = gnu_check(optarg);
+			else
+				checkAgainst = optarg;
 			break;
 		case 'p':
 			pflag = 1;
@@ -258,6 +345,20 @@ main(int argc, char *argv[])
 		err(1, "unable to limit rights for stdio");
 #endif
 
+	if (cflag && gnu_emu) {
+		/*
+		 * Replace argv by an array of filenames from the digest file
+		 */
+		argc = 0;
+		argv = (char**)calloc(sizeof(char *), numrecs + 1);
+		for (rec = head; rec != NULL; rec = rec->next) {
+			argv[argc] = rec->filename;
+			argc++;
+		}
+		argv[argc] = NULL;
+		rec = head;
+	}
+
 	if (*argv) {
 		do {
 			if ((fd = open(*argv, O_RDONLY)) < 0) {
@@ -279,11 +380,15 @@ main(int argc, char *argv[])
 					err(1, "capsicum");
 #endif
 			}
+			if (cflag && gnu_emu) {
+				checkAgainst = rec->chksum;
+				rec = rec->next;
+			}
 			p = Algorithm[digest].Fd(fd, buf);
 			(void)close(fd);
 			MDOutput(&Algorithm[digest], p, argv);
 		} while (*++argv);
-	} else if (!sflag && !skip) {
+	} else if (!cflag && !sflag && !skip) {
 #ifdef HAVE_CAPSICUM
 		if (caph_limit_stdin() < 0 || caph_enter() < 0)
 			err(1, "capsicum");
@@ -295,7 +400,12 @@ main(int argc, char *argv[])
 		p = Algorithm[digest].Data(string, len, buf);
 		MDOutput(&Algorithm[digest], p, &string);
 	}
-
+	if (gnu_emu) {
+		if (malformed > 0)
+			warnx("WARNING: %d lines are improperly formatted", malformed);
+		if (checksFailed > 0)
+			warnx("WARNING: %d computed checksums did NOT match", checksFailed);
+	}
 	if (failed != 0)
 		return (1);
 	if (checksFailed != 0)
@@ -310,6 +420,8 @@ main(int argc, char *argv[])
 static void
 MDOutput(const Algorithm_t *alg, char *p, char *argv[])
 {
+	bool checkfailed = false;
+
 	if (p == NULL) {
 		warn("%s", *argv);
 		failed++;
@@ -318,21 +430,33 @@ MDOutput(const Algorithm_t *alg, char *p, char *argv[])
 		 * If argv is NULL we are reading from stdin, where the output
 		 * format has always been just the hash.
 		 */
-		if (qflag || argv == NULL)
-			printf("%s", p);
-		else if (rflag)
-			printf("%s %s", p, *argv);
-		else
-			printf("%s (%s) = %s",
-			    alg->name, *argv, p);
-		if (checkAgainst && strcasecmp(checkAgainst, p) != 0)
-		{
-			checksFailed++;
-			if (!qflag)
-				printf(" [ Failed ]");
+		if (cflag && gnu_emu) {
+			checkfailed = strcasecmp(checkAgainst, p) != 0;
+			if (!qflag || checkfailed)
+				printf("%s: %s\n", *argv, checkfailed ? "FAILED" : "OK");
+		} else if (qflag || argv == NULL) {
+			printf("%s\n", p);
+		} else {
+			if (rflag)
+				if (gnu_emu)
+					if (bflag)
+						printf("%s *%s", p, *argv);
+					else
+						printf("%s  %s", p, *argv);
+				else
+					printf("%s %s", p, *argv);
+			else
+				printf("%s (%s) = %s", alg->name, *argv, p);
+			if (checkAgainst) {
+				checkfailed = strcasecmp(checkAgainst, p) != 0;
+				if (!qflag && checkfailed)
+					printf(" [ Failed ]");
+			}
+			printf("\n");
 		}
-		printf("\n");
 	}
+	if (checkfailed)
+		checksFailed++;
 }
 
 /*
@@ -559,6 +683,9 @@ static void
 usage(const Algorithm_t *alg)
 {
 
-	fprintf(stderr, "usage: %s [-pqrtx] [-c string] [-s string] [files ...]\n", alg->progname);
+	if (gnu_emu)
+		fprintf(stderr, "usage: %ssum [-pqrtx] [-c file] [-s string] [files ...]\n", alg->progname);
+	else
+		fprintf(stderr, "usage: %s [-pqrtx] [-c string] [-s string] [files ...]\n", alg->progname);
 	exit(1);
 }
diff --git a/sbin/md5/tests/Makefile b/sbin/md5/tests/Makefile
index b37332aa989..93f3913c687 100644
--- a/sbin/md5/tests/Makefile
+++ b/sbin/md5/tests/Makefile
@@ -32,6 +32,7 @@ PLAIN_TESTS_SH+=	self-test
 PLAIN_TESTS_SH+=	bsd-c-test
 PLAIN_TESTS_SH+=	bsd-p-test
 PLAIN_TESTS_SH+=	bsd-s-test
+PLAIN_TESTS_SH+=	coreutils-c-test
 
 .SUFFIXES:		.SH
 
diff --git a/sbin/md5/tests/coreutils-c-test.SH b/sbin/md5/tests/coreutils-c-test.SH
new file mode 100644
index 00000000000..5996e533c62
--- /dev/null
+++ b/sbin/md5/tests/coreutils-c-test.SH
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+/bin/cp %%TESTSBASE%%/sbin/md5/*.inp . || exit 127
+
+exitcode=0
+
+testloop () {
+	opt=$1
+
+	while read algorithm; do
+		${algorithm}sum -c %%TESTSBASE%%/sbin/md5/${algorithm}.digest || exitcode=1
+		${algorithm}sum -c %%TESTSBASE%%/sbin/md5/${algorithm}sum.digest || exitcode=1
+	done < %%TESTSBASE%%/sbin/md5/algorithms.txt
+}
+
+testloop ""
+testloop -q
+testloop -r
+testloop -qr
+
+exit $exitcode
-- 
2.45.0