Merge pull request #6144 from libgit2/ethomson/sha256

SHA256: add a SHA256 implementation backend

CMakeLists.txt

@@ -29,7 +29,8 @@ option(USE_NSEC                "Support nanosecond precision file mtimes and cti
 # Backend selection
 option(USE_SSH                 "Link with libssh2 to enable SSH support"               OFF)
 option(USE_HTTPS               "Enable HTTPS support. Can be set to a specific backend" ON)
-option(USE_SHA1                "Enable SHA1. Can be set to CollisionDetection(ON)/HTTPS/Generic" ON)
+option(USE_SHA1                "Enable SHA1. Can be set to CollisionDetection(ON)/HTTPS" ON)
+option(USE_SHA256              "Enable SHA256. Can be set to HTTPS/Builtin" ON)
 option(USE_GSSAPI              "Link with libgssapi for SPNEGO auth"      OFF)
    set(USE_HTTP_PARSER         "" CACHE STRING "Specifies the HTTP Parser implementation; either system or builtin.")
    set(REGEX_BACKEND           "" CACHE STRING "Regular expression implementation. One of regcomp_l, pcre2, pcre, regcomp, or builtin.")

COPYING

@@ -1144,3 +1144,43 @@ worldwide. This software is distributed without any warranty.
 
 See <http://creativecommons.org/publicdomain/zero/1.0/>.
 
+----------------------------------------------------------------------
+
+The built-in SHA256 support (src/hash/rfc6234) is taken from RFC 6234
+under the following license:
+
+Copyright (c) 2011 IETF Trust and the persons identified as
+authors of the code.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or
+without modification, are permitted provided that the following
+conditions are met:
+
+- Redistributions of source code must retain the above
+  copyright notice, this list of conditions and
+  the following disclaimer.
+
+- Redistributions in binary form must reproduce the above
+  copyright notice, this list of conditions and the following
+  disclaimer in the documentation and/or other materials provided
+  with the distribution.
+
+- Neither the name of Internet Society, IETF or IETF Trust, nor
+  the names of specific contributors, may be used to endorse or
+  promote products derived from this software without specific
+  prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

cmake/SelectHTTPSBackend.cmake

@@ -64,7 +64,7 @@ if(USE_HTTPS)
 
 		if(NOT CERT_LOCATION)
 			message(STATUS "Auto-detecting default certificates location")
-			if(CMAKE_SYSTEM_NAME MATCHES Darwin)
+			if(EXISTS "/usr/local/opt/openssl/bin/openssl")
 				# Check for an Homebrew installation
 				set(OPENSSL_CMD "/usr/local/opt/openssl/bin/openssl")
 			else()

cmake/SelectHashes.cmake

@@ -4,6 +4,9 @@ include(SanitizeBool)
 
 # USE_SHA1=CollisionDetection(ON)/HTTPS/Generic/OFF
 sanitizebool(USE_SHA1)
+sanitizebool(USE_SHA256)
+
+# sha1
 
 if(USE_SHA1 STREQUAL ON)
 	SET(USE_SHA1 "CollisionDetection")
@@ -22,28 +25,68 @@ endif()
 if(USE_SHA1 STREQUAL "CollisionDetection")
 	set(GIT_SHA1_COLLISIONDETECT 1)
 elseif(USE_SHA1 STREQUAL "OpenSSL")
-	# OPENSSL_FOUND should already be set, we're checking USE_HTTPS
-
 	set(GIT_SHA1_OPENSSL 1)
+elseif(USE_SHA1 STREQUAL "CommonCrypto")
+	set(GIT_SHA1_COMMON_CRYPTO 1)
+elseif(USE_SHA1 STREQUAL "mbedTLS")
+	set(GIT_SHA1_MBEDTLS 1)
+elseif(USE_SHA1 STREQUAL "Win32")
+	set(GIT_SHA1_WIN32 1)
+else()
+	message(FATAL_ERROR "Asked for unknown SHA1 backend: ${USE_SHA1}")
+endif()
+
+# sha256
+
+if(USE_SHA256 STREQUAL ON AND USE_HTTPS)
+	SET(USE_SHA256 "HTTPS")
+elseif(USE_SHA256 STREQUAL ON)
+	SET(USE_SHA256 "Builtin")
+endif()
+
+if(USE_SHA256 STREQUAL "HTTPS")
+	if(USE_HTTPS STREQUAL "SecureTransport")
+		set(USE_SHA256 "CommonCrypto")
+	elseif(USE_HTTPS STREQUAL "WinHTTP")
+		set(USE_SHA256 "Win32")
+	elseif(USE_HTTPS)
+		set(USE_SHA256 ${USE_HTTPS})
+	endif()
+endif()
+
+if(USE_SHA256 STREQUAL "Builtin")
+	set(GIT_SHA256_BUILTIN 1)
+elseif(USE_SHA256 STREQUAL "OpenSSL")
+	set(GIT_SHA256_OPENSSL 1)
+elseif(USE_SHA256 STREQUAL "CommonCrypto")
+	set(GIT_SHA256_COMMON_CRYPTO 1)
+elseif(USE_SHA256 STREQUAL "mbedTLS")
+	set(GIT_SHA256_MBEDTLS 1)
+elseif(USE_SHA256 STREQUAL "Win32")
+	set(GIT_SHA256_WIN32 1)
+else()
+	message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
+endif()
+
+# add library requirements
+if(USE_SHA1 STREQUAL "OpenSSL" OR USE_SHA256 STREQUAL "OpenSSL")
 	if(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
 		list(APPEND LIBGIT2_PC_LIBS "-lssl")
 	else()
 		list(APPEND LIBGIT2_PC_REQUIRES "openssl")
 	endif()
-elseif(USE_SHA1 STREQUAL "CommonCrypto")
-	set(GIT_SHA1_COMMON_CRYPTO 1)
-elseif(USE_SHA1 STREQUAL "mbedTLS")
-	set(GIT_SHA1_MBEDTLS 1)
+endif()
+
+if(USE_SHA1 STREQUAL "mbedTLS" OR USE_SHA256 STREQUAL "mbedTLS")
 	list(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR})
 	list(APPEND LIBGIT2_SYSTEM_LIBS ${MBEDTLS_LIBRARIES})
 	# mbedTLS has no pkgconfig file, hence we can't require it
 	# https://github.com/ARMmbed/mbedtls/issues/228
 	# For now, pass its link flags as our own
 	list(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES})
-elseif(USE_SHA1 STREQUAL "Win32")
-	set(GIT_SHA1_WIN32 1)
-elseif(NOT (USE_SHA1 STREQUAL "Generic"))
-	message(FATAL_ERROR "Asked for unknown SHA1 backend: ${USE_SHA1}")
 endif()
 
-add_feature_info(SHA ON "using ${USE_SHA1}")
+# notify feature enablement
+
+add_feature_info(SHA1 ON "using ${USE_SHA1}")
+add_feature_info(SHA256 ON "using ${USE_SHA256}")

include/git2/deprecated.h

@@ -436,6 +436,8 @@ GIT_EXTERN(int) git_diff_format_email_options_init(
 #define GITERR_WORKTREE GIT_ERROR_WORKTREE
 #define GITERR_SHA1 GIT_ERROR_SHA1
 
