sha: support OpenSSL for SHA256

6b4a6faa · Edward Thomson · b3e3fa10 · 6b4a6faa · 6b4a6faa · 6b4a6faa
Commit 6b4a6faa authored Dec 12, 2021 by Edward Thomson
Hide whitespace changes
Inline Side-by-side

Showing with 83 additions and 11 deletions

cmake/SelectHashes.cmake
+9 -7

src/features.h.in
+1 -0

src/util/CMakeLists.txt
+2 -0

src/util/hash/openssl.c
+62 -3

src/util/hash/openssl.h
+8 -0

src/util/hash/sha.h
+1 -1

No files found.
--- a/cmake/SelectHashes.cmake
+++ b/cmake/SelectHashes.cmake
@@ -25,14 +25,7 @@ endif()
 if(USE_SHA1 STREQUAL "CollisionDetection")
 	set(GIT_SHA1_COLLISIONDETECT 1)
 elseif(USE_SHA1 STREQUAL "OpenSSL")
-	# OPENSSL_FOUND should already be set, we're checking USE_HTTPS
-
 	set(GIT_SHA1_OPENSSL 1)
-	if(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
-		list(APPEND LIBGIT2_PC_LIBS "-lssl")
-	else()
-		list(APPEND LIBGIT2_PC_REQUIRES "openssl")
-	endif()
 elseif(USE_SHA1 STREQUAL "CommonCrypto")
 	set(GIT_SHA1_COMMON_CRYPTO 1)
 elseif(USE_SHA1 STREQUAL "mbedTLS")
@@ -63,6 +56,8 @@ endif()

 if(USE_SHA256 STREQUAL "Builtin")
 	set(GIT_SHA256_BUILTIN 1)
+elseif(USE_SHA256 STREQUAL "OpenSSL")
+	set(GIT_SHA256_OPENSSL 1)
 elseif(USE_SHA256 STREQUAL "CommonCrypto")
 	set(GIT_SHA256_COMMON_CRYPTO 1)
 elseif(USE_SHA256 STREQUAL "mbedTLS")
@@ -72,6 +67,13 @@ else()
 endif()

 # add library requirements
+if(USE_SHA1 STREQUAL "OpenSSL" OR USE_SHA256 STREQUAL "OpenSSL")
+	if(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
+		list(APPEND LIBGIT2_PC_LIBS "-lssl")
+	else()
+		list(APPEND LIBGIT2_PC_REQUIRES "openssl")
+	endif()
+endif()

 if(USE_SHA1 STREQUAL "mbedTLS" OR USE_SHA256 STREQUAL "mbedTLS")
 	list(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR})

--- a/src/features.h.in
+++ b/src/features.h.in
@@ -50,6 +50,7 @@

 #cmakedefine GIT_SHA256_BUILTIN 1
 #cmakedefine GIT_SHA256_COMMON_CRYPTO 1
+#cmakedefine GIT_SHA256_OPENSSL 1
 #cmakedefine GIT_SHA256_MBEDTLS 1

 #cmakedefine GIT_RAND_GETENTROPY 1

--- a/src/util/CMakeLists.txt
+++ b/src/util/CMakeLists.txt
@@ -49,6 +49,8 @@ list(SORT UTIL_SRC_SHA1)

 if(USE_SHA256 STREQUAL "Builtin")
 	file(GLOB UTIL_SRC_SHA256 hash/builtin.* hash/rfc6234/*)
+elseif(USE_SHA256 STREQUAL "OpenSSL")
+	file(GLOB UTIL_SRC_SHA256 hash/openssl.*)
 elseif(USE_SHA256 STREQUAL "CommonCrypto")
 	file(GLOB UTIL_SRC_SHA256 hash/common_crypto.*)
 elseif(USE_SHA256 STREQUAL "mbedTLS")

--- a/src/util/hash/openssl.c
+++ b/src/util/hash/openssl.c
@@ -7,6 +7,8 @@

 #include "openssl.h"

