Merge pull request libgit2#6144 from libgit2/ethomson/sha256

SHA256: add a SHA256 implementation backend

Author: ethomson

CMakeLists.txt

@@ -29,7 +29,8 @@ option(USE_NSEC                "Support nanosecond precision file mtimes and cti
 # Backend selection
 option(USE_SSH                 "Link with libssh2 to enable SSH support"               OFF)
 option(USE_HTTPS               "Enable HTTPS support. Can be set to a specific backend" ON)
-option(USE_SHA1                "Enable SHA1. Can be set to CollisionDetection(ON)/HTTPS/Generic" ON)
+option(USE_SHA1                "Enable SHA1. Can be set to CollisionDetection(ON)/HTTPS" ON)
+option(USE_SHA256              "Enable SHA256. Can be set to HTTPS/Builtin" ON)
 option(USE_GSSAPI              "Link with libgssapi for SPNEGO auth"      OFF)
    set(USE_HTTP_PARSER         "" CACHE STRING "Specifies the HTTP Parser implementation; either system or builtin.")
    set(REGEX_BACKEND           "" CACHE STRING "Regular expression implementation. One of regcomp_l, pcre2, pcre, regcomp, or builtin.")

COPYING

@@ -1144,3 +1144,43 @@ worldwide. This software is distributed without any warranty.
 
 See <http://creativecommons.org/publicdomain/zero/1.0/>.
 
+----------------------------------------------------------------------
+
+The built-in SHA256 support (src/hash/rfc6234) is taken from RFC 6234
+under the following license:
+
+Copyright (c) 2011 IETF Trust and the persons identified as
+authors of the code.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or
+without modification, are permitted provided that the following
+conditions are met:
+
+- Redistributions of source code must retain the above
+  copyright notice, this list of conditions and
+  the following disclaimer.
+
+- Redistributions in binary form must reproduce the above
+  copyright notice, this list of conditions and the following
+  disclaimer in the documentation and/or other materials provided
+  with the distribution.
+
+- Neither the name of Internet Society, IETF or IETF Trust, nor
+  the names of specific contributors, may be used to endorse or
+  promote products derived from this software without specific
+  prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

cmake/SelectHTTPSBackend.cmake

@@ -64,7 +64,7 @@ if(USE_HTTPS)
 
 		if(NOT CERT_LOCATION)
 			message(STATUS "Auto-detecting default certificates location")
-			if(CMAKE_SYSTEM_NAME MATCHES Darwin)
+			if(EXISTS "/usr/local/opt/openssl/bin/openssl")
 				# Check for an Homebrew installation
 				set(OPENSSL_CMD "/usr/local/opt/openssl/bin/openssl")
 			else()

cmake/SelectHashes.cmake

@@ -4,6 +4,9 @@ include(SanitizeBool)
 