+#define GIT_ERROR_SHA1 GIT_ERROR_SHA
+
 /**
  * Return the last `git_error` object that was generated for the
  * current thread.  This is an alias of `git_error_last` and is

include/git2/errors.h

@@ -106,7 +106,7 @@ typedef enum {
 	GIT_ERROR_FILESYSTEM,
 	GIT_ERROR_PATCH,
 	GIT_ERROR_WORKTREE,
-	GIT_ERROR_SHA1,
+	GIT_ERROR_SHA,
 	GIT_ERROR_HTTP,
 	GIT_ERROR_INTERNAL
 } git_error_t;

src/features.h.in

@@ -48,6 +48,12 @@
 #cmakedefine GIT_SHA1_OPENSSL 1
 #cmakedefine GIT_SHA1_MBEDTLS 1
 
+#cmakedefine GIT_SHA256_BUILTIN 1
+#cmakedefine GIT_SHA256_WIN32 1
+#cmakedefine GIT_SHA256_COMMON_CRYPTO 1
+#cmakedefine GIT_SHA256_OPENSSL 1
+#cmakedefine GIT_SHA256_MBEDTLS 1
+
 #cmakedefine GIT_RAND_GETENTROPY 1
 
 #endif

src/util/CMakeLists.txt

@@ -9,7 +9,7 @@ set(UTIL_INCLUDES
 	"${PROJECT_SOURCE_DIR}/src/util"
 	"${PROJECT_SOURCE_DIR}/include")
 
-file(GLOB UTIL_SRC *.c *.h allocators/*.c allocators/*.h hash/sha1.h)
+file(GLOB UTIL_SRC *.c *.h allocators/*.c allocators/*.h hash.h)
 list(SORT UTIL_SRC)
 
 #
@@ -29,31 +29,45 @@ endif()
 #
 
 if(USE_SHA1 STREQUAL "CollisionDetection")
-	file(GLOB UTIL_SRC_HASH hash/sha1/collisiondetect.* hash/sha1/sha1dc/*)
+	file(GLOB UTIL_SRC_SHA1 hash/collisiondetect.* hash/sha1dc/*)
 	target_compile_definitions(util PRIVATE SHA1DC_NO_STANDARD_INCLUDES=1)
         target_compile_definitions(util PRIVATE SHA1DC_CUSTOM_INCLUDE_SHA1_C=\"git2_util.h\")
         target_compile_definitions(util PRIVATE SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C=\"git2_util.h\")
 elseif(USE_SHA1 STREQUAL "OpenSSL")
-	file(GLOB UTIL_SRC_HASH hash/sha1/openssl.*)
+	file(GLOB UTIL_SRC_SHA1 hash/openssl.*)
 elseif(USE_SHA1 STREQUAL "CommonCrypto")
-	file(GLOB UTIL_SRC_HASH hash/sha1/common_crypto.*)
+	file(GLOB UTIL_SRC_SHA1 hash/common_crypto.*)
 elseif(USE_SHA1 STREQUAL "mbedTLS")
-	file(GLOB UTIL_SRC_HASH hash/sha1/mbedtls.*)
+	file(GLOB UTIL_SRC_SHA1 hash/mbedtls.*)
 elseif(USE_SHA1 STREQUAL "Win32")
-	file(GLOB UTIL_SRC_HASH hash/sha1/win32.*)
-elseif(USE_SHA1 STREQUAL "Generic")
-	file(GLOB UTIL_SRC_HASH hash/sha1/generic.*)
+	file(GLOB UTIL_SRC_SHA1 hash/win32.*)
 else()
 	message(FATAL_ERROR "Asked for unknown SHA1 backend: ${USE_SHA1}")
 endif()
 
-list(SORT UTIL_SRC_HASH)
+list(SORT UTIL_SRC_SHA1)
+
+if(USE_SHA256 STREQUAL "Builtin")
+	file(GLOB UTIL_SRC_SHA256 hash/builtin.* hash/rfc6234/*)
+elseif(USE_SHA256 STREQUAL "OpenSSL")
+	file(GLOB UTIL_SRC_SHA256 hash/openssl.*)
+elseif(USE_SHA256 STREQUAL "CommonCrypto")
+	file(GLOB UTIL_SRC_SHA256 hash/common_crypto.*)
+elseif(USE_SHA256 STREQUAL "mbedTLS")
+	file(GLOB UTIL_SRC_SHA256 hash/mbedtls.*)
+elseif(USE_SHA256 STREQUAL "Win32")
+	file(GLOB UTIL_SRC_SHA256 hash/win32.*)
+else()
+	message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
+endif()
+
+list(SORT UTIL_SRC_SHA256)
 
 #
 # Build the library
 #
 
-target_sources(util PRIVATE ${UTIL_SRC} ${UTIL_SRC_OS} ${UTIL_SRC_HASH})
+target_sources(util PRIVATE ${UTIL_SRC} ${UTIL_SRC_OS} ${UTIL_SRC_SHA1} ${UTIL_SRC_SHA256})
 ide_split_sources(util)
 
 target_include_directories(util PRIVATE ${UTIL_INCLUDES} ${LIBGIT2_DEPENDENCY_INCLUDES} PUBLIC ${libgit2_SOURCE_DIR}/include)

src/util/hash.c

@@ -9,7 +9,11 @@
 
 int git_hash_global_init(void)
 {
-	return git_hash_sha1_global_init();
+	if (git_hash_sha1_global_init() < 0 ||
+	    git_hash_sha256_global_init() < 0)
+		return -1;
+
+	return 0;
 }
 
 int git_hash_ctx_init(git_hash_ctx *ctx, git_hash_algorithm_t algorithm)
@@ -20,6 +24,9 @@ int git_hash_ctx_init(git_hash_ctx *ctx, git_hash_algorithm_t algorithm)
 	case GIT_HASH_ALGORITHM_SHA1:
 		error = git_hash_sha1_ctx_init(&ctx->ctx.sha1);
 		break;
+	case GIT_HASH_ALGORITHM_SHA256:
+		error = git_hash_sha256_ctx_init(&ctx->ctx.sha256);
+		break;
 	default:
 		git_error_set(GIT_ERROR_INTERNAL, "unknown hash algorithm");
 		error = -1;
@@ -35,6 +42,9 @@ void git_hash_ctx_cleanup(git_hash_ctx *ctx)
 	case GIT_HASH_ALGORITHM_SHA1:
 		git_hash_sha1_ctx_cleanup(&ctx->ctx.sha1);
 		return;
+	case GIT_HASH_ALGORITHM_SHA256:
+		git_hash_sha256_ctx_cleanup(&ctx->ctx.sha256);
+		return;
 	default:
 		/* unreachable */ ;
 	}
@@ -45,6 +55,8 @@ int git_hash_init(git_hash_ctx *ctx)
 	switch (ctx->algorithm) {
 	case GIT_HASH_ALGORITHM_SHA1:
 		return git_hash_sha1_init(&ctx->ctx.sha1);
+	case GIT_HASH_ALGORITHM_SHA256:
+		return git_hash_sha256_init(&ctx->ctx.sha256);
 	default:
 		/* unreachable */ ;
 	}
@@ -58,6 +70,8 @@ int git_hash_update(git_hash_ctx *ctx, const void *data, size_t len)
 	switch (ctx->algorithm) {
 	case GIT_HASH_ALGORITHM_SHA1:
 		return git_hash_sha1_update(&ctx->ctx.sha1, data, len);
+	case GIT_HASH_ALGORITHM_SHA256:
+		return git_hash_sha256_update(&ctx->ctx.sha256, data, len);
 	default:
 		/* unreachable */ ;
 	}
@@ -71,6 +85,8 @@ int git_hash_final(unsigned char *out, git_hash_ctx *ctx)
 	switch (ctx->algorithm) {
 	case GIT_HASH_ALGORITHM_SHA1:
 		return git_hash_sha1_final(out, &ctx->ctx.sha1);
+	case GIT_HASH_ALGORITHM_SHA256:
+		return git_hash_sha256_final(out, &ctx->ctx.sha256);
 	default:
 		/* unreachable */ ;
 	}

