File rsync-fix-daemon-proto-32.patch of Package rsync.38013
commit 7e2711bb2b4b30bc842dd8670c34a87e2ca0c2df
Author: Wayne Davison <wayne@opencoder.net>
Date: Sat Sep 10 09:43:47 2022 -0700
Improve various things in the checksum code
- Size flist checksum data to hold the active size, not the max.
- Add a negotiated hash method to the daemon auth code.
- Use EVP for all openssl digests. This makes it easy to add more
openssl digest methods and avoids deprecation warnings.
- Support a way to re-enable deprecated digests via openssl conf
file and allow a default file to be configured.
- Supply a simple openssl-rsync.cnf file to enable legacy digests.
Index: rsync-3.2.3/NEWS.md
===================================================================
--- rsync-3.2.3.orig/NEWS.md
+++ rsync-3.2.3/NEWS.md
@@ -102,6 +102,28 @@
- Use a C99 Flexible Array for a trailing variable-size filename in a struct
(with a fallback to the old 1-char string kluge for older compilers).
+### ENHANCEMENTS:
+
+- Added negotiated daemon-auth support that allows a stronger checksum digest
+ to be used.
+
+### PACKAGING RELATED:
+
+- The checksum code now uses openssl's EVP methods, which gets rid of various
+ deprecation warnings and makes it easy to support more digest methods. On
+ newer systems, the MD4 digest is marked as legacy in the openssl code, which
+ makes openssl refuse to support it via EVP. You can just ignore this and
+ allow the included MD4 code to be used for older rsync connections (when
+ talking to an rsync prior to 3.0.0) or you can configure rsync to tell
+ openssl to enable legacy algorithms (see below).
+
+- A simple openssl config file is supplied that can be optionally installed for
+ rsync to use. If you install packaging/openssl-rsync.cnf to a public spot
+ (such as ` /etc/ssl/openssl-rsync.cnf` or similar) and then configure rsync
+ using `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export
+ the configured path in the OPENSSL_CONF environment variable (when it is not
+ already set). This will enable openssl's MD4 code for rsync to use.
+
------------------------------------------------------------------------------
<a name="3.2.2"></a>
Index: rsync-3.2.3/authenticate.c
===================================================================
--- rsync-3.2.3.orig/authenticate.c
+++ rsync-3.2.3/authenticate.c
@@ -24,6 +24,7 @@
extern int read_only;
extern char *password_file;
+extern struct name_num_obj valid_auth_checksums;
/***************************************************************************
encode a buffer using base64 - simple and slow algorithm. null terminates
@@ -72,9 +73,9 @@ static void gen_challenge(const char *ad
SIVAL(input, 20, tv.tv_usec);
SIVAL(input, 24, getpid());
- sum_init(-1, 0);
+ len = sum_init(valid_auth_checksums.negotiated_nni, 0);
sum_update(input, sizeof input);
- len = sum_end(digest);
+ sum_end(digest);
base64_encode(digest, len, challenge, 0);
}
@@ -86,10 +87,10 @@ static void generate_hash(const char *in
char buf[MAX_DIGEST_LEN];
int len;
- sum_init(-1, 0);
+ len = sum_init(valid_auth_checksums.negotiated_nni, 0);
sum_update(in, strlen(in));
sum_update(challenge, strlen(challenge));
- len = sum_end(buf);
+ sum_end(buf);
base64_encode(buf, len, out, 0);
}
@@ -238,6 +239,7 @@ char *auth_server(int f_in, int f_out, i
if (!users || !*users)
return "";
+ negotiate_daemon_auth(f_out, 0);
gen_challenge(addr, challenge);
io_printf(f_out, "%s%s\n", leader, challenge);
@@ -350,6 +352,7 @@ void auth_client(int fd, const char *use
if (!user || !*user)
user = "nobody";
+ negotiate_daemon_auth(-1, 1);
if (!(pass = getpassf(password_file))
&& !(pass = getenv("RSYNC_PASSWORD"))) {
Index: rsync-3.2.3/checksum.c
===================================================================
--- rsync-3.2.3.orig/checksum.c
+++ rsync-3.2.3/checksum.c
@@ -42,41 +42,87 @@ extern int protocol_version;
extern int proper_seed_order;
extern const char *checksum_choice;
-struct name_num_obj valid_checksums = {
- "checksum", NULL, NULL, 0, 0, {
+
+#define NNI_BUILTIN (1<<0)
+#define NNI_EVP (1<<1)
+#define NNI_EVP_OK (1<<2)
+
+
+struct name_num_item valid_checksums_items[] = {
#ifdef SUPPORT_XXH3
- { CSUM_XXH3_128, "xxh128", NULL },
- { CSUM_XXH3_64, "xxh3", NULL },
+ { CSUM_XXH3_128, 0, "xxh128", NULL },
+ { CSUM_XXH3_64, 0, "xxh3", NULL },
#endif
#ifdef SUPPORT_XXHASH
- { CSUM_XXH64, "xxh64", NULL },
- { CSUM_XXH64, "xxhash", NULL },
+ { CSUM_XXH64, 0, "xxh64", NULL },
+ { CSUM_XXH64, 0, "xxhash", NULL },
#endif
- { CSUM_MD5, "md5", NULL },
- { CSUM_MD4, "md4", NULL },
- { CSUM_NONE, "none", NULL },
- { 0, NULL, NULL }
- }
+ { CSUM_MD5, NNI_BUILTIN|NNI_EVP, "md5", NULL },
+ { CSUM_MD4, NNI_BUILTIN|NNI_EVP, "md4", NULL },
+#ifdef SHA_DIGEST_LENGTH
+ { CSUM_SHA1, NNI_EVP, "sha1", NULL },
+#endif
+ { CSUM_NONE, 0, "none", NULL },
+ { 0, 0, NULL, NULL }
};
-int xfersum_type = 0; /* used for the file transfer checksums */
-int checksum_type = 0; /* used for the pre-transfer (--checksum) checksums */
+struct name_num_obj valid_checksums = {
+ "checksum", NULL, 0, 0, valid_checksums_items
+};
+
+struct name_num_item valid_auth_checksums_items[] = {
+ { CSUM_MD5, NNI_BUILTIN|NNI_EVP, "md5", NULL },
+ { CSUM_MD4, NNI_BUILTIN|NNI_EVP, "md4", NULL },
+ { 0, 0, NULL, NULL }
+};
+
+struct name_num_obj valid_auth_checksums = {
+ "daemon auth checksum", NULL, 0, 0, valid_auth_checksums_items
+};
+
+
+/* These cannot make use of openssl, so they're marked just as built-in */
+struct name_num_item implied_checksum_md4 =
+ { CSUM_MD4, NNI_BUILTIN, "md4", NULL };
+struct name_num_item implied_checksum_md5 =
+ { CSUM_MD5, NNI_BUILTIN, "md5", NULL };
+
+struct name_num_item *xfer_sum_nni; /* used for the transfer checksum2 computations */
+const EVP_MD *xfer_sum_evp_md;
+int xfer_sum_len;
+struct name_num_item *file_sum_nni; /* used for the pre-transfer --checksum computations */
+const EVP_MD *file_sum_evp_md;
+int file_sum_len;
-int parse_csum_name(const char *name, int len)
+#ifdef USE_OPENSSL
+EVP_MD_CTX *ctx_evp = NULL;
+#endif
+static int initialized_choices = 0;
+
+struct name_num_item *parse_csum_name(const char *name, int len)
{
struct name_num_item *nni;
if (len < 0 && name)
len = strlen(name);
+ init_checksum_choices();
+
if (!name || (len == 4 && strncasecmp(name, "auto", 4) == 0)) {
- if (protocol_version >= 30)
- return CSUM_MD5;
- if (protocol_version >= 27)
- return CSUM_MD4_OLD;
- if (protocol_version >= 21)
- return CSUM_MD4_BUSTED;
- return CSUM_MD4_ARCHAIC;
+ if (protocol_version >= 30) {
+ if (!proper_seed_order)
+ return &implied_checksum_md5;
+ name = "md5";
+ len = 3;
+ } else {
+ if (protocol_version >= 27)
+ implied_checksum_md4.num = CSUM_MD4_OLD;
+ else if (protocol_version >= 21)
+ implied_checksum_md4.num = CSUM_MD4_BUSTED;
+ else
+ implied_checksum_md4.num = CSUM_MD4_ARCHAIC;
+ return &implied_checksum_md4;
+ }
}
nni = get_nni_by_name(&valid_checksums, name, len);
@@ -86,44 +132,72 @@ int parse_csum_name(const char *name, in
exit_cleanup(RERR_UNSUPPORTED);
}
- return nni->num;
+ return nni;
}
-static const char *checksum_name(int num)
+static const EVP_MD *csum_evp_md(struct name_num_item *nni)
{
- struct name_num_item *nni = get_nni_by_num(&valid_checksums, num);
-
- return nni ? nni->name : num < CSUM_MD4 ? "md4" : "UNKNOWN";
+#ifdef USE_OPENSSL
+ const EVP_MD *emd;
+ if (!(nni->flags & NNI_EVP))
+ return NULL;
+
+#ifdef USE_MD5_ASM
+ if (nni->num == CSUM_MD5)
+ emd = NULL;
+ else
+#endif
+ emd = EVP_get_digestbyname(nni->name);
+ if (emd && !(nni->flags & NNI_EVP_OK)) { /* Make sure it works before we advertise it */
+ if (!ctx_evp && !(ctx_evp = EVP_MD_CTX_create()))
+ out_of_memory("csum_evp_md");
+ /* Some routines are marked as legacy and are not enabled in the openssl.cnf file.
