Add support for the "sha256digest" keyword to create/compare

SHA-256 digests of files.  In the man page, also replace SHA-1
with SHA-256 in the examples section.

Man page formatting tweak and ok schwarze@

6 files changed, 53 insertions, 14 deletions

diff --git a/usr.sbin/mtree/compare.c b/usr.sbin/mtree/compare.c
index adc121c0088..21c0fca9ba1 100644
--- a/usr.sbin/mtree/compare.c
+++ b/usr.sbin/mtree/compare.c
@@ -1,5 +1,5 @@
 /*	$NetBSD: compare.c,v 1.11 1996/09/05 09:56:48 mycroft Exp $	*/
-/*	$OpenBSD: compare.c,v 1.22 2009/10/27 23:59:53 deraadt Exp $	*/
+/*	$OpenBSD: compare.c,v 1.23 2012/07/08 21:19:42 naddy Exp $	*/
 
 /*-
  * Copyright (c) 1989, 1993
@@ -39,8 +39,9 @@
 #include <time.h>
 #include <unistd.h>
 #include <md5.h>
-#include <sha1.h>
 #include <rmd160.h>
+#include <sha1.h>
+#include <sha2.h>
 #include "mtree.h"
 #include "extern.h"
 
@@ -287,6 +288,22 @@ typeerr:		LABEL;
 			tab = "\t";
 		}
 	}
+	if (s->flags & F_SHA256) {
+		char *new_digest, buf[SHA256_DIGEST_STRING_LENGTH];
+
+		new_digest = SHA256File(p->fts_accpath, buf);
+		if (!new_digest) {
+			LABEL;
+			printf("%sSHA256File: %s: %s\n", tab, p->fts_accpath,
+			       strerror(errno));
+			tab = "\t";
+		} else if (strcmp(new_digest, s->sha256digest)) {
+			LABEL;
+			printf("%sSHA256 (%s, %s)\n", tab, s->sha256digest,
+			       new_digest);
+			tab = "\t";
+		}
+	}
 	if (s->flags & F_SLINK && strcmp(cp = rlink(name), s->slink)) {
 		LABEL;
 		(void)printf("%slink ref (%s, %s)\n", tab, cp, s->slink);
diff --git a/usr.sbin/mtree/create.c b/usr.sbin/mtree/create.c
index 21319a6fb4f..1ce2ba94a07 100644
--- a/usr.sbin/mtree/create.c
+++ b/usr.sbin/mtree/create.c
@@ -1,5 +1,5 @@
 /*	$NetBSD: create.c,v 1.11 1996/09/05 09:24:19 mycroft Exp $	*/
-/*	$OpenBSD: create.c,v 1.26 2009/10/27 23:59:53 deraadt Exp $	*/
+/*	$OpenBSD: create.c,v 1.27 2012/07/08 21:19:42 naddy Exp $	*/
 
 /*-
  * Copyright (c) 1989, 1993
@@ -44,8 +44,9 @@
 #include <stdarg.h>
 #include <vis.h>
 #include <md5.h>
-#include <sha1.h>
 #include <rmd160.h>
+#include <sha1.h>
+#include <sha2.h>
 #include "mtree.h"
 #include "extern.h"
 
@@ -223,6 +224,15 @@ statf(int indent, FTSENT *p)
 		else
 			output(indent, &offset, "sha1digest=%s", sha1digest);
 	}
+	if (keys & F_SHA256 && S_ISREG(p->fts_statp->st_mode)) {
+		char *sha256digest, buf[SHA256_DIGEST_STRING_LENGTH];
+
+		sha256digest = SHA256File(p->fts_accpath,buf);
+		if (!sha256digest)
+			error("%s: %s", p->fts_accpath, strerror(errno));
+		else
+			output(indent, &offset, "sha256digest=%s", sha256digest);
+	}
 	if (keys & F_SLINK &&
 	    (p->fts_info == FTS_SL || p->fts_info == FTS_SLNONE)) {
 		name = rlink(p->fts_accpath);
diff --git a/usr.sbin/mtree/misc.c b/usr.sbin/mtree/misc.c
index c6ebebcf662..b0d7de646c3 100644
--- a/usr.sbin/mtree/misc.c
+++ b/usr.sbin/mtree/misc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: misc.c,v 1.18 2004/08/01 18:32:20 deraadt Exp $	*/
+/*	$OpenBSD: misc.c,v 1.19 2012/07/08 21:19:42 naddy Exp $	*/
 /*	$NetBSD: misc.c,v 1.4 1995/03/07 21:26:23 cgd Exp $	*/
 