src/util/hash.h

@@ -10,7 +10,7 @@
 
 #include "git2_util.h"
 
-#include "hash/sha1.h"
+#include "hash/sha.h"
 
 typedef struct {
 	void *data;
@@ -19,12 +19,14 @@ typedef struct {
 
 typedef enum {
 	GIT_HASH_ALGORITHM_NONE = 0,
-	GIT_HASH_ALGORITHM_SHA1
+	GIT_HASH_ALGORITHM_SHA1,
+	GIT_HASH_ALGORITHM_SHA256
 } git_hash_algorithm_t;
 
 typedef struct git_hash_ctx {
 	union {
 		git_hash_sha1_ctx sha1;
+		git_hash_sha256_ctx sha256;
 	} ctx;
 	git_hash_algorithm_t algorithm;
 } git_hash_ctx;

src/util/hash/sha1/openssl.c → src/util/hash/builtin.c

@@ -5,55 +5,49 @@
  * a Linking Exception. For full terms see the included COPYING file.
  */
 
-#include "openssl.h"
+#include "builtin.h"
 
-int git_hash_sha1_global_init(void)
+int git_hash_sha256_global_init(void)
 {
 	return 0;
 }
 
-int git_hash_sha1_ctx_init(git_hash_sha1_ctx *ctx)
+int git_hash_sha256_ctx_init(git_hash_sha256_ctx *ctx)
 {
-	return git_hash_sha1_init(ctx);
+	return git_hash_sha256_init(ctx);
 }
 
-void git_hash_sha1_ctx_cleanup(git_hash_sha1_ctx *ctx)
+void git_hash_sha256_ctx_cleanup(git_hash_sha256_ctx *ctx)
 {
 	GIT_UNUSED(ctx);
 }
 
-int git_hash_sha1_init(git_hash_sha1_ctx *ctx)
+int git_hash_sha256_init(git_hash_sha256_ctx *ctx)
 {
 	GIT_ASSERT_ARG(ctx);
-
-	if (SHA1_Init(&ctx->c) != 1) {
-		git_error_set(GIT_ERROR_SHA1, "hash_openssl: failed to initialize hash context");
+	if (SHA256Reset(&ctx->c)) {
+		git_error_set(GIT_ERROR_SHA, "SHA256 error");
 		return -1;
 	}
-
 	return 0;
 }
 
-int git_hash_sha1_update(git_hash_sha1_ctx *ctx, const void *data, size_t len)
+int git_hash_sha256_update(git_hash_sha256_ctx *ctx, const void *data, size_t len)
 {
 	GIT_ASSERT_ARG(ctx);
-
-	if (SHA1_Update(&ctx->c, data, len) != 1) {
-		git_error_set(GIT_ERROR_SHA1, "hash_openssl: failed to update hash");
+	if (SHA256Input(&ctx->c, data, len)) {
+		git_error_set(GIT_ERROR_SHA, "SHA256 error");
 		return -1;
 	}
-
 	return 0;
 }
 
-int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
+int git_hash_sha256_final(unsigned char *out, git_hash_sha256_ctx *ctx)
 {
 	GIT_ASSERT_ARG(ctx);
-
-	if (SHA1_Final(out, &ctx->c) != 1) {
-		git_error_set(GIT_ERROR_SHA1, "hash_openssl: failed to finalize hash");
+	if (SHA256Result(&ctx->c, out)) {
+		git_error_set(GIT_ERROR_SHA, "SHA256 error");
 		return -1;
 	}
-
 	return 0;
 }

src/util/hash/sha1/generic.h → src/util/hash/builtin.h

@@ -5,15 +5,15 @@
  * a Linking Exception. For full terms see the included COPYING file.
  */
 
-#ifndef INCLUDE_hash_sha1_generic_h__
-#define INCLUDE_hash_sha1_generic_h__
+#ifndef INCLUDE_hash_builtin_h__
+#define INCLUDE_hash_builtin_h__
 
-#include "hash/sha1.h"
+#include "hash/sha.h"
 
-struct git_hash_sha1_ctx {
-	uint64_t size;
-	unsigned int H[5];
-	unsigned int W[16];
+#include "rfc6234/sha.h"
+
+struct git_hash_sha256_ctx {
+	SHA256Context c;
 };
 
 #endif

src/util/hash/sha1/collisiondetect.c → src/util/hash/collisiondetect.c

@@ -40,7 +40,7 @@ int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
 {
 	GIT_ASSERT_ARG(ctx);
 	if (SHA1DCFinal(out, &ctx->c)) {
-		git_error_set(GIT_ERROR_SHA1, "SHA1 collision attack detected");
+		git_error_set(GIT_ERROR_SHA, "SHA1 collision attack detected");
 		return -1;
 	}
 

src/util/hash/sha1/collisiondetect.h → src/util/hash/collisiondetect.h

@@ -5,10 +5,10 @@
  * a Linking Exception. For full terms see the included COPYING file.
  */
 
-#ifndef INCLUDE_hash_sha1_collisiondetect_h__
-#define INCLUDE_hash_sha1_collisiondetect_h__
+#ifndef INCLUDE_hash_collisiondetect_h__
+#define INCLUDE_hash_collisiondetect_h__
 
-#include "hash/sha1.h"
+#include "hash/sha.h"
 
 #include "sha1dc/sha1.h"
 

src/util/hash/sha1/common_crypto.c → src/util/hash/common_crypto.c

@@ -9,6 +9,8 @@
 
 #define CC_LONG_MAX ((CC_LONG)-1)
 