+ * If we can't init the emd, we'll fall back to our built-in code. */
+ if (EVP_DigestInit_ex(ctx_evp, emd, NULL) == 0)
+ emd = NULL;
+ else
+ nni->flags = (nni->flags & ~NNI_BUILTIN) | NNI_EVP_OK;
+ }
+ if (!emd)
+ nni->flags &= ~NNI_EVP;
+ return emd;
+#else
+ return NULL;
+#endif
}
void parse_checksum_choice(int final_call)
{
- if (valid_checksums.negotiated_name)
- xfersum_type = checksum_type = valid_checksums.negotiated_num;
+ if (valid_checksums.negotiated_nni)
+ xfer_sum_nni = file_sum_nni = valid_checksums.negotiated_nni;
else {
char *cp = checksum_choice ? strchr(checksum_choice, ',') : NULL;
if (cp) {
- xfersum_type = parse_csum_name(checksum_choice, cp - checksum_choice);
- checksum_type = parse_csum_name(cp+1, -1);
+ xfer_sum_nni = parse_csum_name(checksum_choice, cp - checksum_choice);
+ file_sum_nni = parse_csum_name(cp+1, -1);
} else
- xfersum_type = checksum_type = parse_csum_name(checksum_choice, -1);
+ xfer_sum_nni = file_sum_nni = parse_csum_name(checksum_choice, -1);
if (am_server && checksum_choice)
- validate_choice_vs_env(NSTR_CHECKSUM, xfersum_type, checksum_type);
+ validate_choice_vs_env(NSTR_CHECKSUM, xfer_sum_nni->num, file_sum_nni->num);
}
+ xfer_sum_len = csum_len_for_type(xfer_sum_nni->num, 0);
+ file_sum_len = csum_len_for_type(file_sum_nni->num, 0);
+ xfer_sum_evp_md = csum_evp_md(xfer_sum_nni);
+ file_sum_evp_md = csum_evp_md(file_sum_nni);
- if (xfersum_type == CSUM_NONE)
+ if (xfer_sum_nni->num == CSUM_NONE)
whole_file = 1;
/* Snag the checksum name for both write_batch's option output & the following debug output. */
- if (valid_checksums.negotiated_name)
- checksum_choice = valid_checksums.negotiated_name;
+ if (valid_checksums.negotiated_nni)
+ checksum_choice = valid_checksums.negotiated_nni->name;
else if (checksum_choice == NULL)
- checksum_choice = checksum_name(xfersum_type);
+ checksum_choice = xfer_sum_nni->name;
if (final_call && DEBUG_GTE(NSTR, am_server ? 3 : 1)) {
rprintf(FINFO, "%s%s checksum: %s\n",
am_server ? "Server" : "Client",
- valid_checksums.negotiated_name ? " negotiated" : "",
+ valid_checksums.negotiated_nni ? " negotiated" : "",
checksum_choice);
}
}
@@ -204,7 +278,22 @@ uint32 get_checksum1(char *buf1, int32 l
void get_checksum2(char *buf, int32 len, char *sum)
{
- switch (xfersum_type) {
+#ifdef USE_OPENSSL
+ if (xfer_sum_evp_md) {
+ static EVP_MD_CTX *evp = NULL;
+ uchar seedbuf[4];
+ if (!evp && !(evp = EVP_MD_CTX_create()))
+ out_of_memory("get_checksum2");
+ EVP_DigestInit_ex(evp, xfer_sum_evp_md, NULL);
+ if (checksum_seed) {
+ SIVALu(seedbuf, 0, checksum_seed);
+ EVP_DigestUpdate(evp, seedbuf, 4);
+ }
+ EVP_DigestUpdate(evp, (uchar *)buf, len);
+ EVP_DigestFinal_ex(evp, (uchar *)sum, NULL);
+ } else
+#endif
+ switch (xfer_sum_nni->num) {
#ifdef SUPPORT_XXHASH
case CSUM_XXH64:
SIVAL64(sum, 0, XXH64(buf, len, checksum_seed));
@@ -222,7 +311,7 @@ void get_checksum2(char *buf, int32 len,
}
#endif
case CSUM_MD5: {
- MD5_CTX m5;
+ md_context m5;
uchar seedbuf[4];
MD5_Init(&m5);
if (proper_seed_order) {
@@ -242,20 +331,6 @@ void get_checksum2(char *buf, int32 len,
break;
}
case CSUM_MD4:
-#ifdef USE_OPENSSL
- {
- MD4_CTX m4;
- MD4_Init(&m4);
- MD4_Update(&m4, (uchar *)buf, len);
- if (checksum_seed) {
- uchar seedbuf[4];
- SIVALu(seedbuf, 0, checksum_seed);
- MD4_Update(&m4, seedbuf, 4);
- }
- MD4_Final((uchar *)sum, &m4);
- break;
- }
-#endif
case CSUM_MD4_OLD:
case CSUM_MD4_BUSTED:
case CSUM_MD4_ARCHAIC: {
@@ -288,7 +363,7 @@ void get_checksum2(char *buf, int32 len,
* are multiples of 64. This is fixed by calling mdfour_update()
* even when there are no more bytes.
*/
- if (len - i > 0 || xfersum_type > CSUM_MD4_BUSTED)
+ if (len - i > 0 || xfer_sum_nni->num > CSUM_MD4_BUSTED)
mdfour_update(&m, (uchar *)(buf1+i), len-i);
mdfour_result(&m, (uchar *)sum);
@@ -306,15 +381,33 @@ void file_checksum(const char *fname, co
int32 remainder;
int fd;
- memset(sum, 0, MAX_DIGEST_LEN);
-
fd = do_open_checklinks(fname);
- if (fd == -1)
+ if (fd == -1) {
+ memset(sum,0,file_sum_len);
return;
+ }
buf = map_file(fd, len, MAX_MAP_SIZE, CHUNK_SIZE);
- switch (checksum_type) {
+#ifdef USE_OPENSSL
+ if (file_sum_evp_md) {
+ static EVP_MD_CTX *evp = NULL;
+ if (!evp && !(evp = EVP_MD_CTX_create()))
+ out_of_memory("file_checksum");
+
+ EVP_DigestInit_ex(evp, file_sum_evp_md, NULL);
+
+ for (i = 0; i + CHUNK_SIZE <= len; i += CHUNK_SIZE)
+ EVP_DigestUpdate(evp, (uchar *)map_ptr(buf, i, CHUNK_SIZE), CHUNK_SIZE);
+
+ remainder = (int32)(len - i);
+ if (remainder > 0)
+ EVP_DigestUpdate(evp, (uchar *)map_ptr(buf, i, remainder), remainder);
+
+ EVP_DigestFinal_ex(evp, (uchar *)sum, NULL);
+ } else
+#endif
+ switch (file_sum_nni->num) {
#ifdef SUPPORT_XXHASH
case CSUM_XXH64: {
static XXH64_state_t* state = NULL;
@@ -374,7 +467,7 @@ void file_checksum(const char *fname, co
}
#endif
case CSUM_MD5: {
- MD5_CTX m5;
+ md_context m5;
MD5_Init(&m5);
@@ -389,23 +482,6 @@ void file_checksum(const char *fname, co
break;
}
case CSUM_MD4:
-#ifdef USE_OPENSSL
- {
- MD4_CTX m4;
-
- MD4_Init(&m4);
-
- for (i = 0; i + CHUNK_SIZE <= len; i += CHUNK_SIZE)
- MD4_Update(&m4, (uchar *)map_ptr(buf, i, CHUNK_SIZE), CHUNK_SIZE);
-
- remainder = (int32)(len - i);
- if (remainder > 0)
- MD4_Update(&m4, (uchar *)map_ptr(buf, i, remainder), remainder);
-
- MD4_Final((uchar *)sum, &m4);
- break;
- }
-#endif
case CSUM_MD4_OLD:
case CSUM_MD4_BUSTED:
case CSUM_MD4_ARCHAIC: {
@@ -421,7 +497,7 @@ void file_checksum(const char *fname, co
* are multiples of 64. This is fixed by calling mdfour_update()
* even when there are no more bytes. */
remainder = (int32)(len - i);
- if (remainder > 0 || checksum_type > CSUM_MD4_BUSTED)
+ if (remainder > 0 || file_sum_nni->num > CSUM_MD4_BUSTED)
mdfour_update(&m, (uchar *)map_ptr(buf, i, remainder), remainder);
mdfour_result(&m, (uchar *)sum);
@@ -429,7 +505,7 @@ void file_checksum(const char *fname, co
}
default:
rprintf(FERROR, "Invalid checksum-choice for --checksum: %s (%d)\n",
- checksum_name(checksum_type), checksum_type);
+ file_sum_nni->name, file_sum_nni->num);
exit_cleanup(RERR_UNSUPPORTED);
}
@@ -438,30 +514,34 @@ void file_checksum(const char *fname, co
}
static int32 sumresidue;
-static union {
- md_context md;
-#ifdef USE_OPENSSL
- MD4_CTX m4;
-#endif
- MD5_CTX m5;
-} ctx;
+static md_context ctx_md;
#ifdef SUPPORT_XXHASH
static XXH64_state_t* xxh64_state;
#endif
#ifdef SUPPORT_XXH3
static XXH3_state_t* xxh3_state;
#endif
-static int cursum_type;
+static struct name_num_item *cur_sum_nni;
+static const EVP_MD *cur_sum_evp_md;
+int cur_sum_len;
-void sum_init(int csum_type, int seed)
+int sum_init(struct name_num_item *nni, int seed)
{
char s[4];
+ if (!nni)
+ nni = parse_csum_name(NULL, 0);
+ cur_sum_nni = nni;
+ cur_sum_len = csum_len_for_type(nni->num, 0);
+ cur_sum_evp_md = csum_evp_md(nni);
- if (csum_type < 0)
- csum_type = parse_csum_name(NULL, 0);
- cursum_type = csum_type;
-
- switch (csum_type) {
+#ifdef USE_OPENSSL
+ if (cur_sum_evp_md) {
+ if (!ctx_evp && !(ctx_evp = EVP_MD_CTX_create()))
+ out_of_memory("file_checksum");
+ EVP_DigestInit_ex(ctx_evp, cur_sum_evp_md, NULL);
+ } else
+#endif
+ switch (cur_sum_nni->num) {
#ifdef SUPPORT_XXHASH
case CSUM_XXH64:
if (!xxh64_state && !(xxh64_state = XXH64_createState()))
@@ -482,20 +562,16 @@ void sum_init(int csum_type, int seed)