 # USE_SHA1=CollisionDetection(ON)/HTTPS/Generic/OFF
 sanitizebool(USE_SHA1)
+sanitizebool(USE_SHA256)
+
+# sha1
 
 if(USE_SHA1 STREQUAL ON)
 	SET(USE_SHA1 "CollisionDetection")
@@ -22,28 +25,68 @@ endif()
 if(USE_SHA1 STREQUAL "CollisionDetection")
 	set(GIT_SHA1_COLLISIONDETECT 1)
 elseif(USE_SHA1 STREQUAL "OpenSSL")
-	# OPENSSL_FOUND should already be set, we're checking USE_HTTPS
-
 	set(GIT_SHA1_OPENSSL 1)
+elseif(USE_SHA1 STREQUAL "CommonCrypto")
+	set(GIT_SHA1_COMMON_CRYPTO 1)
+elseif(USE_SHA1 STREQUAL "mbedTLS")
+	set(GIT_SHA1_MBEDTLS 1)
+elseif(USE_SHA1 STREQUAL "Win32")
+	set(GIT_SHA1_WIN32 1)
+else()
+	message(FATAL_ERROR "Asked for unknown SHA1 backend: ${USE_SHA1}")
+endif()
+
+# sha256
+
+if(USE_SHA256 STREQUAL ON AND USE_HTTPS)
+	SET(USE_SHA256 "HTTPS")
+elseif(USE_SHA256 STREQUAL ON)
+	SET(USE_SHA256 "Builtin")
+endif()
+
+if(USE_SHA256 STREQUAL "HTTPS")
+	if(USE_HTTPS STREQUAL "SecureTransport")
+		set(USE_SHA256 "CommonCrypto")
+	elseif(USE_HTTPS STREQUAL "WinHTTP")
+		set(USE_SHA256 "Win32")
+	elseif(USE_HTTPS)
+		set(USE_SHA256 ${USE_HTTPS})
+	endif()
+endif()
+
+if(USE_SHA256 STREQUAL "Builtin")
+	set(GIT_SHA256_BUILTIN 1)
+elseif(USE_SHA256 STREQUAL "OpenSSL")
+	set(GIT_SHA256_OPENSSL 1)
+elseif(USE_SHA256 STREQUAL "CommonCrypto")
+	set(GIT_SHA256_COMMON_CRYPTO 1)
+elseif(USE_SHA256 STREQUAL "mbedTLS")
+	set(GIT_SHA256_MBEDTLS 1)
+elseif(USE_SHA256 STREQUAL "Win32")
+	set(GIT_SHA256_WIN32 1)
+else()
+	message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
+endif()
+
+# add library requirements
+if(USE_SHA1 STREQUAL "OpenSSL" OR USE_SHA256 STREQUAL "OpenSSL")
 	if(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
 		list(APPEND LIBGIT2_PC_LIBS "-lssl")
 	else()
 		list(APPEND LIBGIT2_PC_REQUIRES "openssl")
 	endif()
-elseif(USE_SHA1 STREQUAL "CommonCrypto")
-	set(GIT_SHA1_COMMON_CRYPTO 1)
-elseif(USE_SHA1 STREQUAL "mbedTLS")
-	set(GIT_SHA1_MBEDTLS 1)
+endif()
+
+if(USE_SHA1 STREQUAL "mbedTLS" OR USE_SHA256 STREQUAL "mbedTLS")
 	list(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR})
 	list(APPEND LIBGIT2_SYSTEM_LIBS ${MBEDTLS_LIBRARIES})
 	# mbedTLS has no pkgconfig file, hence we can't require it
 	# https://github.com/ARMmbed/mbedtls/issues/228
 	# For now, pass its link flags as our own
 	list(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES})
-elseif(USE_SHA1 STREQUAL "Win32")
-	set(GIT_SHA1_WIN32 1)
-elseif(NOT (USE_SHA1 STREQUAL "Generic"))
-	message(FATAL_ERROR "Asked for unknown SHA1 backend: ${USE_SHA1}")
 endif()
 
-add_feature_info(SHA ON "using ${USE_SHA1}")
+# notify feature enablement
+
+add_feature_info(SHA1 ON "using ${USE_SHA1}")
+add_feature_info(SHA256 ON "using ${USE_SHA256}")

include/git2/deprecated.h

@@ -436,6 +436,8 @@ GIT_EXTERN(int) git_diff_format_email_options_init(
 #define GITERR_WORKTREE GIT_ERROR_WORKTREE
 #define GITERR_SHA1 GIT_ERROR_SHA1
 
+#define GIT_ERROR_SHA1 GIT_ERROR_SHA
+
 /**
  * Return the last `git_error` object that was generated for the
  * current thread.  This is an alias of `git_error_last` and is

include/git2/errors.h

@@ -106,7 +106,7 @@ typedef enum {
 	GIT_ERROR_FILESYSTEM,
 	GIT_ERROR_PATCH,
 	GIT_ERROR_WORKTREE,
-	GIT_ERROR_SHA1,
+	GIT_ERROR_SHA,
 	GIT_ERROR_HTTP,
 	GIT_ERROR_INTERNAL
 } git_error_t;

src/features.h.in

@@ -48,6 +48,12 @@
 #cmakedefine GIT_SHA1_OPENSSL 1
 #cmakedefine GIT_SHA1_MBEDTLS 1
 