+#ifdef GIT_SHA1_COMMON_CRYPTO
+
 int git_hash_sha1_global_init(void)
 {
 	return 0;
@@ -55,3 +57,56 @@ int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
 	CC_SHA1_Final(out, &ctx->c);
 	return 0;
 }
+
+#endif
+
+#ifdef GIT_SHA256_COMMON_CRYPTO
+
+int git_hash_sha256_global_init(void)
+{
+	return 0;
+}
+
+int git_hash_sha256_ctx_init(git_hash_sha256_ctx *ctx)
+{
+	return git_hash_sha256_init(ctx);
+}
+
+void git_hash_sha256_ctx_cleanup(git_hash_sha256_ctx *ctx)
+{
+	GIT_UNUSED(ctx);
+}
+
+int git_hash_sha256_init(git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+	CC_SHA256_Init(&ctx->c);
+	return 0;
+}
+
+int git_hash_sha256_update(git_hash_sha256_ctx *ctx, const void *_data, size_t len)
+{
+	const unsigned char *data = _data;
+
+	GIT_ASSERT_ARG(ctx);
+
+	while (len > 0) {
+		CC_LONG chunk = (len > CC_LONG_MAX) ? CC_LONG_MAX : (CC_LONG)len;
+
+		CC_SHA256_Update(&ctx->c, data, chunk);
+
+		data += chunk;
+		len -= chunk;
+	}
+
+	return 0;
+}
+
+int git_hash_sha256_final(unsigned char *out, git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+	CC_SHA256_Final(out, &ctx->c);
+	return 0;
+}
+
+#endif

src/util/hash/sha1/common_crypto.h → src/util/hash/common_crypto.h

@@ -5,15 +5,23 @@
  * a Linking Exception. For full terms see the included COPYING file.
  */
 
-#ifndef INCLUDE_hash_sha1_common_crypto_h__
-#define INCLUDE_hash_sha1_common_crypto_h__
+#ifndef INCLUDE_hash_common_crypto_h__
+#define INCLUDE_hash_common_crypto_h__
 
-#include "hash/sha1.h"
+#include "hash/sha.h"
 
 #include <CommonCrypto/CommonDigest.h>
 
+#ifdef GIT_SHA1_COMMON_CRYPTO
 struct git_hash_sha1_ctx {
 	CC_SHA1_CTX c;
 };
+#endif
+
+#ifdef GIT_SHA256_COMMON_CRYPTO
+struct git_hash_sha256_ctx {
+	CC_SHA256_CTX c;
+};
+#endif
 
 #endif

src/util/hash/sha1/mbedtls.c → src/util/hash/mbedtls.c

@@ -7,6 +7,8 @@
 
 #include "mbedtls.h"
 
+#ifdef GIT_SHA1_MBEDTLS
+
 int git_hash_sha1_global_init(void)
 {
 	return 0;
@@ -44,3 +46,47 @@ int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
 	mbedtls_sha1_finish(&ctx->c, out);
 	return 0;
 }
+
+#endif
+
+#ifdef GIT_SHA256_MBEDTLS
+
+int git_hash_sha256_global_init(void)
+{
+	return 0;
+}
+
+int git_hash_sha256_ctx_init(git_hash_sha256_ctx *ctx)
+{
+	return git_hash_sha256_init(ctx);
+}
+
+void git_hash_sha256_ctx_cleanup(git_hash_sha256_ctx *ctx)
+{
+	if (ctx)
+		mbedtls_sha256_free(&ctx->c);
+}
+
+int git_hash_sha256_init(git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+	mbedtls_sha256_init(&ctx->c);
+	mbedtls_sha256_starts(&ctx->c, 0);
+	return 0;
+}
+
+int git_hash_sha256_update(git_hash_sha256_ctx *ctx, const void *data, size_t len)
+{
+	GIT_ASSERT_ARG(ctx);
+	mbedtls_sha256_update(&ctx->c, data, len);
+	return 0;
+}
+
+int git_hash_sha256_final(unsigned char *out, git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+	mbedtls_sha256_finish(&ctx->c, out);
+	return 0;
+}
+
+#endif

src/util/hash/sha1/mbedtls.h → src/util/hash/mbedtls.h

@@ -5,15 +5,25 @@
  * a Linking Exception. For full terms see the included COPYING file.
  */
 
-#ifndef INCLUDE_hash_sha1_mbedtls_h__
-#define INCLUDE_hash_sha1_mbedtls_h__
+#ifndef INCLUDE_hash_mbedtls_h__
+#define INCLUDE_hash_mbedtls_h__
 
-#include "hash/sha1.h"
+#include "hash/sha.h"
 
-#include <mbedtls/sha1.h>
+#ifdef GIT_SHA1_MBEDTLS
+# include <mbedtls/sha1.h>
 
 struct git_hash_sha1_ctx {
     mbedtls_sha1_context c;
 };
+#endif
+
+#ifdef GIT_SHA256_MBEDTLS
+# include <mbedtls/sha256.h>
+
+struct git_hash_sha256_ctx {
+    mbedtls_sha256_context c;
+};
+#endif
 
 #endif /* INCLUDE_hash_sha1_mbedtls_h__ */

src/util/hash/openssl.c

+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include "openssl.h"
+
+#ifdef GIT_SHA1_OPENSSL
+
+int git_hash_sha1_global_init(void)
+{
+	return 0;
+}
+
+int git_hash_sha1_ctx_init(git_hash_sha1_ctx *ctx)
+{
+	return git_hash_sha1_init(ctx);
+}
+
+void git_hash_sha1_ctx_cleanup(git_hash_sha1_ctx *ctx)
+{
+	GIT_UNUSED(ctx);
+}
+
+int git_hash_sha1_init(git_hash_sha1_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+
+	if (SHA1_Init(&ctx->c) != 1) {
+		git_error_set(GIT_ERROR_SHA, "failed to initialize sha1 context");
+		return -1;
+	}
+
+	return 0;
+}
+
+int git_hash_sha1_update(git_hash_sha1_ctx *ctx, const void *data, size_t len)
+{
+	GIT_ASSERT_ARG(ctx);
+
+	if (SHA1_Update(&ctx->c, data, len) != 1) {
+		git_error_set(GIT_ERROR_SHA, "failed to update sha1");
+		return -1;
+	}
+
+	return 0;
+}
+
+int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+
+	if (SHA1_Final(out, &ctx->c) != 1) {
+		git_error_set(GIT_ERROR_SHA, "failed to finalize sha1");
+		return -1;
+	}
+
+	return 0;
+}
+
+#endif
+
+#ifdef GIT_SHA256_OPENSSL
+
+int git_hash_sha256_global_init(void)
+{
+	return 0;
+}
+
+int git_hash_sha256_ctx_init(git_hash_sha256_ctx *ctx)
+{
+	return git_hash_sha256_init(ctx);
+}
+
+void git_hash_sha256_ctx_cleanup(git_hash_sha256_ctx *ctx)
+{
+	GIT_UNUSED(ctx);
+}
+
+int git_hash_sha256_init(git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+
+	if (SHA256_Init(&ctx->c) != 1) {
+		git_error_set(GIT_ERROR_SHA, "failed to initialize sha256 context");
+		return -1;
+	}
+
+	return 0;
+}
+
+int git_hash_sha256_update(git_hash_sha256_ctx *ctx, const void *data, size_t len)
+{
+	GIT_ASSERT_ARG(ctx);
+
+	if (SHA256_Update(&ctx->c, data, len) != 1) {
+		git_error_set(GIT_ERROR_SHA, "failed to update sha256");
+		return -1;
+	}
+
+	return 0;
+}
+
+int git_hash_sha256_final(unsigned char *out, git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+
+	if (SHA256_Final(out, &ctx->c) != 1) {
+		git_error_set(GIT_ERROR_SHA, "failed to finalize sha256");
+		return -1;
+	}
+
+	return 0;
+}
+
+#endif

src/util/hash/sha1/openssl.h → src/util/hash/openssl.h

@@ -5,15 +5,23 @@
  * a Linking Exception. For full terms see the included COPYING file.
  */
 