break;
#endif
case CSUM_MD5:
- MD5_Init(&ctx.m5);
+ MD5_Init(&ctx_md);
break;
case CSUM_MD4:
-#ifdef USE_OPENSSL
- MD4_Init(&ctx.m4);
-#else
- mdfour_begin(&ctx.md);
+ mdfour_begin(&ctx_md);
sumresidue = 0;
-#endif
break;
case CSUM_MD4_OLD:
case CSUM_MD4_BUSTED:
case CSUM_MD4_ARCHAIC:
- mdfour_begin(&ctx.md);
+ mdfour_begin(&ctx_md);
sumresidue = 0;
SIVAL(s, 0, seed);
sum_update(s, 4);
@@ -505,6 +581,8 @@ void sum_init(int csum_type, int seed)
default: /* paranoia to prevent missing case values */
exit_cleanup(RERR_UNSUPPORTED);
}
+
+ return cur_sum_len;
}
/**
@@ -517,7 +595,12 @@ void sum_init(int csum_type, int seed)
**/
void sum_update(const char *p, int32 len)
{
- switch (cursum_type) {
+#ifdef USE_OPENSSL
+ if (cur_sum_evp_md) {
+ EVP_DigestUpdate(ctx_evp, (uchar *)p, len);
+ } else
+#endif
+ switch (cur_sum_nni->num) {
#ifdef SUPPORT_XXHASH
case CSUM_XXH64:
XXH64_update(xxh64_state, p, len);
@@ -532,39 +615,35 @@ void sum_update(const char *p, int32 len
break;
#endif
case CSUM_MD5:
- MD5_Update(&ctx.m5, (uchar *)p, len);
+ MD5_Update(&ctx_md, (uchar *)p, len);
break;
case CSUM_MD4:
-#ifdef USE_OPENSSL
- MD4_Update(&ctx.m4, (uchar *)p, len);
- break;
-#endif
case CSUM_MD4_OLD:
case CSUM_MD4_BUSTED:
case CSUM_MD4_ARCHAIC:
if (len + sumresidue < CSUM_CHUNK) {
- memcpy(ctx.md.buffer + sumresidue, p, len);
+ memcpy(ctx_md.buffer + sumresidue, p, len);
sumresidue += len;
break;
}
if (sumresidue) {
int32 i = CSUM_CHUNK - sumresidue;
- memcpy(ctx.md.buffer + sumresidue, p, i);
- mdfour_update(&ctx.md, (uchar *)ctx.md.buffer, CSUM_CHUNK);
+ memcpy(ctx_md.buffer + sumresidue, p, i);
+ mdfour_update(&ctx_md, (uchar *)ctx_md.buffer, CSUM_CHUNK);
len -= i;
p += i;
}
while (len >= CSUM_CHUNK) {
- mdfour_update(&ctx.md, (uchar *)p, CSUM_CHUNK);
+ mdfour_update(&ctx_md, (uchar *)p, CSUM_CHUNK);
len -= CSUM_CHUNK;
p += CSUM_CHUNK;
}
sumresidue = len;
if (sumresidue)
- memcpy(ctx.md.buffer, p, sumresidue);
+ memcpy(ctx_md.buffer, p, sumresidue);
break;
case CSUM_NONE:
break;
@@ -573,13 +652,18 @@ void sum_update(const char *p, int32 len
}
}
-/* NOTE: all the callers of sum_end() pass in a pointer to a buffer that is
- * MAX_DIGEST_LEN in size, so even if the csum-len is shorter that that (i.e.
- * CSUM_MD4_ARCHAIC), we don't have to worry about limiting the data we write
- * into the "sum" buffer. */
-int sum_end(char *sum)
+/* The sum buffer only needs to be as long as the current checksum's digest
+ * len, not MAX_DIGEST_LEN. Note that for CSUM_MD4_ARCHAIC that is the full
+ * MD4_DIGEST_LEN even if the file-list code is going to ignore all but the
+ * first 2 bytes of it. */
+void sum_end(char *sum)
{
- switch (cursum_type) {
+#ifdef USE_OPENSSL
+ if (cur_sum_evp_md) {
+ EVP_DigestFinal_ex(ctx_evp, (uchar *)sum, NULL);
+ } else
+#endif
+ switch (cur_sum_nni->num) {
#ifdef SUPPORT_XXHASH
case CSUM_XXH64:
SIVAL64(sum, 0, XXH64_digest(xxh64_state));
@@ -597,22 +681,18 @@ int sum_end(char *sum)
}
#endif
case CSUM_MD5:
- MD5_Final((uchar *)sum, &ctx.m5);
+ MD5_Final((uchar *)sum, &ctx_md);
break;
case CSUM_MD4:
-#ifdef USE_OPENSSL
- MD4_Final((uchar *)sum, &ctx.m4);
- break;
-#endif
case CSUM_MD4_OLD:
- mdfour_update(&ctx.md, (uchar *)ctx.md.buffer, sumresidue);
- mdfour_result(&ctx.md, (uchar *)sum);
+ mdfour_update(&ctx_md, (uchar *)ctx_md.buffer, sumresidue);
+ mdfour_result(&ctx_md, (uchar *)sum);
break;
case CSUM_MD4_BUSTED:
case CSUM_MD4_ARCHAIC:
if (sumresidue)
- mdfour_update(&ctx.md, (uchar *)ctx.md.buffer, sumresidue);
- mdfour_result(&ctx.md, (uchar *)sum);
+ mdfour_update(&ctx_md, (uchar *)ctx_md.buffer, sumresidue);
+ mdfour_result(&ctx_md, (uchar *)sum);
break;
case CSUM_NONE:
*sum = '\0';
@@ -620,6 +700,72 @@ int sum_end(char *sum)
default: /* paranoia to prevent missing case values */
exit_cleanup(RERR_UNSUPPORTED);
}
+}
+
+#if defined SUPPORT_XXH3 || defined USE_OPENSSL
+static void verify_digest(struct name_num_item *nni, BOOL check_auth_list)
+{
+#ifdef SUPPORT_XXH3
+ static int xxh3_result = 0;
+#endif
+#ifdef USE_OPENSSL
+ static int prior_num = 0, prior_flags = 0, prior_result = 0;
+#endif
+
+#ifdef SUPPORT_XXH3
+ if (nni->num == CSUM_XXH3_64 || nni->num == CSUM_XXH3_128) {
+ if (!xxh3_result) {
+ char buf[32816];
+ int j;
+ for (j = 0; j < (int)sizeof buf; j++)
+ buf[j] = ' ' + (j % 96);
+ sum_init(nni, 0);
+ sum_update(buf, 32816);
+ sum_update(buf, 31152);
+ sum_update(buf, 32474);
+ sum_update(buf, 9322);
+ xxh3_result = XXH3_64bits_digest(xxh3_state) != 0xadbcf16d4678d1de ? -1 : 1;
+ }
+ if (xxh3_result < 0)
+ nni->num = CSUM_gone;
+ return;
+ }
+#endif
- return csum_len_for_type(cursum_type, 0);
+#ifdef USE_OPENSSL
+ if (BITS_SETnUNSET(nni->flags, NNI_EVP, NNI_BUILTIN|NNI_EVP_OK)) {
+ if (nni->num == prior_num && nni->flags == prior_flags) {
+ nni->flags = prior_result;
+ if (!(nni->flags & NNI_EVP))
+ nni->num = CSUM_gone;
+ } else {
+ prior_num = nni->num;
+ prior_flags = nni->flags;
+ if (!csum_evp_md(nni))
+ nni->num = CSUM_gone;
+ prior_result = nni->flags;
+ if (check_auth_list && (nni = get_nni_by_num(&valid_auth_checksums, prior_num)) != NULL)
+ verify_digest(nni, False);
+ }
+ }
+#endif
}
+#endif
+
+void init_checksum_choices()
+{
+ struct name_num_item *nni;
+
+ if (initialized_choices)
+ return;
+
+#if defined SUPPORT_XXH3 || defined USE_OPENSSL
+ for (nni = valid_checksums.list; nni->name; nni++)
+ verify_digest(nni, True);
+
+ for (nni = valid_auth_checksums.list; nni->name; nni++)
+ verify_digest(nni, False);
+#endif
+
+ initialized_choices = 1;
+ }
\ No newline at end of file
Index: rsync-3.2.3/clientserver.c
===================================================================
--- rsync-3.2.3.orig/clientserver.c
+++ rsync-3.2.3/clientserver.c
@@ -66,6 +66,7 @@ extern uid_t our_uid;
extern gid_t our_gid;
char *auth_user;
+char *daemon_auth_choices;
int read_only = 0;
int module_id = -1;
int pid_file_fd = -1;
@@ -148,13 +149,9 @@ int start_socket_client(char *host, int
static int exchange_protocols(int f_in, int f_out, char *buf, size_t bufsiz, int am_client)
{
int remote_sub = -1;
-#if SUBPROTOCOL_VERSION != 0
- int our_sub = protocol_version < PROTOCOL_VERSION ? 0 : SUBPROTOCOL_VERSION;
-#else
- int our_sub = 0;
-#endif
+ int our_sub = get_subprotocol_version();
- io_printf(f_out, "@RSYNCD: %d.%d\n", protocol_version, our_sub);
+ output_daemon_greeting(f_out, am_client);
if (!am_client) {
char *motd = lp_motd_file();
if (motd && *motd) {
@@ -196,6 +193,14 @@ static int exchange_protocols(int f_in,
remote_sub = 0;
}
+ daemon_auth_choices = strchr(buf + 9, ' ');
+ if (daemon_auth_choices) {
+ char *cp;
+ daemon_auth_choices = strdup(daemon_auth_choices + 1);
+ if ((cp = strchr(daemon_auth_choices, '\n')) != NULL)
+ *cp = '\0';
+ }
+
if (protocol_version > remote_protocol) {
protocol_version = remote_protocol;
if (remote_sub)
@@ -403,7 +408,7 @@ static int read_arg_from_pipe(int fd, ch
}
#endif
-static void set_env_str(const char *var, const char *str)
+void set_env_str(const char *var, const char *str)
{
#ifdef HAVE_PUTENV
char *mem;
Index: rsync-3.2.3/compat.c
===================================================================
--- rsync-3.2.3.orig/compat.c
+++ rsync-3.2.3/compat.c
@@ -57,13 +57,16 @@ extern char *files_from;
extern char *filesfrom_host;