+#ifdef GIT_SHA1_OPENSSL
+
 int git_hash_sha1_global_init(void)
 {
 	return 0;
@@ -27,7 +29,7 @@ int git_hash_sha1_init(git_hash_sha1_ctx *ctx)
 	GIT_ASSERT_ARG(ctx);

 	if (SHA1_Init(&ctx->c) != 1) {
-		git_error_set(GIT_ERROR_SHA, "hash_openssl: failed to initialize hash context");
+		git_error_set(GIT_ERROR_SHA, "failed to initialize sha1 context");
 		return -1;
 	}

@@ -39,7 +41,7 @@ int git_hash_sha1_update(git_hash_sha1_ctx *ctx, const void *data, size_t len)
 	GIT_ASSERT_ARG(ctx);

 	if (SHA1_Update(&ctx->c, data, len) != 1) {
-		git_error_set(GIT_ERROR_SHA, "hash_openssl: failed to update hash");
+		git_error_set(GIT_ERROR_SHA, "failed to update sha1");
 		return -1;
 	}

@@ -51,9 +53,66 @@ int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
 	GIT_ASSERT_ARG(ctx);

 	if (SHA1_Final(out, &ctx->c) != 1) {
-		git_error_set(GIT_ERROR_SHA, "hash_openssl: failed to finalize hash");
+		git_error_set(GIT_ERROR_SHA, "failed to finalize sha1");
+		return -1;
+	}
+
+	return 0;
+}
+
+#endif
+
+#ifdef GIT_SHA256_OPENSSL
+
+int git_hash_sha256_global_init(void)
+{
+	return 0;
+}
+
+int git_hash_sha256_ctx_init(git_hash_sha256_ctx *ctx)
+{
+	return git_hash_sha256_init(ctx);
+}
+
+void git_hash_sha256_ctx_cleanup(git_hash_sha256_ctx *ctx)
+{
+	GIT_UNUSED(ctx);
+}
+
+int git_hash_sha256_init(git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+
+	if (SHA256_Init(&ctx->c) != 1) {
+		git_error_set(GIT_ERROR_SHA, "failed to initialize sha256 context");
+		return -1;
+	}
+
+	return 0;
+}
+
+int git_hash_sha256_update(git_hash_sha256_ctx *ctx, const void *data, size_t len)
+{
+	GIT_ASSERT_ARG(ctx);
+
+	if (SHA256_Update(&ctx->c, data, len) != 1) {
+		git_error_set(GIT_ERROR_SHA, "failed to update sha256");
 		return -1;
 	}

 	return 0;
 }
+
+int git_hash_sha256_final(unsigned char *out, git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+
+	if (SHA256_Final(out, &ctx->c) != 1) {
+		git_error_set(GIT_ERROR_SHA, "failed to finalize sha256");
+		return -1;
+	}
+
+	return 0;
+}
+
+#endif
--- a/src/util/hash/openssl.h
+++ b/src/util/hash/openssl.h
@@ -12,8 +12,16 @@

 #include <openssl/sha.h>

+#ifdef GIT_SHA1_OPENSSL
 struct git_hash_sha1_ctx {
 	SHA_CTX c;
 };
+#endif
+
+#ifdef GIT_SHA256_OPENSSL
+struct git_hash_sha256_ctx {
+	SHA256_CTX c;
+};
+#endif

 #endif
--- a/src/util/hash/sha.h
+++ b/src/util/hash/sha.h
@@ -17,7 +17,7 @@ typedef struct git_hash_sha256_ctx git_hash_sha256_ctx;
 # include "common_crypto.h"
 #endif

-#if defined(GIT_SHA1_OPENSSL) || defined(GIT_SHA1_COMMON_CRYPTO)
+#if defined(GIT_SHA1_OPENSSL) || defined(GIT_SHA256_OPENSSL)
 # include "openssl.h"
 #endif