 /*-
@@ -64,6 +64,7 @@ static KEY keylist[] = {
 	{"optional",	F_OPT,		0},
 	{"rmd160digest",F_RMD160,	NEEDVALUE},
 	{"sha1digest",	F_SHA1,		NEEDVALUE},
+	{"sha256digest",F_SHA256,	NEEDVALUE},
 	{"size",	F_SIZE,		NEEDVALUE},
 	{"time",	F_TIME,		NEEDVALUE},
 	{"type",	F_TYPE,		NEEDVALUE},
diff --git a/usr.sbin/mtree/mtree.8 b/usr.sbin/mtree/mtree.8
index 8464dcb4986..bb691a7252b 100644
--- a/usr.sbin/mtree/mtree.8
+++ b/usr.sbin/mtree/mtree.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: mtree.8,v 1.35 2010/09/03 11:22:36 jmc Exp $
+.\"	$OpenBSD: mtree.8,v 1.36 2012/07/08 21:19:42 naddy Exp $
 .\"	$NetBSD: mtree.8,v 1.4 1995/03/07 21:26:25 cgd Exp $
 .\"
 .\" Copyright (c) 1989, 1990, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)mtree.8	8.2 (Berkeley) 12/11/93
 .\"
-.Dd $Mdocdate: September 3 2010 $
+.Dd $Mdocdate: July 8 2012 $
 .Dt MTREE 8
 .Os
 .Sh NAME
@@ -156,7 +156,7 @@ No keywords have default values, and if a keyword has no value set, no
 checks based on it are performed.
 .Pp
 Currently supported keywords are as follows:
-.Bl -tag -width Cm
+.Bl -tag -width sha256digest
 .It Cm cksum
 The checksum of the file using the default algorithm specified by
 the
@@ -193,6 +193,8 @@ not in the file hierarchy.
 The RIPEMD-160 message digest of the file.
 .It Cm sha1digest
 The SHA-1 message digest of the file.
+.It Cm sha256digest
+The SHA-256 message digest of the file.
 .It Cm size
 The size, in bytes, of the file.
 .It Cm time
@@ -305,21 +307,21 @@ it is recommended
 that
 .Nm mtree
 .Fl cK
-.Cm sha1digest
+.Cm sha256digest
 be run on the file systems, and a copy of the results stored on a different
 machine, or, at least, in encrypted form.
 The output file itself should be digested using the
-.Xr sha1 1
+.Xr sha256 1
 utility.
 Then, periodically,
 .Nm mtree
 and
-.Xr sha1 1
+.Xr sha256 1
 should be run against the on-line specifications.
 While it is possible for the bad guys to change the on-line specifications
 to conform to their modified binaries, it is believed to be
 impractical for them to create a modified specification which has
-the same SHA1 digest as the original.
+the same SHA-256 digest as the original.
 .Pp
 The
 .Fl d
@@ -336,11 +338,13 @@ distribution.
 .Xr cksum 1 ,
 .Xr md5 1 ,
 .Xr sha1 1 ,
+.Xr sha256 1 ,
 .Xr stat 2 ,
 .Xr fts 3 ,
 .Xr md5 3 ,
 .Xr rmd160 3 ,
 .Xr sha1 3 ,
+.Xr sha2 3 ,
 .Xr hier 7 ,
 .Xr chown 8
 .Sh HISTORY
diff --git a/usr.sbin/mtree/mtree.h b/usr.sbin/mtree/mtree.h
index c3a1f519032..55e1702aff9 100644
--- a/usr.sbin/mtree/mtree.h
+++ b/usr.sbin/mtree/mtree.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mtree.h,v 1.12 2008/10/08 12:17:02 kili Exp $	*/
+/*	$OpenBSD: mtree.h,v 1.13 2012/07/08 21:19:42 naddy Exp $	*/
 /*	$NetBSD: mtree.h,v 1.7 1995/03/07 21:26:27 cgd Exp $	*/
 
 /*-
@@ -53,6 +53,7 @@ typedef struct _node {
 	char	*md5digest;			/* MD5 digest */
 	char	*rmd160digest;			/* RIPEMD-160 digest */
 	char	*sha1digest;			/* SHA-1 digest */
+	char	*sha256digest;			/* SHA-256 digest */
 	char	*slink;				/* symbolic link reference */
 	uid_t	st_uid;				/* uid */
 	gid_t	st_gid;				/* gid */
@@ -82,6 +83,7 @@ typedef struct _node {
 #define	F_VISIT		0x040000		/* file visited */
 #define	F_FLAGS		0x080000		/* file flags */
 #define	F_NOCHANGE	0x100000		/* do not change owner/mode */
+#define	F_SHA256	0x200000		/* SHA-256 digest */
 	u_int32_t flags;			/* items set */
 
 #define	F_BLOCK	0x001				/* block special */
diff --git a/usr.sbin/mtree/spec.c b/usr.sbin/mtree/spec.c
index 2bf0a42c962..f8caec2cb20 100644
--- a/usr.sbin/mtree/spec.c
+++ b/usr.sbin/mtree/spec.c
@@ -1,5 +1,5 @@
 /*	$NetBSD: spec.c,v 1.6 1995/03/07 21:12:12 cgd Exp $	*/
-/*	$OpenBSD: spec.c,v 1.25 2009/10/27 23:59:53 deraadt Exp $	*/
+/*	$OpenBSD: spec.c,v 1.26 2012/07/08 21:19:42 naddy Exp $	*/
 
 /*-
  * Copyright (c) 1989, 1993
@@ -235,6 +235,11 @@ set(char *t, NODE *ip)
 			if (!ip->sha1digest)
 				error("%s", strerror(errno));
 			break;
+		case F_SHA256:
+			ip->sha256digest = strdup(val);
+			if (!ip->sha256digest)
+				error("%s", strerror(errno));
+			break;
 		case F_SIZE:
 			ip->st_size = strtouq(val, &ep, 10);
 			if (*ep)