extern const char *checksum_choice;
extern const char *compress_choice;
+extern char *daemon_auth_choices;
extern filter_rule_list filter_list;
extern int need_unsorted_flist;
#ifdef ICONV_OPTION
extern iconv_t ic_send, ic_recv;
extern char *iconv_opt;
#endif
-extern struct name_num_obj valid_checksums;
+extern struct name_num_obj valid_checksums, valid_auth_checksums;
+
+extern struct name_num_item *xfer_sum_nni;
int remote_protocol = 0;
int file_extra_cnt = 0; /* count of file-list extras that everyone gets */
@@ -76,6 +79,9 @@ int inplace_partial = 0;
int do_negotiated_strings = 0;
int xmit_id0_names = 0;
+struct name_num_item *xattr_sum_nni;
+int xattr_sum_len = 0;
+
/* These index values are for the file-list's extra-attribute array. */
int pathname_ndx, depth_ndx, atimes_ndx, crtimes_ndx, uid_ndx, gid_ndx, acls_ndx, xattrs_ndx, unsort_ndx;
@@ -88,19 +94,21 @@ int filesfrom_convert = 0;
#define MAX_NSTR_STRLEN 256
-struct name_num_obj valid_compressions = {
- "compress", NULL, NULL, 0, 0, {
+struct name_num_item valid_compressions_items[] = {
#ifdef SUPPORT_ZSTD
- { CPRES_ZSTD, "zstd", NULL },
+ { CPRES_ZSTD, 0, "zstd", NULL },
#endif
#ifdef SUPPORT_LZ4
- { CPRES_LZ4, "lz4", NULL },
+ { CPRES_LZ4, 0, "lz4", NULL },
#endif
- { CPRES_ZLIBX, "zlibx", NULL },
- { CPRES_ZLIB, "zlib", NULL },
- { CPRES_NONE, "none", NULL },
- { 0, NULL, NULL }
- }
+ { CPRES_ZLIBX, 0, "zlibx", NULL },
+ { CPRES_ZLIB, 0, "zlib", NULL },
+ { CPRES_NONE, 0, "none", NULL },
+ { 0, 0, NULL, NULL }
+};
+
+struct name_num_obj valid_compressions = {
+ "compress", NULL, 0, 0, valid_compressions_items
};
#define CF_INC_RECURSE (1<<0)
@@ -122,11 +130,7 @@ static void check_sub_protocol(void)
{
char *dot;
int their_protocol, their_sub;
-#if SUBPROTOCOL_VERSION != 0
- int our_sub = protocol_version < PROTOCOL_VERSION ? 0 : SUBPROTOCOL_VERSION;
-#else
- int our_sub = 0;
-#endif
+ int our_sub = get_subprotocol_version();
/* client_info starts with VER.SUB string if client is a pre-release. */
if (!(their_protocol = atoi(client_info))
@@ -168,8 +172,8 @@ void set_allow_inc_recurse(void)
void parse_compress_choice(int final_call)
{
- if (valid_compressions.negotiated_name)
- do_compression = valid_compressions.negotiated_num;
+ if (valid_compressions.negotiated_nni)
+ do_compression = valid_compressions.negotiated_nni->num;
else if (compress_choice) {
struct name_num_item *nni = get_nni_by_name(&valid_compressions, compress_choice, -1);
if (!nni) {
@@ -191,8 +195,8 @@ void parse_compress_choice(int final_cal
compress_choice = NULL;
/* Snag the compression name for both write_batch's option output & the following debug output. */
- if (valid_compressions.negotiated_name)
- compress_choice = valid_compressions.negotiated_name;
+ if (valid_compressions.negotiated_nni)
+ compress_choice = valid_compressions.negotiated_nni->name;
else if (compress_choice == NULL) {
struct name_num_item *nni = get_nni_by_num(&valid_compressions, do_compression);
compress_choice = nni ? nni->name : "UNKNOWN";
@@ -202,7 +206,7 @@ void parse_compress_choice(int final_cal
&& (do_compression != CPRES_NONE || do_compression_level != CLVL_NOT_SPECIFIED)) {
rprintf(FINFO, "%s%s compress: %s (level %d)\n",
am_server ? "Server" : "Client",
- valid_compressions.negotiated_name ? " negotiated" : "",
+ valid_compressions.negotiated_nni ? " negotiated" : "",
compress_choice, do_compression_level);
}
}
@@ -215,6 +219,8 @@ struct name_num_item *get_nni_by_name(st
len = strlen(name);
for (nni = nno->list; nni->name; nni++) {
+ if (nni->num == CSUM_gone)
+ continue;
if (strncasecmp(name, nni->name, len) == 0 && nni->name[len] == '\0')
return nni;
}
@@ -249,10 +255,12 @@ static void init_nno_saw(struct name_num
if (!nno->saw) {
nno->saw = new_array0(uchar, nno->saw_len);
- /* We'll take this opportunity to make sure that the main_name values are set right. */
+ /* We'll take this opportunity to set the main_nni values for duplicates. */
for (cnt = 1, nni = nno->list; nni->name; nni++, cnt++) {
+ if (nni->num == CSUM_gone)
+ continue;
if (nno->saw[nni->num])
- nni->main_name = nno->list[nno->saw[nni->num]-1].name;
+ nni->main_nni = &nno->list[nno->saw[nni->num]-1];
else
nno->saw[nni->num] = cnt;
}
@@ -278,8 +286,8 @@ static int parse_nni_str(struct name_num
struct name_num_item *nni = get_nni_by_name(nno, tok, to - tok);
if (nni && !nno->saw[nni->num]) {
nno->saw[nni->num] = ++cnt;
- if (nni->main_name) {
- to = tok + strlcpy(tok, nni->main_name, tobuf_len - (tok - tobuf));
+ if (nni->main_nni) {
+ to = tok + strlcpy(tok, nni->main_nni->name, tobuf_len - (tok - tobuf));
if (to - tobuf >= tobuf_len) {
to = tok - 1;
break;
@@ -313,13 +321,44 @@ static int parse_nni_str(struct name_num
return to - tobuf;
}
+static int parse_negotiate_str(struct name_num_obj *nno, char *tmpbuf)
+{
+ struct name_num_item *nni, *ret = NULL;
+ int best = nno->saw_len; /* We want best == 1 from the client list, so start with a big number. */
+ char *space, *tok = tmpbuf;
+ while (tok) {
+ while (*tok == ' ') tok++; /* Should be unneeded... */
+ if (!*tok)
+ break;
+ if ((space = strchr(tok, ' ')) != NULL)
+ *space = '\0';
+ nni = get_nni_by_name(nno, tok, -1);
+ if (space) {
+ *space = ' ';
+ tok = space + 1;
+ } else
+ tok = NULL;
+ if (!nni || !nno->saw[nni->num] || best <= nno->saw[nni->num])
+ continue;
+ ret = nni;
+ best = nno->saw[nni->num];
+ if (best == 1 || am_server) /* The server side stops at the first acceptable client choice */
+ break;
+ }
+ if (ret) {
+ free(nno->saw);
+ nno->saw = NULL;
+ nno->negotiated_nni = ret->main_nni ? ret->main_nni : ret;
+ return 1;
+ }
+ return 0;
+}
+
/* This routine is always called with a tmpbuf of MAX_NSTR_STRLEN length, but the
* buffer may be pre-populated with a "len" length string to use OR a len of -1
* to tell us to read a string from the fd. */
static void recv_negotiate_str(int f_in, struct name_num_obj *nno, char *tmpbuf, int len)
{
- struct name_num_item *ret = NULL;
-
if (len < 0)
len = read_vstring(f_in, tmpbuf, MAX_NSTR_STRLEN);
@@ -330,37 +369,8 @@ static void recv_negotiate_str(int f_in,
rprintf(FINFO, "Server %s list (on client): %s\n", nno->type, tmpbuf);
}
- if (len > 0) {
- struct name_num_item *nni;
- int best = nno->saw_len; /* We want best == 1 from the client list, so start with a big number. */
- char *space, *tok = tmpbuf;
- while (tok) {
- while (*tok == ' ') tok++; /* Should be unneeded... */
- if (!*tok)
- break;
- if ((space = strchr(tok, ' ')) != NULL)
- *space = '\0';
- nni = get_nni_by_name(nno, tok, -1);
- if (space) {
- *space = ' ';
- tok = space + 1;
- } else
- tok = NULL;
- if (!nni || !nno->saw[nni->num] || best <= nno->saw[nni->num])
- continue;
- ret = nni;
- best = nno->saw[nni->num];
- if (best == 1 || am_server) /* The server side stops at the first acceptable client choice */
- break;
- }
- if (ret) {
- free(nno->saw);
- nno->saw = NULL;
- nno->negotiated_name = ret->main_name ? ret->main_name : ret->name;
- nno->negotiated_num = ret->num;
- return;
- }
- }
+ if (len > 0 && parse_negotiate_str(nno, tmpbuf))
+ return;
if (!am_server || !do_negotiated_strings) {
char *cp = tmpbuf;
@@ -456,8 +466,10 @@ int get_default_nno_list(struct name_num
init_nno_saw(nno, 0);
for (nni = nno->list, len = 0; nni->name; nni++) {
- if (nni->main_name) {
