openssl md5 output
Why does this command prepend useless redundant information? $ openssl md5 (echo foo) MD5(/dev/fd/63)= d3b07384d113edec49eaa6238ad5ff00 ^ ^ I just cannot fathom why this was done. This is just all around terrible design. Not only is this information redundant and entirely worthless but it is likely to change across versions (as I have found out). In older versions of openssl (AFAICT) the behavior when reading from stdin is to put the md5 sum to stdout without any garbage: $ openssl md5 foo 4d04cdc45787fd56cdda95fdcac9ae33 on newer versions we have: $ openssl md5 bar (stdin)= 3d5e7d620c4f7e059ee18829968b45d4 You have successfully made portability and compatibility a nightmare. What makes it even better is the output doesn't even match the regular file case. Compare: $ openssl md5 bar (stdin)= 3d5e7d620c4f7e059ee18829968b45d4 with $ openssl md5 (echo foo) MD5(/dev/fd/63)= d3b07384d113edec49eaa6238ad5ff00 Thank you *so* much. I would have framed this email more politely but you have successfully punted compatibility detection onto third party developers. There is no way for you to fix it. -- - Patrick Donnelly __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: openssl md5 output
On Mon, Jul 18, 2011 at 4:05 PM, Coda Highland chighl...@gmail.com wrote: On Mon, Jul 18, 2011 at 2:41 PM, Patrick Donnelly batr...@batbytes.com wrote: Why does this command prepend useless redundant information? $ openssl md5 (echo foo) MD5(/dev/fd/63)= d3b07384d113edec49eaa6238ad5ff00 --snip-- Thank you *so* much. I would have framed this email more politely but you have successfully punted compatibility detection onto third party developers. There is no way for you to fix it. I'm not an OpenSSL developer, but I can field this one because the answer is fairly obvious. To answer your initial question, consider the case of $ openssl md5 *.txt, where each line needs to have that information. The new format makes the output consistent regardless of manner of implementation, which from a future-proofing standpoint makes more sense than changing the output depending on the precise manner of input. Are you seriously suggesting that parsing the md5sums of multiple files from the output of openssl md5 *.txt is a sensible use case? Why on earth would you not call openssl md5 for each individual file? My question is why you're depending on the output format of openssl md5 in the first place. md5sum is almost as commonly available and is much more amenable to shell scripting, and if you're not doing shell scripting the output is irrelevant because you could be using OpenSSL as a library. Because I'm relying on other features of openssl. It makes sense to use the entire library of commands from one dependency instead of using commands from multiple dependencies (md5sum and openssl). Are you suggesting that openssl md5 is not worthwhile using because well-known alternatives exist that actually don't clutter the output with garbage? Regardless, this is a simple change, and a simple awk or sed script will solve the problem while retaining compatibility with older versions. Perhaps: openssl md5 blah | sed s/^.*= *// will serve. (This says, if the line starts with an arbitrary number of characters, followed by an equals sign, followed by zero or more whitespace, remove that.) I shouldn't have to do this to begin with. Also, if the current compatibility breakage trend continues, I'm sure that won't work in a year or two. -- - Patrick Donnelly __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: openssl md5 output
To answer your initial question, consider the case of $ openssl md5 *.txt, where each line needs to have that information. The new format makes the output consistent regardless of manner of implementation, which from a future-proofing standpoint makes more sense than changing the output depending on the precise manner of input. Are you seriously suggesting that parsing the md5sums of multiple files from the output of openssl md5 *.txt is a sensible use case? Why on earth would you not call openssl md5 for each individual file? Because a lot of distributions that have a lot of files include a manifest file containing the format filename\thash and verifying them against each other should be pretty standard. Are you suggesting that openssl md5 is not worthwhile using because well-known alternatives exist that actually don't clutter the output with garbage? I am suggesting that it isn't worthwhile because the well-known alternatives are something of a de-facto standard, not because openssl's version does it wrong. Regardless, this is a simple change, anda simple awk or sed script will solve the problem while retaining compatibility with older versions. Perhaps: openssl md5 blah | sed s/^.*= *// will serve. (This says, if the line starts with an arbitrary number of characters, followed by an equals sign, followed by zero or more whitespace, remove that.) I shouldn't have to do this to begin with. Also, if the current compatibility breakage trend continues, I'm sure that won't work in a year or two. The only further change I, as an independent user, would expect from here would be to see the = disappear and possibly the space to be replaced with a tab. If openssl md5 were intended for scripting use (and clearly it is NOT intended for such) I wouldn't be surprised if a further change were made later to make its output conform to md5sum, for compatibility with those other tools rather than for compatibility with existing scripts. (Because, as I said, it's fairly evident that it isn't intended to be scripted against. The openssl command line suite is clearly intended to be used primarily interactively.) /s/ Adam __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: openssl md5 output
On 18 Jul 2011, at 1:25 PM, Patrick Donnelly wrote: Are you seriously suggesting that parsing the md5sums of multiple files from the output of openssl md5 *.txt is a sensible use case? It's not just sensible, it's fairly common. The DIGEST(filename)=hexhexhex... output style is in imitation of other tools, like md5sum. I agree that this change is an unnecessary annoyance. IMHO it would be better for openssl to emit the bare digest unless multiple files are specified or an option is used on the command line. On Mon, Jul 18, 2011 at 4:05 PM, Coda Highland chighl...@gmail.com wrote: My question is why you're depending on the output format of openssl md5 in the first place. md5sum is almost as commonly available and is much more amenable to shell scripting, Almost indeed. I often use openssl in shell scripts because it's more reliably available across operating systems. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