-#ifndef INCLUDE_hash_sha1_openssl_h__
-#define INCLUDE_hash_sha1_openssl_h__
+#ifndef INCLUDE_hash_openssl_h__
+#define INCLUDE_hash_openssl_h__
 
-#include "hash/sha1.h"
+#include "hash/sha.h"
 
 #include <openssl/sha.h>
 
+#ifdef GIT_SHA1_OPENSSL
 struct git_hash_sha1_ctx {
 	SHA_CTX c;
 };
+#endif
+
+#ifdef GIT_SHA256_OPENSSL
+struct git_hash_sha256_ctx {
+	SHA256_CTX c;
+};
+#endif
 
 #endif

src/util/hash/sha.h

+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#ifndef INCLUDE_hash_sha_h__
+#define INCLUDE_hash_sha_h__
+
+#include "git2_util.h"
+
+typedef struct git_hash_sha1_ctx git_hash_sha1_ctx;
+typedef struct git_hash_sha256_ctx git_hash_sha256_ctx;
+
+#if defined(GIT_SHA1_COMMON_CRYPTO) || defined(GIT_SHA256_COMMON_CRYPTO)
+# include "common_crypto.h"
+#endif
+
+#if defined(GIT_SHA1_OPENSSL) || defined(GIT_SHA256_OPENSSL)
+# include "openssl.h"
+#endif
+
+#if defined(GIT_SHA1_WIN32) || defined(GIT_SHA256_WIN32)
+# include "win32.h"
+#endif
+
+#if defined(GIT_SHA1_MBEDTLS) || defined(GIT_SHA256_MBEDTLS)
+# include "mbedtls.h"
+#endif
+
+#if defined(GIT_SHA1_COLLISIONDETECT)
+# include "collisiondetect.h"
+#endif
+
+#if defined(GIT_SHA256_BUILTIN)
+# include "builtin.h"
+#endif
+
+/*
+ * SHA1
+ */
+
+#define GIT_HASH_SHA1_SIZE 20
+
+int git_hash_sha1_global_init(void);
+
+int git_hash_sha1_ctx_init(git_hash_sha1_ctx *ctx);
+void git_hash_sha1_ctx_cleanup(git_hash_sha1_ctx *ctx);
+
+int git_hash_sha1_init(git_hash_sha1_ctx *c);
+int git_hash_sha1_update(git_hash_sha1_ctx *c, const void *data, size_t len);
+int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *c);
+
+/*
+ * SHA256
+ */
+
+#define GIT_HASH_SHA256_SIZE 32
+
+int git_hash_sha256_global_init(void);
+
+int git_hash_sha256_ctx_init(git_hash_sha256_ctx *ctx);
+void git_hash_sha256_ctx_cleanup(git_hash_sha256_ctx *ctx);
+
+int git_hash_sha256_init(git_hash_sha256_ctx *c);
+int git_hash_sha256_update(git_hash_sha256_ctx *c, const void *data, size_t len);
+int git_hash_sha256_final(unsigned char *out, git_hash_sha256_ctx *c);
+
+#endif

src/util/hash/sha1.h

-/*
- * Copyright (C) the libgit2 contributors. All rights reserved.
- *
- * This file is part of libgit2, distributed under the GNU GPL v2 with
- * a Linking Exception. For full terms see the included COPYING file.
- */
-
-#ifndef INCLUDE_hash_sha1_h__
-#define INCLUDE_hash_sha1_h__
-
-#include "git2_util.h"
-
-typedef struct git_hash_sha1_ctx git_hash_sha1_ctx;
-
-#if defined(GIT_SHA1_COLLISIONDETECT)
-# include "sha1/collisiondetect.h"
-#elif defined(GIT_SHA1_COMMON_CRYPTO)
-# include "sha1/common_crypto.h"
-#elif defined(GIT_SHA1_OPENSSL)
-# include "sha1/openssl.h"
-#elif defined(GIT_SHA1_WIN32)
-# include "sha1/win32.h"
-#elif defined(GIT_SHA1_MBEDTLS)
-# include "sha1/mbedtls.h"
-#else
-# include "sha1/generic.h"
-#endif
-
-#define GIT_HASH_SHA1_SIZE 20
-
-int git_hash_sha1_global_init(void);
-
-int git_hash_sha1_ctx_init(git_hash_sha1_ctx *ctx);
-void git_hash_sha1_ctx_cleanup(git_hash_sha1_ctx *ctx);
-
-int git_hash_sha1_init(git_hash_sha1_ctx *c);
-int git_hash_sha1_update(git_hash_sha1_ctx *c, const void *data, size_t len);
-int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *c);
-
-#endif