- if (!dup_markup)
+ if (nni->num == CSUM_gone)
+ continue;
+ if (nni->main_nni) {
+ if (!dup_markup || nni->main_nni->num == CSUM_gone)
continue;
delim = dup_markup;
}
@@ -544,7 +556,7 @@ static void negotiate_the_strings(int f_
/* If the other side is too old to negotiate, the above steps just made sure that
* the env didn't disallow the old algorithm. Mark things as non-negotiated. */
if (!do_negotiated_strings)
- valid_checksums.negotiated_name = valid_compressions.negotiated_name = NULL;
+ valid_checksums.negotiated_nni = valid_compressions.negotiated_nni = NULL;
}
void setup_protocol(int f_out,int f_in)
@@ -790,11 +802,73 @@ void setup_protocol(int f_out,int f_in)
checksum_seed = read_int(f_in);
}
- parse_checksum_choice(1); /* Sets checksum_type & xfersum_type */
+ parse_checksum_choice(1); /* Sets file_sum_nni & xfer_sum_nni */
parse_compress_choice(1); /* Sets do_compression */
+ /* TODO in the future allow this algorithm to be chosen somehow, but it can't get too
+ * long or the size starts to cause a problem in the xattr abbrev/non-abbrev code. */
+ xattr_sum_nni = parse_csum_name(NULL, 0);
+ xattr_sum_len = csum_len_for_type(xattr_sum_nni->num, 0);
+
if (write_batch && !am_server)
write_batch_shell_file();
init_flist();
}
+
+void output_daemon_greeting(int f_out, int am_client)
+{
+ char tmpbuf[MAX_NSTR_STRLEN];
+ int our_sub = get_subprotocol_version();
+
+ get_default_nno_list(&valid_auth_checksums, tmpbuf, MAX_NSTR_STRLEN, '\0');
+
+ io_printf(f_out, "@RSYNCD: %d.%d %s\n", protocol_version, our_sub, tmpbuf);
+
+ if (am_client && DEBUG_GTE(NSTR, 2))
+ rprintf(FINFO, "Client %s list (on client): %s\n", valid_auth_checksums.type, tmpbuf);
+}
+
+void negotiate_daemon_auth(int f_out, int am_client)
+{
+ char tmpbuf[MAX_NSTR_STRLEN];
+ int save_am_server = am_server;
+ int md4_is_old = 0;
+
+ if (!am_client)
+ am_server = 1;
+
+ if (daemon_auth_choices)
+ strlcpy(tmpbuf, daemon_auth_choices, MAX_NSTR_STRLEN);
+ else {
+ strlcpy(tmpbuf, protocol_version >= 30 ? "md5" : "md4", MAX_NSTR_STRLEN);
+ md4_is_old = 1;
+ }
+
+ if (am_client) {
+ recv_negotiate_str(-1, &valid_auth_checksums, tmpbuf, strlen(tmpbuf));
+ if (DEBUG_GTE(NSTR, 1)) {
+ rprintf(FINFO, "Client negotiated %s: %s\n", valid_auth_checksums.type,
+ valid_auth_checksums.negotiated_nni->name);
+ }
+ } else {
+ if (!parse_negotiate_str(&valid_auth_checksums, tmpbuf)) {
+ get_default_nno_list(&valid_auth_checksums, tmpbuf, MAX_NSTR_STRLEN, '\0');
+ io_printf(f_out, "@ERROR: your client does not support one of our daemon-auth checksums: %s\n",
+ tmpbuf);
+ exit_cleanup(RERR_UNSUPPORTED);
+ }
+ }
+ am_server = save_am_server;
+ if (md4_is_old && valid_auth_checksums.negotiated_nni->num == CSUM_MD4)
+ valid_auth_checksums.negotiated_nni->num = CSUM_MD4_OLD;
+}
+
+int get_subprotocol_version()
+{
+#if SUBPROTOCOL_VERSION != 0
+ return protocol_version < PROTOCOL_VERSION ? 0 : SUBPROTOCOL_VERSION;
+#else
+ return 0;
+#endif
+}
Index: rsync-3.2.3/flist.c
===================================================================
--- rsync-3.2.3.orig/flist.c
+++ rsync-3.2.3/flist.c
@@ -33,7 +33,6 @@ extern int am_sender;
extern int am_generator;
extern int inc_recurse;
extern int always_checksum;
-extern int checksum_type;
extern int module_id;
extern int ignore_errors;
extern int numeric_ids;
@@ -79,6 +78,8 @@ extern struct stats stats;
extern char *filesfrom_host;
extern char *usermap, *groupmap;
+extern struct name_num_item *file_sum_nni;
+
extern char curr_dir[MAXPATHLEN];
extern struct chmod_mode_struct *chmod_modes;
@@ -144,7 +145,8 @@ void init_flist(void)
rprintf(FINFO, "FILE_STRUCT_LEN=%d, EXTRA_LEN=%d\n",
(int)FILE_STRUCT_LEN, (int)EXTRA_LEN);
}
- flist_csum_len = csum_len_for_type(checksum_type, 1);
+ /* Note that this isn't identical to file_sum_len in the case of CSUM_MD4_ARCHAIC: */
+ flist_csum_len = csum_len_for_type(file_sum_nni->num, 1);
show_filelist_progress = INFO_GTE(FLIST, 1) && xfer_dirs && !am_server && !inc_recurse;
}
Index: rsync-3.2.3/lib/md-defines.h
===================================================================
--- rsync-3.2.3.orig/lib/md-defines.h
+++ rsync-3.2.3/lib/md-defines.h
@@ -6,6 +6,7 @@
#define CSUM_CHUNK 64
+#define CSUM_gone -1
#define CSUM_NONE 0
#define CSUM_MD4_ARCHAIC 1
#define CSUM_MD4_BUSTED 2
Index: rsync-3.2.3/lib/mdigest.h
===================================================================
--- rsync-3.2.3.orig/lib/mdigest.h
+++ rsync-3.2.3/lib/mdigest.h
@@ -1,8 +1,7 @@
/* The include file for both the MD4 and MD5 routines. */
#ifdef USE_OPENSSL
-#include "openssl/md4.h"
-#include "openssl/md5.h"
+#include <openssl/evp.h>
#endif
#include "md-defines.h"
@@ -17,7 +16,6 @@ void mdfour_begin(md_context *md);
void mdfour_update(md_context *md, const uchar *in, uint32 length);
void mdfour_result(md_context *md, uchar digest[MD4_DIGEST_LEN]);
-#ifndef USE_OPENSSL
#define MD5_CTX md_context
#define MD5_Init md5_begin
#define MD5_Update md5_update
@@ -26,4 +24,3 @@ void mdfour_result(md_context *md, uchar
void md5_begin(md_context *ctx);
void md5_update(md_context *ctx, const uchar *input, uint32 length);
void md5_result(md_context *ctx, uchar digest[MD5_DIGEST_LEN]);
-#endif
Index: rsync-3.2.3/log.c
===================================================================
--- rsync-3.2.3.orig/log.c
+++ rsync-3.2.3/log.c
@@ -36,8 +36,6 @@ extern int protocol_version;
extern int always_checksum;
extern int preserve_times;
extern int msgs2stderr;
-extern int xfersum_type;
-extern int checksum_type;
extern int stdout_format_has_i;
extern int stdout_format_has_o_or_i;
extern int logfile_format_has_i;
@@ -62,6 +60,8 @@ extern unsigned int module_dirlen;
extern char sender_file_sum[MAX_DIGEST_LEN];
extern const char undetermined_hostname[];
+extern struct name_num_item *xfer_sum_nni, *file_sum_nni;
+
static int log_initialised;
static int logfile_was_closed;
static FILE *logfile_fp;
@@ -680,12 +680,12 @@ static void log_formatted(enum logcode c
n = NULL;
if (S_ISREG(file->mode)) {
if (always_checksum)
- n = sum_as_hex(checksum_type, F_SUM(file), 1);
+ n = sum_as_hex(file_sum_nni->num, F_SUM(file), 1);
else if (iflags & ITEM_TRANSFER)
- n = sum_as_hex(xfersum_type, sender_file_sum, 0);
+ n = sum_as_hex(xfer_sum_nni->num, sender_file_sum, 0);
}
if (!n) {
- int sum_len = csum_len_for_type(always_checksum ? checksum_type : xfersum_type,
+ int sum_len = csum_len_for_type(always_checksum ? file_sum_nni->num : xfer_sum_nni->num,
always_checksum);
memset(buf2, ' ', sum_len*2);
buf2[sum_len*2] = '\0';
Index: rsync-3.2.3/main.c
===================================================================
--- rsync-3.2.3.orig/main.c
+++ rsync-3.2.3/main.c
@@ -1740,6 +1740,17 @@ int main(int argc,char *argv[])
our_gid = MY_GID();
am_root = our_uid == ROOT_UID;
+#if defined USE_OPENSSL && defined SET_OPENSSL_CONF
+#define TO_STR2(x) #x
+#define TO_STR(x) TO_STR2(x)
+ /* ./configure --with-openssl-conf=/etc/ssl/openssl-rsync.cnf
+ * defines SET_OPENSSL_CONF as that unquoted pathname. */
+ if (!getenv("OPENSSL_CONF")) /* Don't override it if it's already set. */
+ set_env_str("OPENSSL_CONF", TO_STR(SET_OPENSSL_CONF));
+#undef TO_STR
+#undef TO_STR2
+#endif
+
memset(&stats, 0, sizeof(stats));
/* Even a non-daemon runs needs the default config values to be set, e.g.
