Add support for various SHA checksum digests

The main purpose of the SHA checksums are to allow the daemon auth code
to pick a stonger digest method when negotiating the auth digest to use.
However, the SHA digests are also available for use in file checksums,
should someon really want to use one of them.

The new digests are listed from strongest to weakest at the start of the
daemon auth list, giving them the highest priority.

The new digests are listed from weakest to strongest near the end of the
checksum list, giving them the lowest priority of use for file
checksums.

diff --git a/NEWS.md b/NEWS.md
index cbeb31b7f8710e57692c0674d62822b963097e15..3535e21b6a96ad47c2d2f51fcc7065abea79a1e5 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -9,7 +9,13 @@
 ### ENHANCEMENTS:
 
 - Added negotiated daemon-auth support that allows a stronger checksum digest
-  to be used.
+  to be used.  Added SHA512, SHA256, and SHA1 digests to MD5 & MD4.  These new
+  digests are at the highest priority in the new negotiation list.
+
+- Added support for SHA1, SHA256, and SHA512 digests in file checksums.  While
+  This tends to be overkill, if someone needs it, it is available.  These
+  overly-long checksums are at the lowest priority in the normal checksum
+  negotation list.
 
 ### PACKAGING RELATED:
 

diff --git a/checksum.c b/checksum.c
index 4fa8faa073a655339c24d01310858a986c2e57ca..68ea0fa004ef0a057ad8c8b62e3680fa16bc1205 100644 (file)
--- a/checksum.c
+++ b/checksum.c
@@ -57,6 +57,15 @@ struct name_num_item valid_checksums_items[] = {
 #endif
        { CSUM_MD5, NNI_BUILTIN|NNI_EVP, "md5", NULL },
        { CSUM_MD4, NNI_BUILTIN|NNI_EVP, "md4", NULL },
+#ifdef SHA_DIGEST_LENGTH
+       { CSUM_SHA1, NNI_EVP, "sha1", NULL },
+#endif
+#ifdef SHA256_DIGEST_LENGTH
+       { CSUM_SHA256, NNI_EVP, "sha256", NULL },
+#endif
+#ifdef SHA512_DIGEST_LENGTH
+       { CSUM_SHA512, NNI_EVP, "sha512", NULL },
+#endif
        { CSUM_NONE, 0, "none", NULL },
        { 0, 0, NULL, NULL }
 };
@@ -66,6 +75,15 @@ struct name_num_obj valid_checksums = {
 };
 
 struct name_num_item valid_auth_checksums_items[] = {
+#ifdef SHA512_DIGEST_LENGTH
+       { CSUM_SHA512, NNI_EVP, "sha512", NULL },
+#endif
+#ifdef SHA256_DIGEST_LENGTH
+       { CSUM_SHA256, NNI_EVP, "sha256", NULL },
+#endif
+#ifdef SHA_DIGEST_LENGTH
+       { CSUM_SHA1, NNI_EVP, "sha1", NULL },
+#endif
        { CSUM_MD5, NNI_BUILTIN|NNI_EVP, "md5", NULL },
        { CSUM_MD4, NNI_BUILTIN|NNI_EVP, "md4", NULL },
        { 0, 0, NULL, NULL }
@@ -211,6 +229,18 @@ int csum_len_for_type(int cst, BOOL flist_csum)
                return MD4_DIGEST_LEN;
          case CSUM_MD5:
                return MD5_DIGEST_LEN;
+#ifdef SHA_DIGEST_LENGTH
+         case CSUM_SHA1:
+               return SHA_DIGEST_LENGTH;
+#endif
+#ifdef SHA256_DIGEST_LENGTH
+         case CSUM_SHA256:
+               return SHA256_DIGEST_LENGTH;
+#endif
+#ifdef SHA512_DIGEST_LENGTH
+         case CSUM_SHA512:
+               return SHA512_DIGEST_LENGTH;
+#endif
          case CSUM_XXH64:
          case CSUM_XXH3_64:
                return 64/8;
@@ -236,6 +266,9 @@ int canonical_checksum(int csum_type)
                break;
          case CSUM_MD4:
          case CSUM_MD5:
+         case CSUM_SHA1:
+         case CSUM_SHA256:
+         case CSUM_SHA512:
                return -1;
          case CSUM_XXH64:
          case CSUM_XXH3_64:

diff --git a/lib/md-defines.h b/lib/md-defines.h
index 5adf19f80dba4d10dd0ba5693fc490a3d4a2b455..6ef6a6897cb3f01524e50fcc459c1d70cb7bc1be 100644 (file)
--- a/lib/md-defines.h
+++ b/lib/md-defines.h
@@ -1,8 +1,24 @@
 /* Keep this simple so both C and ASM can use it */
 
+/* These allow something like CFLAGS=-DDISABLE_SHA512_DIGEST */
+#ifdef DISABLE_SHA256_DIGEST
+#undef SHA256_DIGEST_LENGTH
+#endif
+#ifdef DISABLE_SHA512_DIGEST
+#undef SHA512_DIGEST_LENGTH
+#endif
+
 #define MD4_DIGEST_LEN 16
 #define MD5_DIGEST_LEN 16
+#if defined SHA512_DIGEST_LENGTH
+#define MAX_DIGEST_LEN SHA512_DIGEST_LENGTH
+#elif defined SHA256_DIGEST_LENGTH
+#define MAX_DIGEST_LEN SHA256_DIGEST_LENGTH
+#elif defined SHA_DIGEST_LENGTH
+#define MAX_DIGEST_LEN SHA_DIGEST_LENGTH
+#else
 #define MAX_DIGEST_LEN MD5_DIGEST_LEN
+#endif
 
 #define CSUM_CHUNK 64
 
@@ -16,3 +32,6 @@
 #define CSUM_XXH64 6
 #define CSUM_XXH3_64 7
 #define CSUM_XXH3_128 8
+#define CSUM_SHA1 9
+#define CSUM_SHA256 10
+#define CSUM_SHA512 11

diff --git a/lib/mdigest.h b/lib/mdigest.h
index 1e81690162956c6431fd1660d76bdaf5b2e0cfe2..9d52ef5f422f6684f45a9245b9106b30c931351f 100644 (file)
--- a/lib/mdigest.h
+++ b/lib/mdigest.h
@@ -1,6 +1,7 @@
 /* The include file for both the MD4 and MD5 routines. */
 
 #ifdef USE_OPENSSL
+#include <openssl/sha.h>
 #include <openssl/evp.h>
 #endif
 #include "md-defines.h"

diff --git a/rsync.1.md b/rsync.1.md
index c62e82ea0241d5317847ca4eb7ff69cc32033f10..bd9182a71e86a8d902c2af84ded0c3fd1a7c37dc 100644 (file)
--- a/rsync.1.md
+++ b/rsync.1.md
@@ -1727,6 +1727,9 @@ expand it.
     - `xxh64` (aka `xxhash`)
     - `md5`
     - `md4`
+    - `sha1`
+    - `sha256`
+    - `sha512`
     - `none`
 
     Run `rsync --version` to see the default checksum list compiled into your