src/util/hash/sha1/generic.c

-/*
- * Copyright (C) the libgit2 contributors. All rights reserved.
- *
- * This file is part of libgit2, distributed under the GNU GPL v2 with
- * a Linking Exception. For full terms see the included COPYING file.
- */
-
-#include "generic.h"
-
-#if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))
-
-/*
- * Force usage of rol or ror by selecting the one with the smaller constant.
- * It _can_ generate slightly smaller code (a constant of 1 is special), but
- * perhaps more importantly it's possibly faster on any uarch that does a
- * rotate with a loop.
- */
-
-#define SHA_ASM(op, x, n) (__extension__ ({ unsigned int __res; __asm__(op " %1,%0":"=r" (__res):"i" (n), "0" (x)); __res; }))
-#define SHA_ROL(x,n)	SHA_ASM("rol", x, n)
-#define SHA_ROR(x,n)	SHA_ASM("ror", x, n)
-
-#else
-
-#define SHA_ROT(X,l,r)	(((X) << (l)) | ((X) >> (r)))
-#define SHA_ROL(X,n)	SHA_ROT(X,n,32-(n))
-#define SHA_ROR(X,n)	SHA_ROT(X,32-(n),n)
-
-#endif
-
-/*
- * If you have 32 registers or more, the compiler can (and should)
- * try to change the array[] accesses into registers. However, on
- * machines with less than ~25 registers, that won't really work,
- * and at least gcc will make an unholy mess of it.
- *
- * So to avoid that mess which just slows things down, we force
- * the stores to memory to actually happen (we might be better off
- * with a 'W(t)=(val);asm("":"+m" (W(t))' there instead, as
- * suggested by Artur Skawina - that will also make gcc unable to
- * try to do the silly "optimize away loads" part because it won't
- * see what the value will be).
- *
- * Ben Herrenschmidt reports that on PPC, the C version comes close
- * to the optimized asm with this (ie on PPC you don't want that
- * 'volatile', since there are lots of registers).
- *
- * On ARM we get the best code generation by forcing a full memory barrier
- * between each SHA_ROUND, otherwise gcc happily get wild with spilling and
- * the stack frame size simply explode and performance goes down the drain.
- */
-
-#if defined(__i386__) || defined(__x86_64__)
- #define setW(x, val) (*(volatile unsigned int *)&W(x) = (val))
-#elif defined(__GNUC__) && defined(__arm__)
- #define setW(x, val) do { W(x) = (val); __asm__("":::"memory"); } while (0)
-#else
- #define setW(x, val) (W(x) = (val))
-#endif
-
-/*
- * Performance might be improved if the CPU architecture is OK with
- * unaligned 32-bit loads and a fast ntohl() is available.
- * Otherwise fall back to byte loads and shifts which is portable,
- * and is faster on architectures with memory alignment issues.
- */
-
-#if defined(__i386__) || defined(__x86_64__) || \
-	defined(_M_IX86) || defined(_M_X64) || \
-	defined(__ppc__) || defined(__ppc64__) || \
-	defined(__powerpc__) || defined(__powerpc64__) || \
-	defined(__s390__) || defined(__s390x__)
-
-#define get_be32(p)	ntohl(*(const unsigned int *)(p))
-#define put_be32(p, v)	do { *(unsigned int *)(p) = htonl(v); } while (0)
-
-#else
-
-#define get_be32(p)	( \
-	(*((const unsigned char *)(p) + 0) << 24) | \
-	(*((const unsigned char *)(p) + 1) << 16) | \
-	(*((const unsigned char *)(p) + 2) << 8) | \
-	(*((const unsigned char *)(p) + 3) << 0) )
-#define put_be32(p, v)	do { \
-	unsigned int __v = (v); \
-	*((unsigned char *)(p) + 0) = __v >> 24; \
-	*((unsigned char *)(p) + 1) = __v >> 16; \
-	*((unsigned char *)(p) + 2) = __v >> 8; \
-	*((unsigned char *)(p) + 3) = __v >> 0; } while (0)
-
-#endif
-
-/* This "rolls" over the 512-bit array */
-#define W(x) (array[(x)&15])
-
-/*
- * Where do we get the source from? The first 16 iterations get it from
- * the input data, the next mix it from the 512-bit array.
- */
-#define SHA_SRC(t) get_be32(data + t)
-#define SHA_MIX(t) SHA_ROL(W(t+13) ^ W(t+8) ^ W(t+2) ^ W(t), 1)
-
-#define SHA_ROUND(t, input, fn, constant, A, B, C, D, E) do { \
-	unsigned int TEMP = input(t); setW(t, TEMP); \
-	E += TEMP + SHA_ROL(A,5) + (fn) + (constant); \
-	B = SHA_ROR(B, 2); } while (0)
-
-#define T_0_15(t, A, B, C, D, E) SHA_ROUND(t, SHA_SRC, (((C^D)&B)^D) , 0x5a827999, A, B, C, D, E )
-#define T_16_19(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (((C^D)&B)^D) , 0x5a827999, A, B, C, D, E )
-#define T_20_39(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (B^C^D) , 0x6ed9eba1, A, B, C, D, E )
-#define T_40_59(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, ((B&C)+(D&(B^C))) , 0x8f1bbcdc, A, B, C, D, E )
-#define T_60_79(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (B^C^D) , 0xca62c1d6, A, B, C, D, E )
-