Index: rsync-3.2.3/match.c
===================================================================
--- rsync-3.2.3.orig/match.c
+++ rsync-3.2.3/match.c
@@ -24,7 +24,9 @@
extern int checksum_seed;
extern int append_mode;
-extern int xfersum_type;
+
+extern struct name_num_item *xfer_sum_nni;
+extern int xfer_sum_len;
int updating_basis_file;
char sender_file_sum[MAX_DIGEST_LEN];
@@ -359,15 +361,13 @@ static void hash_search(int f,struct sum
**/
void match_sums(int f, struct sum_struct *s, struct map_struct *buf, OFF_T len)
{
- int sum_len;
-
last_match = 0;
false_alarms = 0;
hash_hits = 0;
matches = 0;
data_transfer = 0;
- sum_init(xfersum_type, checksum_seed);
+ sum_init(xfer_sum_nni, checksum_seed);
if (append_mode > 0) {
if (append_mode == 2) {
@@ -408,22 +408,22 @@ void match_sums(int f, struct sum_struct
matched(f, s, buf, len, -1);
}
- sum_len = sum_end(sender_file_sum);
+ sum_end(sender_file_sum);
/* If we had a read error, send a bad checksum. We use all bits
* off as long as the checksum doesn't happen to be that, in
* which case we turn the last 0 bit into a 1. */
if (buf && buf->status != 0) {
int i;
- for (i = 0; i < sum_len && sender_file_sum[i] == 0; i++) {}
- memset(sender_file_sum, 0, sum_len);
- if (i == sum_len)
+ for (i = 0; i < xfer_sum_len && sender_file_sum[i] == 0; i++) {}
+ memset(sender_file_sum, 0, xfer_sum_len);
+ if (i == xfer_sum_len)
sender_file_sum[i-1]++;
}
if (DEBUG_GTE(DELTASUM, 2))
rprintf(FINFO,"sending file_sum\n");
- write_buf(f, sender_file_sum, sum_len);
+ write_buf(f, sender_file_sum, xfer_sum_len);
if (DEBUG_GTE(DELTASUM, 2)) {
rprintf(FINFO, "false_alarms=%d hash_hits=%d matches=%d\n",
Index: rsync-3.2.3/packaging/openssl-rsync.cnf
===================================================================
--- /dev/null
+++ rsync-3.2.3/packaging/openssl-rsync.cnf
@@ -0,0 +1,18 @@
+# This config file can be used with rsync to enable legacy digests
+# (such as MD4) by using the OPENSSL_CONF environment variable.
+# See rsync's configure --with-openssl-conf=/path/name option.
+
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_sect
+
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1
Index: rsync-3.2.3/receiver.c
===================================================================
--- rsync-3.2.3.orig/receiver.c
+++ rsync-3.2.3/receiver.c
@@ -55,7 +55,6 @@ extern int inplace;
extern int inplace_partial;
extern int allowed_lull;
extern int delay_updates;
-extern int xfersum_type;
extern BOOL want_progress_now;
extern mode_t orig_umask;
extern struct stats stats;
@@ -68,6 +67,9 @@ extern filter_rule_list daemon_filter_li
extern OFF_T preallocated_len;
extern int fuzzy_basis;
+extern struct name_num_item *xfer_sum_nni;
+extern int xfer_sum_len;
+
static struct bitbag *delayed_bits = NULL;
static int phase = 0, redoing = 0;
static flist_ndx_list batch_redo_list;
@@ -240,7 +242,6 @@ static int receive_data(int f_in, char *
static char file_sum1[MAX_DIGEST_LEN];
struct map_struct *mapbuf;
struct sum_struct sum;
- int sum_len;
int32 len;
OFF_T total_size = F_LENGTH(file);
OFF_T offset = 0;
@@ -280,7 +281,7 @@ static int receive_data(int f_in, char *
} else
mapbuf = NULL;
- sum_init(xfersum_type, checksum_seed);
+ sum_init(xfer_sum_nni, checksum_seed);
if (append_mode > 0) {
OFF_T j;
@@ -393,15 +394,15 @@ static int receive_data(int f_in, char *
if (INFO_GTE(PROGRESS, 1))
end_progress(total_size);
- sum_len = sum_end(file_sum1);
+ sum_end(file_sum1);
if (mapbuf)
unmap_file(mapbuf);
- read_buf(f_in, sender_file_sum, sum_len);
+ read_buf(f_in, sender_file_sum, xfer_sum_len);
if (DEBUG_GTE(DELTASUM, 2))
rprintf(FINFO,"got file_sum\n");
- if (fd != -1 && memcmp(file_sum1, sender_file_sum, sum_len) != 0)
+ if (fd != -1 && memcmp(file_sum1, sender_file_sum, xfer_sum_len) != 0)
return 0;
return 1;
}
Index: rsync-3.2.3/rsync.h
===================================================================
--- rsync-3.2.3.orig/rsync.h
+++ rsync-3.2.3/rsync.h
@@ -811,6 +811,7 @@ extern int uid_ndx;
extern int gid_ndx;
extern int acls_ndx;
extern int xattrs_ndx;
+extern int file_sum_len;
#ifdef USE_FLEXIBLE_ARRAY
#define FILE_STRUCT_LEN (sizeof (struct file_struct))
@@ -821,7 +822,7 @@ extern int xattrs_ndx;
#define DEV_EXTRA_CNT 2
#define DIRNODE_EXTRA_CNT 3
#define EXTRA64_CNT ((sizeof (union file_extras64) + EXTRA_LEN - 1) / EXTRA_LEN)
-#define SUM_EXTRA_CNT ((MAX_DIGEST_LEN + EXTRA_LEN - 1) / EXTRA_LEN)
+#define SUM_EXTRA_CNT ((file_sum_len + EXTRA_LEN - 1) / EXTRA_LEN)
#define REQ_EXTRA(f,ndx) ((union file_extras*)(f) - (ndx))
#define OPT_EXTRA(f,bump) ((union file_extras*)(f) - file_extra_cnt - 1 - (bump))
@@ -1146,17 +1147,17 @@ typedef struct {
#define NSTR_COMPRESS 1
struct name_num_item {
- int num;
- const char *name, *main_name;
+ int num, flags;
+ const char *name;
+ struct name_num_item *main_nni;
};
struct name_num_obj {
const char *type;
- const char *negotiated_name;
+ struct name_num_item *negotiated_nni;
uchar *saw;
int saw_len;
- int negotiated_num;
- struct name_num_item list[8]; /* A big-enough len (we'll get a compile error if it is ever too small) */
+ struct name_num_item *list; /* A big-enough len (we'll get a compile error if it is ever too small) */
};
#ifndef __cplusplus
Index: rsync-3.2.3/usage.c
===================================================================
--- rsync-3.2.3.orig/usage.c
+++ rsync-3.2.3/usage.c
@@ -22,8 +22,7 @@
#include "git-version.h"
#include "default-cvsignore.h"
-extern struct name_num_obj valid_checksums;
-extern struct name_num_obj valid_compressions;
+extern struct name_num_obj valid_checksums, valid_compressions, valid_auth_checksums;
static char *istring(const char *fmt, int val)
{
@@ -197,6 +196,10 @@ void print_rsync_version(enum logcode f)
get_default_nno_list(&valid_compressions, tmpbuf, sizeof tmpbuf, '(');
rprintf(f, " %s\n", tmpbuf);
+ rprintf(f, "Daemon auth list:\n");
+ get_default_nno_list(&valid_auth_checksums, tmpbuf, sizeof tmpbuf, '(');
+ rprintf(f, " %s\n", tmpbuf);
+
#ifdef MAINTAINER_MODE
rprintf(f, "Panic Action: \"%s\"\n", get_panic_action());
#endif
Index: rsync-3.2.3/xattrs.c
===================================================================
--- rsync-3.2.3.orig/xattrs.c
+++ rsync-3.2.3/xattrs.c
@@ -39,9 +39,13 @@ extern int preserve_specials;
extern int checksum_seed;
extern int saw_xattr_filter;
+extern struct name_num_item *xattr_sum_nni;
+extern int xattr_sum_len;
+
#define RSYNC_XAL_INITIAL 5
#define RSYNC_XAL_LIST_INITIAL 100
+#define MAX_XATTR_DIGEST_LEN MD5_DIGEST_LEN
#define MAX_FULL_DATUM 32
#define HAS_PREFIX(str, prfx) (*(str) == *(prfx) && strncmp(str, prfx, sizeof (prfx) - 1) == 0)
@@ -269,8 +273,8 @@ static int rsync_xal_get(const char *fna
if (datum_len > MAX_FULL_DATUM) {
