sha: support mbedTLS for SHA256

b3e3fa10 · Edward Thomson · 83c27786 · b3e3fa10 · b3e3fa10 · b3e3fa10
Commit b3e3fa10 authored Dec 12, 2021 by Edward Thomson
Showing with 80 additions and 8 deletions

cmake/SelectHTTPSBackend.cmake
+1 -1

cmake/SelectHashes.cmake
+19 -6

src/features.h.in
+1 -0

src/util/CMakeLists.txt
+2 -0

src/util/hash/mbedtls.c
+46 -0

src/util/hash/mbedtls.h
+11 -1

No files found.
--- a/cmake/SelectHTTPSBackend.cmake
+++ b/cmake/SelectHTTPSBackend.cmake
@@ -64,7 +64,7 @@ if(USE_HTTPS)
 		if(NOT CERT_LOCATION)
 			message(STATUS "Auto-detecting default certificates location")
-			if(CMAKE_SYSTEM_NAME MATCHES Darwin)
+			if(EXISTS "/usr/local/opt/openssl/bin/openssl")
 				# Check for an Homebrew installation
 				set(OPENSSL_CMD "/usr/local/opt/openssl/bin/openssl")
 			else()

--- a/cmake/SelectHashes.cmake
+++ b/cmake/SelectHashes.cmake
@@ -6,6 +6,8 @@ include(SanitizeBool)
 sanitizebool(USE_SHA1)
 sanitizebool(USE_SHA256)
+# sha1
 if(USE_SHA1 STREQUAL ON)
 	SET(USE_SHA1 "CollisionDetection")
 elseif(USE_SHA1 STREQUAL "HTTPS")
@@ -35,18 +37,14 @@ elseif(USE_SHA1 STREQUAL "CommonCrypto")
 	set(GIT_SHA1_COMMON_CRYPTO 1)
 elseif(USE_SHA1 STREQUAL "mbedTLS")
 	set(GIT_SHA1_MBEDTLS 1)
-	list(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR})
-	list(APPEND LIBGIT2_SYSTEM_LIBS ${MBEDTLS_LIBRARIES})
-	# mbedTLS has no pkgconfig file, hence we can't require it
-	# https://github.com/ARMmbed/mbedtls/issues/228
-	# For now, pass its link flags as our own
-	list(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES})
 elseif(USE_SHA1 STREQUAL "Win32")
 	set(GIT_SHA1_WIN32 1)
 else()
 	message(FATAL_ERROR "Asked for unknown SHA1 backend: ${USE_SHA1}")
 endif()
+# sha256
 if(USE_SHA256 STREQUAL ON AND USE_HTTPS)
 	SET(USE_SHA256 "HTTPS")
 elseif(USE_SHA256 STREQUAL ON)
@@ -67,9 +65,24 @@ if(USE_SHA256 STREQUAL "Builtin")
 	set(GIT_SHA256_BUILTIN 1)
 elseif(USE_SHA256 STREQUAL "CommonCrypto")
 	set(GIT_SHA256_COMMON_CRYPTO 1)
+elseif(USE_SHA256 STREQUAL "mbedTLS")
+	set(GIT_SHA256_MBEDTLS 1)
 else()
 	message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
 endif()
+# add library requirements
+if(USE_SHA1 STREQUAL "mbedTLS" OR USE_SHA256 STREQUAL "mbedTLS")
+	list(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR})
+	list(APPEND LIBGIT2_SYSTEM_LIBS ${MBEDTLS_LIBRARIES})
+	# mbedTLS has no pkgconfig file, hence we can't require it
+	# https://github.com/ARMmbed/mbedtls/issues/228
+	# For now, pass its link flags as our own
+	list(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES})
+endif()
+# notify feature enablement
 add_feature_info(SHA1 ON "using ${USE_SHA1}")
 add_feature_info(SHA256 ON "using ${USE_SHA256}")
--- a/src/features.h.in
+++ b/src/features.h.in
@@ -50,6 +50,7 @@
 #cmakedefine GIT_SHA256_BUILTIN 1
 #cmakedefine GIT_SHA256_COMMON_CRYPTO 1
+#cmakedefine GIT_SHA256_MBEDTLS 1
 #cmakedefine GIT_RAND_GETENTROPY 1

--- a/src/util/CMakeLists.txt
+++ b/src/util/CMakeLists.txt
@@ -51,6 +51,8 @@ if(USE_SHA256 STREQUAL "Builtin")
 	file(GLOB UTIL_SRC_SHA256 hash/builtin.* hash/rfc6234/*)
 elseif(USE_SHA256 STREQUAL "CommonCrypto")
 	file(GLOB UTIL_SRC_SHA256 hash/common_crypto.*)
+elseif(USE_SHA256 STREQUAL "mbedTLS")
+	file(GLOB UTIL_SRC_SHA256 hash/mbedtls.*)
 else()
 	message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
 endif()

--- a/src/util/hash/mbedtls.c
+++ b/src/util/hash/mbedtls.c
@@ -7,6 +7,8 @@
 #include "mbedtls.h"
+#ifdef GIT_SHA1_MBEDTLS
 int git_hash_sha1_global_init(void)
 {
 	return 0;
@@ -44,3 +46,47 @@ int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
 	mbedtls_sha1_finish(&ctx->c, out);
 	return 0;
 }
+#endif
+#ifdef GIT_SHA256_MBEDTLS
+int git_hash_sha256_global_init(void)
+{
+	return 0;
+}
+int git_hash_sha256_ctx_init(git_hash_sha256_ctx *ctx)
+{
+	return git_hash_sha256_init(ctx);
+}
+void git_hash_sha256_ctx_cleanup(git_hash_sha256_ctx *ctx)
+{
+	if (ctx)
+		mbedtls_sha256_free(&ctx->c);
+}
+int git_hash_sha256_init(git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+	mbedtls_sha256_init(&ctx->c);
+	mbedtls_sha256_starts(&ctx->c, 0);
+	return 0;
+}
+int git_hash_sha256_update(git_hash_sha256_ctx *ctx, const void *data, size_t len)
+{
+	GIT_ASSERT_ARG(ctx);
+	mbedtls_sha256_update(&ctx->c, data, len);
+	return 0;
+}
+int git_hash_sha256_final(unsigned char *out, git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+	mbedtls_sha256_finish(&ctx->c, out);
+	return 0;
+}
+#endif
--- a/src/util/hash/mbedtls.h
+++ b/src/util/hash/mbedtls.h
@@ -10,10 +10,20 @@
 #include "hash/sha.h"
-#include <mbedtls/sha1.h>
+#ifdef GIT_SHA1_MBEDTLS
+# include <mbedtls/sha1.h>
 struct git_hash_sha1_ctx {
    mbedtls_sha1_context c;
 };
+#endif
+#ifdef GIT_SHA256_MBEDTLS
+# include <mbedtls/sha256.h>
+struct git_hash_sha256_ctx {
+    mbedtls_sha256_context c;
+};
+#endif
 #endif /* INCLUDE_hash_sha1_mbedtls_h__ */