-static void hash__block(git_hash_sha1_ctx *ctx, const unsigned int *data)
-{
-	unsigned int A,B,C,D,E;
-	unsigned int array[16];
-
-	A = ctx->H[0];
-	B = ctx->H[1];
-	C = ctx->H[2];
-	D = ctx->H[3];
-	E = ctx->H[4];
-
-	/* Round 1 - iterations 0-16 take their input from 'data' */
-	T_0_15( 0, A, B, C, D, E);
-	T_0_15( 1, E, A, B, C, D);
-	T_0_15( 2, D, E, A, B, C);
-	T_0_15( 3, C, D, E, A, B);
-	T_0_15( 4, B, C, D, E, A);
-	T_0_15( 5, A, B, C, D, E);
-	T_0_15( 6, E, A, B, C, D);
-	T_0_15( 7, D, E, A, B, C);
-	T_0_15( 8, C, D, E, A, B);
-	T_0_15( 9, B, C, D, E, A);
-	T_0_15(10, A, B, C, D, E);
-	T_0_15(11, E, A, B, C, D);
-	T_0_15(12, D, E, A, B, C);
-	T_0_15(13, C, D, E, A, B);
-	T_0_15(14, B, C, D, E, A);
-	T_0_15(15, A, B, C, D, E);
-
-	/* Round 1 - tail. Input from 512-bit mixing array */
-	T_16_19(16, E, A, B, C, D);
-	T_16_19(17, D, E, A, B, C);
-	T_16_19(18, C, D, E, A, B);
-	T_16_19(19, B, C, D, E, A);
-
-	/* Round 2 */
-	T_20_39(20, A, B, C, D, E);
-	T_20_39(21, E, A, B, C, D);
-	T_20_39(22, D, E, A, B, C);
-	T_20_39(23, C, D, E, A, B);
-	T_20_39(24, B, C, D, E, A);
-	T_20_39(25, A, B, C, D, E);
-	T_20_39(26, E, A, B, C, D);
-	T_20_39(27, D, E, A, B, C);
-	T_20_39(28, C, D, E, A, B);
-	T_20_39(29, B, C, D, E, A);
-	T_20_39(30, A, B, C, D, E);
-	T_20_39(31, E, A, B, C, D);
-	T_20_39(32, D, E, A, B, C);
-	T_20_39(33, C, D, E, A, B);
-	T_20_39(34, B, C, D, E, A);
-	T_20_39(35, A, B, C, D, E);
-	T_20_39(36, E, A, B, C, D);
-	T_20_39(37, D, E, A, B, C);
-	T_20_39(38, C, D, E, A, B);
-	T_20_39(39, B, C, D, E, A);
-
-	/* Round 3 */
-	T_40_59(40, A, B, C, D, E);
-	T_40_59(41, E, A, B, C, D);
-	T_40_59(42, D, E, A, B, C);
-	T_40_59(43, C, D, E, A, B);
-	T_40_59(44, B, C, D, E, A);
-	T_40_59(45, A, B, C, D, E);
-	T_40_59(46, E, A, B, C, D);
-	T_40_59(47, D, E, A, B, C);
-	T_40_59(48, C, D, E, A, B);
-	T_40_59(49, B, C, D, E, A);
-	T_40_59(50, A, B, C, D, E);
-	T_40_59(51, E, A, B, C, D);
-	T_40_59(52, D, E, A, B, C);
-	T_40_59(53, C, D, E, A, B);
-	T_40_59(54, B, C, D, E, A);
-	T_40_59(55, A, B, C, D, E);
-	T_40_59(56, E, A, B, C, D);
-	T_40_59(57, D, E, A, B, C);
-	T_40_59(58, C, D, E, A, B);
-	T_40_59(59, B, C, D, E, A);
-
-	/* Round 4 */
-	T_60_79(60, A, B, C, D, E);
-	T_60_79(61, E, A, B, C, D);
-	T_60_79(62, D, E, A, B, C);
-	T_60_79(63, C, D, E, A, B);
-	T_60_79(64, B, C, D, E, A);
-	T_60_79(65, A, B, C, D, E);
-	T_60_79(66, E, A, B, C, D);
-	T_60_79(67, D, E, A, B, C);
-	T_60_79(68, C, D, E, A, B);
-	T_60_79(69, B, C, D, E, A);
-	T_60_79(70, A, B, C, D, E);
-	T_60_79(71, E, A, B, C, D);
-	T_60_79(72, D, E, A, B, C);
-	T_60_79(73, C, D, E, A, B);
-	T_60_79(74, B, C, D, E, A);
-	T_60_79(75, A, B, C, D, E);
-	T_60_79(76, E, A, B, C, D);
-	T_60_79(77, D, E, A, B, C);
-	T_60_79(78, C, D, E, A, B);
-	T_60_79(79, B, C, D, E, A);
-
-	ctx->H[0] += A;
-	ctx->H[1] += B;
-	ctx->H[2] += C;
-	ctx->H[3] += D;
-	ctx->H[4] += E;
-}
-
-int git_hash_sha1_global_init(void)
-{
-	return 0;
-}
-
-int git_hash_sha1_ctx_init(git_hash_sha1_ctx *ctx)
-{
-	return git_hash_sha1_init(ctx);
-}
-
-void git_hash_sha1_ctx_cleanup(git_hash_sha1_ctx *ctx)
-{
-	GIT_UNUSED(ctx);
-}
-
-int git_hash_sha1_init(git_hash_sha1_ctx *ctx)
-{
-	ctx->size = 0;
-
-	/* Initialize H with the magic constants (see FIPS180 for constants) */
-	ctx->H[0] = 0x67452301;
-	ctx->H[1] = 0xefcdab89;
-	ctx->H[2] = 0x98badcfe;
-	ctx->H[3] = 0x10325476;
-	ctx->H[4] = 0xc3d2e1f0;
-
-	return 0;
-}
-
-int git_hash_sha1_update(git_hash_sha1_ctx *ctx, const void *data, size_t len)
-{
-	unsigned int lenW = ctx->size & 63;
-
-	ctx->size += len;
-
-	/* Read the data into W and process blocks as they get full */
-	if (lenW) {
-		unsigned int left = 64 - lenW;
-		if (len < left)
-			left = (unsigned int)len;
-		memcpy(lenW + (char *)ctx->W, data, left);
-		lenW = (lenW + left) & 63;
-		len -= left;
-		data = ((const char *)data + left);
-		if (lenW)
-			return 0;
-		hash__block(ctx, ctx->W);
-	}
-	while (len >= 64) {
-		hash__block(ctx, data);
-		data = ((const char *)data + 64);
-		len -= 64;
-	}
-	if (len)
-		memcpy(ctx->W, data, len);
-
-	return 0;
-}
-
-int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
-{
-	static const unsigned char pad[64] = { 0x80 };
-	unsigned int padlen[2];
-	int i;
-
-	/* Pad with a binary 1 (ie 0x80), then zeroes, then length */
-	padlen[0] = htonl((uint32_t)(ctx->size >> 29));
-	padlen[1] = htonl((uint32_t)(ctx->size << 3));
-
-	i = ctx->size & 63;
-	git_hash_sha1_update(ctx, pad, 1+ (63 & (55 - i)));
-	git_hash_sha1_update(ctx, padlen, 8);
-
-	/* Output hash */
-	for (i = 0; i < 5; i++)
-		put_be32(out + i*4, ctx->H[i]);
-
-	return 0;
-}