/* For large datums, we store a flag and a checksum. */
- name_offset = 1 + MAX_DIGEST_LEN;
- sum_init(-1, checksum_seed);
+ name_offset = 1 + MAX_XATTR_DIGEST_LEN;
+ sum_init(xattr_sum_nni, checksum_seed);
sum_update(ptr, datum_len);
free(ptr);
@@ -382,7 +386,7 @@ static int64 xattr_lookup_hash(const ite
for (i = 0; i < xalp->count; i++) {
key += hashlittle(rxas[i].name, rxas[i].name_len);
if (rxas[i].datum_len > MAX_FULL_DATUM)
- key += hashlittle(rxas[i].datum, MAX_DIGEST_LEN);
+ key += hashlittle(rxas[i].datum, xattr_sum_len);
else
key += hashlittle(rxas[i].datum, rxas[i].datum_len);
}
@@ -435,7 +439,7 @@ static int find_matching_xattr(const ite
if (rxas1[j].datum_len > MAX_FULL_DATUM) {
if (memcmp(rxas1[j].datum + 1,
rxas2[j].datum + 1,
- MAX_DIGEST_LEN) != 0)
+ xattr_sum_len) != 0)
break;
} else {
if (memcmp(rxas1[j].datum, rxas2[j].datum,
@@ -535,7 +539,7 @@ int send_xattr(int f, stat_x *sxp)
#endif
write_buf(f, name, name_len);
if (rxa->datum_len > MAX_FULL_DATUM)
- write_buf(f, rxa->datum + 1, MAX_DIGEST_LEN);
+ write_buf(f, rxa->datum + 1, xattr_sum_len);
else
write_bigbuf(f, rxa->datum, rxa->datum_len);
}
@@ -588,7 +592,7 @@ int xattr_diff(struct file_struct *file,
else if (snd_rxa->datum_len > MAX_FULL_DATUM) {
same = cmp == 0 && snd_rxa->datum_len == rec_rxa->datum_len
&& memcmp(snd_rxa->datum + 1, rec_rxa->datum + 1,
- MAX_DIGEST_LEN) == 0;
+ xattr_sum_len) == 0;
/* Flag unrequested items that we need. */
if (!same && find_all && snd_rxa->datum[0] == XSTATE_ABBREV)
snd_rxa->datum[0] = XSTATE_TODO;
@@ -797,7 +801,7 @@ void receive_xattr(int f, struct file_st
rsync_xa *rxa;
size_t name_len = read_varint(f);
size_t datum_len = read_varint(f);
- size_t dget_len = datum_len > MAX_FULL_DATUM ? 1 + MAX_DIGEST_LEN : datum_len;
+ size_t dget_len = datum_len > MAX_FULL_DATUM ? 1 + (size_t)xattr_sum_len : datum_len;
size_t extra_len = MIGHT_NEED_RPRE ? RPRE_LEN : 0;
if (SIZE_MAX - dget_len < extra_len || SIZE_MAX - dget_len - extra_len < name_len)
overflow_exit("receive_xattr");
@@ -812,7 +816,7 @@ void receive_xattr(int f, struct file_st
read_buf(f, ptr, dget_len);
else {
*ptr = XSTATE_ABBREV;
- read_buf(f, ptr + 1, MAX_DIGEST_LEN);
+ read_buf(f, ptr + 1, xattr_sum_len);
}
if (saw_xattr_filter) {
@@ -943,7 +947,7 @@ static int rsync_xal_set(const char *fna
rsync_xa *rxas = xalp->items;
ssize_t list_len;
size_t i, len;
- char *name, *ptr, sum[MAX_DIGEST_LEN];
+ char *name, *ptr, sum[MAX_XATTR_DIGEST_LEN];
#ifdef HAVE_LINUX_XATTRS
int user_only = am_root <= 0;
#endif
@@ -958,7 +962,6 @@ static int rsync_xal_set(const char *fna
name = rxas[i].name;
if (XATTR_ABBREV(rxas[i])) {
- int sum_len;
/* See if the fnamecmp version is identical. */
len = name_len = rxas[i].name_len;
if ((ptr = get_xattr_data(fnamecmp, name, &len, 1)) == NULL) {
@@ -975,10 +978,10 @@ static int rsync_xal_set(const char *fna
goto still_abbrev;
}
- sum_init(-1, checksum_seed);
+ sum_init(xattr_sum_nni, checksum_seed);
sum_update(ptr, len);
- sum_len = sum_end(sum);
- if (memcmp(sum, rxas[i].datum + 1, sum_len) != 0) {
+ sum_end(sum);
+ if (memcmp(sum, rxas[i].datum + 1, xattr_sum_len) != 0) {
free(ptr);
goto still_abbrev;
}
Index: rsync-3.2.3/configure.ac
===================================================================
--- rsync-3.2.3.orig/configure.ac
+++ rsync-3.2.3/configure.ac
@@ -121,6 +121,16 @@ if test x"$GCC" = x"yes"; then
CFLAGS="$CFLAGS -Wall -W"
fi
+AC_ARG_WITH(openssl-conf,
+ AS_HELP_STRING([--with-openssl-conf=PATH],[set default OPENSSL_CONF path for rsync]))
+case "$with_openssl_conf" in
+ *[^-/a-zA-Z0-9.,=@+_]*) AC_MSG_ERROR([Invalid path given to --with-openssl-conf]) ;;
+ /*) CFLAGS="$CFLAGS -DSET_OPENSSL_CONF=$with_openssl_conf" ;;
+ no|'') ;;
+ yes) AC_MSG_ERROR([No path given to --with-openssl-conf]) ;;
+ *) AC_MSG_ERROR([Non absolute path given to --with-openssl-conf]) ;;
+esac
+
AC_ARG_WITH(included-popt,
AS_HELP_STRING([--with-included-popt],[use bundled popt library, not from system]))
@@ -199,21 +209,19 @@ fi
AC_DEFINE_UNQUOTED(NOBODY_USER, "nobody", [unprivileged user--e.g. nobody])
AC_DEFINE_UNQUOTED(NOBODY_GROUP, "$NOBODY_GROUP", [unprivileged group for unprivileged user])
-# SIMD optimizations
-SIMD=
+# rolling-checksum SIMD optimizations
+ROLL_SIMD=
-AC_MSG_CHECKING([whether to enable SIMD optimizations])
-AC_ARG_ENABLE(simd,
- AS_HELP_STRING([--disable-simd],[disable SIMD optimizations (requires c++)]))
+AC_MSG_CHECKING([whether to enable rolling-checksum SIMD optimizations])
+AC_ARG_ENABLE(roll-simd,
+ AS_HELP_STRING([--enable-roll-simd],[enable/disable to control rolling-checksum SIMD optimizations (requires c++)]))
# Clag is crashing with -g -O2, so we'll get rid of -g for now.
CXXFLAGS=`echo "$CXXFLAGS" | sed 's/-g //'`
-
-if test x"$enable_simd" != x"no"; then
- # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
- if test x"$build_cpu" = x"x86_64"; then
- AC_LANG(C++)
- AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
+m4_define(SIMD_X86_64_TEST, [[#include <stdio.h>
+#if HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
#include <immintrin.h>
__attribute__ ((target("default"))) int test_ssse3(int x) { return x; }
__attribute__ ((target("default"))) int test_sse2(int x) { return x; }
@@ -233,27 +241,45 @@ __attribute__ ((target("ssse3"))) void m
in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
}
}
-]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no])
+]])
+
+if test x"$enable_roll_simd" = x""; then
+ case "$host_os" in
+ *linux*) ;;
+ *) enable_roll_simd=no ;;
+ esac
+fi
+
+if test x"$enable_roll_simd" != x"no"; then
+ # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
+ if test x"$host_cpu" = x"x86_64" || test x"$host_cpu" = x"amd64"; then
+ AC_LANG(C++)
+ if test x"$host" = x"$build"; then
+ AC_RUN_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST],[[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],
+ [CXX_OK=yes],[CXX_OK=no])
+ else
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST])],[CXX_OK=yes],[CXX_OK=no])
+ fi
AC_LANG(C)
if test x"$CXX_OK" = x"yes"; then
# AC_MSG_RESULT() is called below.
- SIMD="x86_64"
- elif test x"$enable_simd" = x"yes"; then
+ ROLL_SIMD="$host_cpu"
+ elif test x"$enable_roll_simd" = x"yes"; then
AC_MSG_RESULT(error)
- AC_MSG_ERROR(The SIMD compilation test failed.
-Omit --enable-simd to continue without it.)
+ AC_MSG_ERROR(The rolling-checksum SIMD compilation test failed.
+Omit --enable-roll-simd to continue without it.)
fi
- elif test x"$enable_simd" = x"yes"; then
+ elif test x"$enable_roll_simd" = x"yes"; then
AC_MSG_RESULT(unavailable)
- AC_MSG_ERROR(The SIMD optimizations are currently x86_64 only.
-Omit --enable-simd to continue without it.)
+ AC_MSG_ERROR(The rolling-checksum SIMD optimizations are currently x86_64|amd64 only.
