cksum: add support for SHA-3

* src/digest.c: Include sha3.h.
(BLAKE2B_MAX_LEN): Rename to
DIGEST_MAX_LEN since it is also used for SHA-3.
(sha3_sum_stream): New function.
(enum Algorithm, algorithm_args, algorithm_args, algorithm_types)
algorithm_tags, algorithm_bits, cksumfns, cksum_output_fns): Add entries
for SHA-3.
(usage): Mention that SHA-3 is supported. Mention requirements for
--length with SHA-3.
(split_3): Use DIGEST_MAX_LEN instead of BLAKE2B_MAX_LEN. Determine the
length of the digest for SHA-3. Make sure it is 224, 256, 384, or 512.
(digest_file): Set the digest length in bytes. Use DIGEST_MAX_LEN
instead of BLAKE2B_MAX_LEN. Always append the digest length to SHA3 in
the output.
(main): Allow the use of --length with 'cksum -a sha3'.  Use
DIGEST_MAX_LEN instead of BLAKE2B_MAX_LEN. Make sure it is 224, 256,
384, or 512.
* tests/cksum/cksum-base64.pl (@pairs): Add expected sha3 output.
(fmt): Modify the output to use SHA3-512 since that is the default.
(@Tests): Modify arguments for sha3 to use --length=512.
* tests/cksum/cksum-sha3.sh: New test, based on tests/cksum/b2sum.sh.
* tests/local.mk (all_tests): Add the test.
* bootstrap.conf: Add crypto/sha3.
* gnulib: Update to latest commit.
* NEWS: Mention the change.
* doc/coreutils.texi (cksum general options): Mention sha3 as a
supported argument to the -a option. Mention that 'cksum -a sha3'
supports the --length option. Mention that SHA-3 is considered secure.

tests/cksum/cksum-base64.pl

@@ -36,6 +36,7 @@ my @pairs =
    ['sha256', "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="],
    ['sha384', "OLBgp1GsljhM2TJ+sbHjaiH9txEUvgdDTAzHv2P24donTt6/529l+9Ua0vFImLlb"],
    ['sha512', "z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg=="],
+   ['sha3', "pp9zzKI6msXItWfcGFp1bpfJghZP4lhZ4NHcwUdcgKYVshI68fX5TBHj6UAsOsVY9QAZnZW20+MBdYWGKB3NJg=="],
    ['blake2b', "eGoC90IBWQPGxv2FJVLScpEvR0DhWEdhiobiF/cfVBnSXhAxr+5YUxOJZESTTrBLkDpoWxRIt1XVb3Aa/pvizg=="],
    ['sm3', "GrIdg1XPoX+OYRlIMegajyK+yMco/vt0ftA161CCqis="],
   );
@@ -47,6 +48,8 @@ sub fmt ($$) {
   $h !~ m{^(sysv|bsd|crc|crc32b)$} and $v = uc($h). " (f) = $v";
   # BLAKE2b is inconsistent:
   $v =~ s{BLAKE2B}{BLAKE2b};
+  # Our tests use 'cksum -a sha3 --length=512'.
+  $v =~ s/^SHA3\b/SHA3-512/;
   return "$v"
 }
 
@@ -54,7 +57,8 @@ my @Tests =
   (
    # Ensure that each of the above works with --base64:
    (map {my ($h,$v)= @$_; my $o=fmt $h,$v;
-         [$h, "--base64 -a $h", {IN=>{f=>''}}, {OUT=>"$o\n"}]} @pairs),
+         (my $opts = $h) =~ s/^sha3$/sha3 --length=512/;
+         [$h, "--base64 -a $opts", {IN=>{f=>''}}, {OUT=>"$o\n"}]} @pairs),
 
    # For each that accepts --check, ensure that works with base64 digests:
    (map {my ($h,$v)= @$_; my $o=fmt $h,$v;

tests/cksum/cksum-sha3.sh

@@ -0,0 +1,81 @@
+#!/bin/sh
+# 'cksum -a sha3' tests.
+
+# Copyright (C) 2025 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ cksum
+getlimits_
+
+# Ensure we can --check the --tag format we produce
+for i in 'a' ' b' '*c' '44' ' '; do
+  echo "$i" > "$i"
+  for l in 224 256 384 512; do
+    cksum -a sha3 -l $l "$i" >> check.sha3
+  done
+done
+# Note -l is inferred from the tags in the mixed format file
+cksum -a sha3 --strict -c check.sha3 || fail=1
+
+# Also ensure the openssl tagged variant works
+sed 's/ //; s/ =/=/' < check.sha3 > openssl.sha3 || framework_failure_
+cksum -a sha3 --strict -c openssl.sha3 || fail=1
+
+# Ensure we can check non tagged format
+for l in 224 256 384 512; do
+  cksum -a sha3 --untagged --text -l $l /dev/null \
+    | tee -a check.vals > check.sha3
+  cksum -a sha3 -l $l --strict -c check.sha3 || fail=1
+  cksum -a sha3 --strict -c check.sha3 || fail=1
+done
+
+# Ensure the checksum values are correct.  The reference
+# check.vals was created using OpenSSL.
+cksum -a sha3 --length=256 check.vals > out.tmp || fail=1
+tr '*' ' ' < out.tmp > out || framework_failure_  # Remove binary tag on cygwin
+printf '%s' 'SHA3-256 (check.vals) = ' > exp
+echo 'b4753bf1696fda712821b665494c89090ffb0e87b8645559ad9f5db25b42d4f3' >> exp
+compare exp out || fail=1
+
+# Make sure --check does not handle unsupported digest sizes, e.g. truncated
+# digests.
+printf '%s' 'SHA3-248 (check.vals) = ' > inp
+echo 'b4753bf1696fda712821b665494c89090ffb0e87b8645559ad9f5db25b42d4' >> inp
+returns_ 1 cksum -a sha3 -c --warn inp 2>err || fail=1
+cat <<EOF > exp || framework_failure_
+cksum: inp: 1: improperly formatted SHA3 checksum line
+cksum: inp: no properly formatted checksum lines found
+EOF
+compare exp err || fail=1
+
+# Only validate the last specified, used length
+cksum -a sha3 -l 253 -l 256 /dev/null || fail=1
+
+# SHA-3 only allows values for --length to be 224, 256, 384, and 512.
+# Check that multiples of 8 that are allowed by BLAKE2 are disallowed.
+for len in 216 248 376 504 513 1024 $UINTMAX_OFLOW; do
+  returns_ 1 cksum -a sha3 -l $len /dev/null 2>err || fail=1
+  cat <<EOF > exp || framework_failure_
+cksum: invalid length: '$len'
+cksum: digest length for 'SHA3' must be 224, 256, 384, or 512
+EOF
+  compare exp err || fail=1
+  # We still check --length when --check is used.
+  returns_ 1 cksum -a sha3 -l $len --check /dev/null 2>err || fail=1
+  compare exp err
+done
+
+Exit $fail

tests/local.mk

@@ -380,6 +380,7 @@ all_tests =					\
   tests/cksum/sha256sum.pl			\
   tests/cksum/sha384sum.pl			\
   tests/cksum/sha512sum.pl			\
+  tests/cksum/cksum-sha3.sh			\
   tests/shred/shred-exact.sh			\
   tests/shred/shred-passes.sh			\
   tests/shred/shred-remove.sh			\