+#cmakedefine GIT_SHA256_BUILTIN 1
+#cmakedefine GIT_SHA256_WIN32 1
+#cmakedefine GIT_SHA256_COMMON_CRYPTO 1
+#cmakedefine GIT_SHA256_OPENSSL 1
+#cmakedefine GIT_SHA256_MBEDTLS 1
+
 #cmakedefine GIT_RAND_GETENTROPY 1
 
 #endif

src/util/CMakeLists.txt

@@ -9,7 +9,7 @@ set(UTIL_INCLUDES
 	"${PROJECT_SOURCE_DIR}/src/util"
 	"${PROJECT_SOURCE_DIR}/include")
 
-file(GLOB UTIL_SRC *.c *.h allocators/*.c allocators/*.h hash/sha1.h)
+file(GLOB UTIL_SRC *.c *.h allocators/*.c allocators/*.h hash.h)
 list(SORT UTIL_SRC)
 
 #
@@ -29,31 +29,45 @@ endif()
 #
 
 if(USE_SHA1 STREQUAL "CollisionDetection")
-	file(GLOB UTIL_SRC_HASH hash/sha1/collisiondetect.* hash/sha1/sha1dc/*)
+	file(GLOB UTIL_SRC_SHA1 hash/collisiondetect.* hash/sha1dc/*)
 	target_compile_definitions(util PRIVATE SHA1DC_NO_STANDARD_INCLUDES=1)
         target_compile_definitions(util PRIVATE SHA1DC_CUSTOM_INCLUDE_SHA1_C=\"git2_util.h\")
         target_compile_definitions(util PRIVATE SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C=\"git2_util.h\")
 elseif(USE_SHA1 STREQUAL "OpenSSL")
-	file(GLOB UTIL_SRC_HASH hash/sha1/openssl.*)
+	file(GLOB UTIL_SRC_SHA1 hash/openssl.*)
 elseif(USE_SHA1 STREQUAL "CommonCrypto")
-	file(GLOB UTIL_SRC_HASH hash/sha1/common_crypto.*)
+	file(GLOB UTIL_SRC_SHA1 hash/common_crypto.*)
 elseif(USE_SHA1 STREQUAL "mbedTLS")
-	file(GLOB UTIL_SRC_HASH hash/sha1/mbedtls.*)
+	file(GLOB UTIL_SRC_SHA1 hash/mbedtls.*)
 elseif(USE_SHA1 STREQUAL "Win32")
-	file(GLOB UTIL_SRC_HASH hash/sha1/win32.*)
-elseif(USE_SHA1 STREQUAL "Generic")
-	file(GLOB UTIL_SRC_HASH hash/sha1/generic.*)
+	file(GLOB UTIL_SRC_SHA1 hash/win32.*)
 else()
 	message(FATAL_ERROR "Asked for unknown SHA1 backend: ${USE_SHA1}")
 endif()
 
-list(SORT UTIL_SRC_HASH)
+list(SORT UTIL_SRC_SHA1)
+
+if(USE_SHA256 STREQUAL "Builtin")
+	file(GLOB UTIL_SRC_SHA256 hash/builtin.* hash/rfc6234/*)
+elseif(USE_SHA256 STREQUAL "OpenSSL")
+	file(GLOB UTIL_SRC_SHA256 hash/openssl.*)
+elseif(USE_SHA256 STREQUAL "CommonCrypto")
+	file(GLOB UTIL_SRC_SHA256 hash/common_crypto.*)
+elseif(USE_SHA256 STREQUAL "mbedTLS")
+	file(GLOB UTIL_SRC_SHA256 hash/mbedtls.*)
+elseif(USE_SHA256 STREQUAL "Win32")
+	file(GLOB UTIL_SRC_SHA256 hash/win32.*)
+else()
+	message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
+endif()
+
+list(SORT UTIL_SRC_SHA256)
 
