From: Wayne Davison <wayne@opencoder.net>
Date: Sat, 10 Sep 2022 17:23:36 +0000 (-0700)
Subject: Add support for various SHA checksum digests
X-Git-Tag: v3.2.7pre1~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ae16850dc58e884eb9f5cb7f772342b2db28f471;p=thirdparty%2Frsync.git

Add support for various SHA checksum digests

The main purpose of the SHA checksums are to allow the daemon auth code
to pick a stonger digest method when negotiating the auth digest to use.
However, the SHA digests are also available for use in file checksums,
should someon really want to use one of them.

The new digests are listed from strongest to weakest at the start of the
daemon auth list, giving them the highest priority.

The new digests are listed from weakest to strongest near the end of the
checksum list, giving them the lowest priority of use for file
checksums.
---

diff --git a/NEWS.md b/NEWS.md
index cbeb31b7f..3535e21b6 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -9,7 +9,13 @@
 ### ENHANCEMENTS:
 
 - Added negotiated daemon-auth support that allows a stronger checksum digest
-  to be used.
+  to be used.  Added SHA512, SHA256, and SHA1 digests to MD5 & MD4.  These new
+  digests are at the highest priority in the new negotiation list.
+
+- Added support for SHA1, SHA256, and SHA512 digests in file checksums.  While
+  This tends to be overkill, if someone needs it, it is available.  These
+  overly-long checksums are at the lowest priority in the normal checksum
+  negotation list.
 
 ### PACKAGING RELATED:
 
diff --git a/checksum.c b/checksum.c
index 4fa8faa07..68ea0fa00 100644
--- a/checksum.c
+++ b/checksum.c
@@ -57,6 +57,15 @@ struct name_num_item valid_checksums_items[] = {
 #endif
 	{ CSUM_MD5, NNI_BUILTIN|NNI_EVP, "md5", NULL },
 	{ CSUM_MD4, NNI_BUILTIN|NNI_EVP, "md4", NULL },
+#ifdef SHA_DIGEST_LENGTH
+	{ CSUM_SHA1, NNI_EVP, "sha1", NULL },
+#endif
+#ifdef SHA256_DIGEST_LENGTH
+	{ CSUM_SHA256, NNI_EVP, "sha256", NULL },
+#endif
+#ifdef SHA512_DIGEST_LENGTH
+	{ CSUM_SHA512, NNI_EVP, "sha512", NULL },
+#endif
 	{ CSUM_NONE, 0, "none", NULL },
 	{ 0, 0, NULL, NULL }
 };
@@ -66,6 +75,15 @@ struct name_num_obj valid_checksums = {
 };
 
 struct name_num_item valid_auth_checksums_items[] = {
+#ifdef SHA512_DIGEST_LENGTH
+	{ CSUM_SHA512, NNI_EVP, "sha512", NULL },
+#endif
+#ifdef SHA256_DIGEST_LENGTH
+	{ CSUM_SHA256, NNI_EVP, "sha256", NULL },
+#endif
+#ifdef SHA_DIGEST_LENGTH
+	{ CSUM_SHA1, NNI_EVP, "sha1", NULL },
+#endif
 	{ CSUM_MD5, NNI_BUILTIN|NNI_EVP, "md5", NULL },
 	{ CSUM_MD4, NNI_BUILTIN|NNI_EVP, "md4", NULL },
 	{ 0, 0, NULL, NULL }
@@ -211,6 +229,18 @@ int csum_len_for_type(int cst, BOOL flist_csum)
 		return MD4_DIGEST_LEN;
 	  case CSUM_MD5:
 		return MD5_DIGEST_LEN;
+#ifdef SHA_DIGEST_LENGTH
+	  case CSUM_SHA1:
+		return SHA_DIGEST_LENGTH;
+#endif
+#ifdef SHA256_DIGEST_LENGTH
+	  case CSUM_SHA256:
+		return SHA256_DIGEST_LENGTH;
+#endif
+#ifdef SHA512_DIGEST_LENGTH
+	  case CSUM_SHA512:
+		return SHA512_DIGEST_LENGTH;
+#endif
 	  case CSUM_XXH64:
 	  case CSUM_XXH3_64:
 		return 64/8;
@@ -236,6 +266,9 @@ int canonical_checksum(int csum_type)
 		break;
 	  case CSUM_MD4:
 	  case CSUM_MD5:
+	  case CSUM_SHA1:
+	  case CSUM_SHA256:
+	  case CSUM_SHA512:
 		return -1;
 	  case CSUM_XXH64:
 	  case CSUM_XXH3_64:
diff --git a/lib/md-defines.h b/lib/md-defines.h
index 5adf19f80..6ef6a6897 100644
--- a/lib/md-defines.h
+++ b/lib/md-defines.h
@@ -1,8 +1,24 @@
 /* Keep this simple so both C and ASM can use it */
 
+/* These allow something like CFLAGS=-DDISABLE_SHA512_DIGEST */
+#ifdef DISABLE_SHA256_DIGEST
+#undef SHA256_DIGEST_LENGTH
+#endif
+#ifdef DISABLE_SHA512_DIGEST
+#undef SHA512_DIGEST_LENGTH
+#endif
+
 #define MD4_DIGEST_LEN 16
 #define MD5_DIGEST_LEN 16
+#if defined SHA512_DIGEST_LENGTH
+#define MAX_DIGEST_LEN SHA512_DIGEST_LENGTH
+#elif defined SHA256_DIGEST_LENGTH
+#define MAX_DIGEST_LEN SHA256_DIGEST_LENGTH
+#elif defined SHA_DIGEST_LENGTH
+#define MAX_DIGEST_LEN SHA_DIGEST_LENGTH
+#else
 #define MAX_DIGEST_LEN MD5_DIGEST_LEN
+#endif
 
 #define CSUM_CHUNK 64
 
@@ -16,3 +32,6 @@
 #define CSUM_XXH64 6
 #define CSUM_XXH3_64 7
 #define CSUM_XXH3_128 8
+#define CSUM_SHA1 9
+#define CSUM_SHA256 10
+#define CSUM_SHA512 11
diff --git a/lib/mdigest.h b/lib/mdigest.h
index 1e8169016..9d52ef5f4 100644
--- a/lib/mdigest.h
+++ b/lib/mdigest.h
@@ -1,6 +1,7 @@
 /* The include file for both the MD4 and MD5 routines. */
 
 #ifdef USE_OPENSSL
+#include <openssl/sha.h>
 #include <openssl/evp.h>
 #endif
 #include "md-defines.h"
diff --git a/rsync.1.md b/rsync.1.md
index c62e82ea0..bd9182a71 100644
--- a/rsync.1.md
+++ b/rsync.1.md
@@ -1727,6 +1727,9 @@ expand it.
     - `xxh64` (aka `xxhash`)
     - `md5`
     - `md4`
+    - `sha1`
+    - `sha256`
+    - `sha512`
     - `none`
 
     Run `rsync --version` to see the default checksum list compiled into your