+Omit --enable-roll-simd to continue without it.)
fi
fi
-if test x"$SIMD" != x""; then
- AC_MSG_RESULT([yes ($SIMD)])
- AC_DEFINE(HAVE_SIMD, 1, [Define to 1 to enable SIMD optimizations])
- SIMD='$(SIMD_'"$SIMD)"
+if test x"$ROLL_SIMD" != x""; then
+ AC_MSG_RESULT([yes ($ROLL_SIMD)])
+ AC_DEFINE(USE_ROLL_SIMD, 1, [Define to 1 to enable rolling-checksum SIMD optimizations])
+ ROLL_SIMD='$(ROLL_SIMD_'"$ROLL_SIMD)"
# We only use c++ for its target attribute dispatching, disable unneeded bulky features
CXXFLAGS="$CXXFLAGS -fno-exceptions -fno-rtti"
# Apple often has "g++" as a symlink for clang. Try to find out the truth.
@@ -265,7 +291,7 @@ else
AC_MSG_RESULT(no)
fi
-AC_SUBST(SIMD)
+AC_SUBST(ROLL_SIMD)
AC_MSG_CHECKING([if assembler accepts noexecstack])
OLD_CFLAGS="$CFLAGS"
@@ -276,32 +302,6 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]]
CFLAGS="$OLD_CFLAGS"
AC_SUBST(NOEXECSTACK)
-ASM=
-
-AC_MSG_CHECKING([whether to enable ASM optimizations])
-AC_ARG_ENABLE(asm,
- AS_HELP_STRING([--disable-asm],[disable ASM optimizations]))
-
-if test x"$enable_asm" != x"no"; then
- if test x"$build_cpu" = x"x86_64"; then
- ASM="$build_cpu"
- elif test x"$enable_asm" = x"yes"; then
- AC_MSG_RESULT(unavailable)
- AC_MSG_ERROR(The ASM optimizations are currently x86_64 only.
-Omit --enable-asm to continue without it.)
- fi
-fi
-
-if test x"$ASM" != x""; then
- AC_MSG_RESULT([yes ($ASM)])
- AC_DEFINE(HAVE_ASM, 1, [Define to 1 to enable ASM optimizations])
- ASM='$(ASM_'"$ASM)"
-else
- AC_MSG_RESULT(no)
-fi
-
-AC_SUBST(ASM)
-
# arrgh. libc in some old debian version screwed up the largefile
# stuff, getting byte range locking wrong
AC_CACHE_CHECK([for broken largefile support],rsync_cv_HAVE_BROKEN_LARGEFILE,[
@@ -517,10 +517,67 @@ if test x"$enable_openssl" != x"no"; the
err_msg="$err_msg$nl- Failed to find openssl/md4.h and openssl/md5.h for openssl crypto lib support."
no_lib="$no_lib openssl"
fi
+ if test x"$enable_md5_asm" != x"yes"; then
+ enable_md5_asm=no
+ fi
else
AC_MSG_RESULT(no)
fi
+MD5_ASM=
+
+AC_MSG_CHECKING([whether to enable MD5 ASM optimizations])
+AC_ARG_ENABLE(md5-asm,
+ AS_HELP_STRING([--enable-md5-asm],[enable/disable to control MD5 ASM optimizations]))
+
+if test x"$enable_md5_asm" = x""; then
+ case "$host_os" in
+ *linux*) ;;
+ *) enable_md5_asm=no ;;
+ esac
+fi
+
+if test x"$enable_md5_asm" != x"no"; then
+ if test x"$host_cpu" = x"x86_64" || test x"$host_cpu" = x"amd64"; then
+ MD5_ASM="$host_cpu"
+ elif test x"$enable_md5_asm" = x"yes"; then
+ AC_MSG_RESULT(unavailable)
+ AC_MSG_ERROR(The ASM optimizations are currently x86_64|amd64 only.
+Omit --enable-md5-asm to continue without it.)
+ fi
+fi
+
+if test x"$MD5_ASM" != x""; then
+ AC_MSG_RESULT([yes ($MD5_ASM)])
+ AC_DEFINE(USE_MD5_ASM, 1, [Define to 1 to enable MD5 ASM optimizations])
+ MD5_ASM='$(MD5_ASM_'"$MD5_ASM)"
+else
+ AC_MSG_RESULT(no)
+fi
+
+AC_SUBST(MD5_ASM)
+
+ROLL_ASM=
+
+AC_MSG_CHECKING([whether to enable rolling-checksum ASM optimizations])
+AC_ARG_ENABLE(roll-asm,
+ AS_HELP_STRING([--enable-roll-asm],[enable/disable to control rolling-checksum ASM optimizations (requires --enable-roll-simd)]))
+
+if test x"$ROLL_SIMD" = x""; then
+ enable_roll_asm=no
+fi
+
+if test x"$enable_roll_asm" = x"yes"; then
+ ROLL_ASM="$host_cpu"
+ AC_MSG_RESULT([yes ($ROLL_ASM)])
+ AC_DEFINE(USE_ROLL_ASM, 1, [Define to 1 to enable rolling-checksum ASM optimizations (requires --enable-roll-simd)])
+ ROLL_ASM='$(ROLL_ASM_'"$ROLL_ASM)"
+else
+ AC_MSG_RESULT(no)
+fi
+
+AC_SUBST(ROLL_ASM)
+
AC_MSG_CHECKING([whether to enable xxhash checksum support])
AC_ARG_ENABLE([xxhash],
AS_HELP_STRING([--disable-xxhash],[disable xxhash checksums]))
Index: rsync-3.2.3/lib/md5.c
===================================================================
--- rsync-3.2.3.orig/lib/md5.c
+++ rsync-3.2.3/lib/md5.c
@@ -20,7 +20,6 @@
#include "rsync.h"
-#ifndef USE_OPENSSL
void md5_begin(md_context *ctx)
{
ctx->A = 0x67452301;
@@ -221,7 +220,6 @@ void md5_result(md_context *ctx, uchar d
SIVALu(digest, 8, ctx->C);
SIVALu(digest, 12, ctx->D);
}
-#endif
#ifdef TEST_MD5
@@ -318,3 +316,4 @@ int main(int argc, char *argv[])
}
#endif
+
Index: rsync-3.2.3/Makefile.in
===================================================================
--- rsync-3.2.3.orig/Makefile.in
+++ rsync-3.2.3/Makefile.in
@@ -31,8 +31,9 @@ SHELL=/bin/sh
.SUFFIXES:
.SUFFIXES: .c .o
-SIMD_x86_64=simd-checksum-x86_64.o
-ASM_x86_64=lib/md5-asm-x86_64.o
+ROLL_SIMD_x86_64=simd-checksum-x86_64.o
+ROLL_ASM_x86_64=simd-checksum-avx2.o
+MD5_ASM_x86_64=lib/md5-asm-x86_64.o
GENFILES=configure.sh aclocal.m4 config.h.in rsync.1 rsync.1.html \
rsync-ssl.1 rsync-ssl.1.html rsyncd.conf.5 rsyncd.conf.5.html
@@ -46,11 +47,11 @@ OBJS1=flist.o rsync.o generator.o receiv
util.o util2.o main.o checksum.o match.o syscall.o log.o backup.o delete.o
OBJS2=options.o io.o compat.o hlink.o token.o uidlist.o socket.o hashtable.o \
usage.o fileio.o batch.o clientname.o chmod.o acls.o xattrs.o
-OBJS3=progress.o pipe.o @ASM@
+OBJS3=progress.o pipe.o @MD5_ASM@ @ROLL_SIMD@ @ROLL_ASM@
DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o $(SLPOBJ)
popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
popt/popthelp.o popt/poptparse.o
-OBJS=$(OBJS1) $(OBJS2) $(OBJS3) @SIMD@ $(DAEMON_OBJ) $(LIBOBJ) @BUILD_ZLIB@ @BUILD_POPT@
+OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) @BUILD_ZLIB@ @BUILD_POPT@
TLS_OBJ = tls.o syscall.o util2.o t_stub.o lib/compat.o lib/snprintf.o lib/permstring.o lib/sysxattrs.o @BUILD_POPT@
@@ -140,10 +141,13 @@ git-version.h: mkgitver $(wildcard $(src
$(srcdir)/mkgitver
simd-checksum-x86_64.o: simd-checksum-x86_64.cpp
- @$(srcdir)/cmdormsg disable-simd $(CXX) -I. $(CXXFLAGS) $(CPPFLAGS) -c -o $@ $(srcdir)/simd-checksum-x86_64.cpp
+ @$(srcdir)/cmdormsg disable-roll-simd $(CXX) -I. $(CXXFLAGS) $(CPPFLAGS) -c -o $@ $(srcdir)/simd-checksum-x86_64.cpp
-lib/md5-asm-x86_64.o: lib/md5-asm-x86_64.S config.h lib/md-defines.h
- @$(srcdir)/cmdormsg disable-asm $(CC) -I. @NOEXECSTACK@ -c -o $@ $(srcdir)/lib/md5-asm-x86_64.S
+simd-checksum-avx2.o: simd-checksum-avx2.S
+ @$(srcdir)/cmdormsg disable-roll-asm $(CC) $(CFLAGS) -I. @NOEXECSTACK@ -c -o $@ $(srcdir)/simd-checksum-avx2.S
+
+lib/md5-asm-x86_64.o: lib/md5-asm-x86_64.S lib/md-defines.h
+ @$(srcdir)/cmdormsg disable-md5-asm $(CC) -I. @NOEXECSTACK@ -c -o $@ $(srcdir)/lib/md5-asm-x86_64.S
tls$(EXEEXT): $(TLS_OBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(TLS_OBJ) $(LIBS)