 #
 # Build the library
 #
 
-target_sources(util PRIVATE ${UTIL_SRC} ${UTIL_SRC_OS} ${UTIL_SRC_HASH})
+target_sources(util PRIVATE ${UTIL_SRC} ${UTIL_SRC_OS} ${UTIL_SRC_SHA1} ${UTIL_SRC_SHA256})
 ide_split_sources(util)
 
 target_include_directories(util PRIVATE ${UTIL_INCLUDES} ${LIBGIT2_DEPENDENCY_INCLUDES} PUBLIC ${libgit2_SOURCE_DIR}/include)

src/util/hash.c

@@ -9,7 +9,11 @@
 
 int git_hash_global_init(void)
 {
-	return git_hash_sha1_global_init();
+	if (git_hash_sha1_global_init() < 0 ||
+	    git_hash_sha256_global_init() < 0)
+		return -1;
+
+	return 0;
 }
 
 int git_hash_ctx_init(git_hash_ctx *ctx, git_hash_algorithm_t algorithm)
@@ -20,6 +24,9 @@ int git_hash_ctx_init(git_hash_ctx *ctx, git_hash_algorithm_t algorithm)
 	case GIT_HASH_ALGORITHM_SHA1:
 		error = git_hash_sha1_ctx_init(&ctx->ctx.sha1);
 		break;
+	case GIT_HASH_ALGORITHM_SHA256:
+		error = git_hash_sha256_ctx_init(&ctx->ctx.sha256);
+		break;
 	default:
 		git_error_set(GIT_ERROR_INTERNAL, "unknown hash algorithm");
 		error = -1;
@@ -35,6 +42,9 @@ void git_hash_ctx_cleanup(git_hash_ctx *ctx)
 	case GIT_HASH_ALGORITHM_SHA1:
 		git_hash_sha1_ctx_cleanup(&ctx->ctx.sha1);
 		return;
+	case GIT_HASH_ALGORITHM_SHA256:
+		git_hash_sha256_ctx_cleanup(&ctx->ctx.sha256);
+		return;
 	default:
 		/* unreachable */ ;
 	}
@@ -45,6 +55,8 @@ int git_hash_init(git_hash_ctx *ctx)
 	switch (ctx->algorithm) {
 	case GIT_HASH_ALGORITHM_SHA1:
 		return git_hash_sha1_init(&ctx->ctx.sha1);
+	case GIT_HASH_ALGORITHM_SHA256:
+		return git_hash_sha256_init(&ctx->ctx.sha256);
 	default:
 		/* unreachable */ ;
 	}
@@ -58,6 +70,8 @@ int git_hash_update(git_hash_ctx *ctx, const void *data, size_t len)
 	switch (ctx->algorithm) {
 	case GIT_HASH_ALGORITHM_SHA1:
 		return git_hash_sha1_update(&ctx->ctx.sha1, data, len);
+	case GIT_HASH_ALGORITHM_SHA256:
+		return git_hash_sha256_update(&ctx->ctx.sha256, data, len);
 	default:
 		/* unreachable */ ;
 	}
@@ -71,6 +85,8 @@ int git_hash_final(unsigned char *out, git_hash_ctx *ctx)
 	switch (ctx->algorithm) {
 	case GIT_HASH_ALGORITHM_SHA1:
 		return git_hash_sha1_final(out, &ctx->ctx.sha1);
+	case GIT_HASH_ALGORITHM_SHA256:
+		return git_hash_sha256_final(out, &ctx->ctx.sha256);
 	default:
 		/* unreachable */ ;
 	}

src/util/hash.h

@@ -10,7 +10,7 @@
 
 #include "git2_util.h"
 
-#include "hash/sha1.h"
+#include "hash/sha.h"
 
 typedef struct {
 	void *data;
@@ -19,12 +19,14 @@ typedef struct {
 
 typedef enum {
 	GIT_HASH_ALGORITHM_NONE = 0,
-	GIT_HASH_ALGORITHM_SHA1
+	GIT_HASH_ALGORITHM_SHA1,
+	GIT_HASH_ALGORITHM_SHA256
 } git_hash_algorithm_t;
 
 typedef struct git_hash_ctx {
 	union {
 		git_hash_sha1_ctx sha1;
+		git_hash_sha256_ctx sha256;
 	} ctx;
 	git_hash_algorithm_t algorithm;
 } git_hash_ctx;