src/util/hash/sha1/win32.c

-/*
- * Copyright (C) the libgit2 contributors. All rights reserved.
- *
- * This file is part of libgit2, distributed under the GNU GPL v2 with
- * a Linking Exception. For full terms see the included COPYING file.
- */
-
-#include "win32.h"
-
-#include "runtime.h"
-
-#include <wincrypt.h>
-#include <strsafe.h>
-
-#define GIT_HASH_CNG_DLL_NAME           "bcrypt.dll"
-
-/* BCRYPT_SHA1_ALGORITHM */
-#define GIT_HASH_CNG_HASH_TYPE          L"SHA1"
-
-/* BCRYPT_OBJECT_LENGTH */
-#define GIT_HASH_CNG_HASH_OBJECT_LEN    L"ObjectLength"
-
-/* BCRYPT_HASH_REUSEABLE_FLAGS */
-#define GIT_HASH_CNG_HASH_REUSABLE      0x00000020
-
-static git_hash_prov hash_prov = {0};
-
-/* Hash initialization */
-
-/* Initialize CNG, if available */
-GIT_INLINE(int) hash_cng_prov_init(void)
-{
-	char dll_path[MAX_PATH];
-	DWORD dll_path_len, size_len;
-
-	/* Only use CNG on Windows 2008 / Vista SP1  or better (Windows 6.0 SP1) */
-	if (!git_has_win32_version(6, 0, 1)) {
-		git_error_set(GIT_ERROR_SHA1, "CryptoNG is not supported on this platform");
-		return -1;
-	}
-
-	/* Load bcrypt.dll explicitly from the system directory */
-	if ((dll_path_len = GetSystemDirectory(dll_path, MAX_PATH)) == 0 ||
-		dll_path_len > MAX_PATH ||
-		StringCchCat(dll_path, MAX_PATH, "\\") < 0 ||
-		StringCchCat(dll_path, MAX_PATH, GIT_HASH_CNG_DLL_NAME) < 0 ||
-		(hash_prov.prov.cng.dll = LoadLibrary(dll_path)) == NULL) {
-		git_error_set(GIT_ERROR_SHA1, "CryptoNG library could not be loaded");
-		return -1;
-	}
-
-	/* Load the function addresses */
-	if ((hash_prov.prov.cng.open_algorithm_provider = (hash_win32_cng_open_algorithm_provider_fn)GetProcAddress(hash_prov.prov.cng.dll, "BCryptOpenAlgorithmProvider")) == NULL ||
-		(hash_prov.prov.cng.get_property = (hash_win32_cng_get_property_fn)GetProcAddress(hash_prov.prov.cng.dll, "BCryptGetProperty")) == NULL ||
-		(hash_prov.prov.cng.create_hash = (hash_win32_cng_create_hash_fn)GetProcAddress(hash_prov.prov.cng.dll, "BCryptCreateHash")) == NULL ||
-		(hash_prov.prov.cng.finish_hash = (hash_win32_cng_finish_hash_fn)GetProcAddress(hash_prov.prov.cng.dll, "BCryptFinishHash")) == NULL ||
-		(hash_prov.prov.cng.hash_data = (hash_win32_cng_hash_data_fn)GetProcAddress(hash_prov.prov.cng.dll, "BCryptHashData")) == NULL ||
-		(hash_prov.prov.cng.destroy_hash = (hash_win32_cng_destroy_hash_fn)GetProcAddress(hash_prov.prov.cng.dll, "BCryptDestroyHash")) == NULL ||
-		(hash_prov.prov.cng.close_algorithm_provider = (hash_win32_cng_close_algorithm_provider_fn)GetProcAddress(hash_prov.prov.cng.dll, "BCryptCloseAlgorithmProvider")) == NULL) {
-		FreeLibrary(hash_prov.prov.cng.dll);
-
-		git_error_set(GIT_ERROR_OS, "CryptoNG functions could not be loaded");
-		return -1;
-	}
-
-	/* Load the SHA1 algorithm */
-	if (hash_prov.prov.cng.open_algorithm_provider(&hash_prov.prov.cng.handle, GIT_HASH_CNG_HASH_TYPE, NULL, GIT_HASH_CNG_HASH_REUSABLE) < 0) {
-		FreeLibrary(hash_prov.prov.cng.dll);
-
-		git_error_set(GIT_ERROR_OS, "algorithm provider could not be initialized");
-		return -1;
-	}
-
-	/* Get storage space for the hash object */
-	if (hash_prov.prov.cng.get_property(hash_prov.prov.cng.handle, GIT_HASH_CNG_HASH_OBJECT_LEN, (PBYTE)&hash_prov.prov.cng.hash_object_size, sizeof(DWORD), &size_len, 0) < 0) {
-		hash_prov.prov.cng.close_algorithm_provider(hash_prov.prov.cng.handle, 0);
-		FreeLibrary(hash_prov.prov.cng.dll);
-
-		git_error_set(GIT_ERROR_OS, "algorithm handle could not be found");
-		return -1;
-	}
-
-	hash_prov.type = CNG;
-	return 0;
-}
-
-GIT_INLINE(void) hash_cng_prov_shutdown(void)
-{
-	hash_prov.prov.cng.close_algorithm_provider(hash_prov.prov.cng.handle, 0);
-	FreeLibrary(hash_prov.prov.cng.dll);
-
-	hash_prov.type = INVALID;
-}
-
-/* Initialize CryptoAPI */
-GIT_INLINE(int) hash_cryptoapi_prov_init()
-{
-	if (!CryptAcquireContext(&hash_prov.prov.cryptoapi.handle, NULL, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
-		git_error_set(GIT_ERROR_OS, "legacy hash context could not be started");
-		return -1;
-	}
-
-	hash_prov.type = CRYPTOAPI;
-	return 0;
-}
-
-GIT_INLINE(void) hash_cryptoapi_prov_shutdown(void)
-{
-	CryptReleaseContext(hash_prov.prov.cryptoapi.handle, 0);
-
-	hash_prov.type = INVALID;
-}
-
-static void sha1_shutdown(void)
-{
-	if (hash_prov.type == CNG)
-		hash_cng_prov_shutdown();
-	else if(hash_prov.type == CRYPTOAPI)
-		hash_cryptoapi_prov_shutdown();
-}
-
-int git_hash_sha1_global_init(void)
-{
-	int error = 0;
-
-	if (hash_prov.type != INVALID)
-		return 0;
-
-	if ((error = hash_cng_prov_init()) < 0)
-		error = hash_cryptoapi_prov_init();
-
-	if (!error)
-		error = git_runtime_shutdown_register(sha1_shutdown);
-
-	return error;
-}
-
-/* CryptoAPI: available in Windows XP and newer */
-
-GIT_INLINE(int) hash_ctx_cryptoapi_init(git_hash_sha1_ctx *ctx)
-{
-	ctx->type = CRYPTOAPI;
-	ctx->prov = &hash_prov;
-
-	return git_hash_sha1_init(ctx);
-}
-
-GIT_INLINE(int) hash_cryptoapi_init(git_hash_sha1_ctx *ctx)
-{
-	if (ctx->ctx.cryptoapi.valid)
-		CryptDestroyHash(ctx->ctx.cryptoapi.hash_handle);
-
-	if (!CryptCreateHash(ctx->prov->prov.cryptoapi.handle, CALG_SHA1, 0, 0, &ctx->ctx.cryptoapi.hash_handle)) {
-		ctx->ctx.cryptoapi.valid = 0;
-		git_error_set(GIT_ERROR_OS, "legacy hash implementation could not be created");
-		return -1;
-	}
-
-	ctx->ctx.cryptoapi.valid = 1;
-	return 0;
-}
-
-GIT_INLINE(int) hash_cryptoapi_update(git_hash_sha1_ctx *ctx, const void *_data, size_t len)
-{
-	const BYTE *data = (BYTE *)_data;
-
-	GIT_ASSERT(ctx->ctx.cryptoapi.valid);
-
-	while (len > 0) {
-		DWORD chunk = (len > MAXDWORD) ? MAXDWORD : (DWORD)len;
-
-		if (!CryptHashData(ctx->ctx.cryptoapi.hash_handle, data, chunk, 0)) {
-			git_error_set(GIT_ERROR_OS, "legacy hash data could not be updated");
-			return -1;
-		}
-
-		data += chunk;
-		len -= chunk;
-	}
-
-	return 0;
-}
-
-GIT_INLINE(int) hash_cryptoapi_final(unsigned char *out, git_hash_sha1_ctx *ctx)
-{
-	DWORD len = GIT_HASH_SHA1_SIZE;
-	int error = 0;
-
-	GIT_ASSERT(ctx->ctx.cryptoapi.valid);
-
-	if (!CryptGetHashParam(ctx->ctx.cryptoapi.hash_handle, HP_HASHVAL, out, &len, 0)) {
-		git_error_set(GIT_ERROR_OS, "legacy hash data could not be finished");
-		error = -1;
-	}
-
-	CryptDestroyHash(ctx->ctx.cryptoapi.hash_handle);
-	ctx->ctx.cryptoapi.valid = 0;
-
-	return error;
-}
-
-GIT_INLINE(void) hash_ctx_cryptoapi_cleanup(git_hash_sha1_ctx *ctx)
-{
-	if (ctx->ctx.cryptoapi.valid)
-		CryptDestroyHash(ctx->ctx.cryptoapi.hash_handle);
-}
-
-/* CNG: Available in Windows Server 2008 and newer */
-
-GIT_INLINE(int) hash_ctx_cng_init(git_hash_sha1_ctx *ctx)
-{
-	if ((ctx->ctx.cng.hash_object = git__malloc(hash_prov.prov.cng.hash_object_size)) == NULL)
-		return -1;
-
-	if (hash_prov.prov.cng.create_hash(hash_prov.prov.cng.handle, &ctx->ctx.cng.hash_handle, ctx->ctx.cng.hash_object, hash_prov.prov.cng.hash_object_size, NULL, 0, 0) < 0) {
-		git__free(ctx->ctx.cng.hash_object);
-
-		git_error_set(GIT_ERROR_OS, "hash implementation could not be created");
-		return -1;
-	}
-
-	ctx->type = CNG;
-	ctx->prov = &hash_prov;
-
-	return 0;
-}
-
-GIT_INLINE(int) hash_cng_init(git_hash_sha1_ctx *ctx)
-{
-	BYTE hash[GIT_OID_RAWSZ];
-
-	if (!ctx->ctx.cng.updated)
-		return 0;
-
-	/* CNG needs to be finished to restart */
-	if (ctx->prov->prov.cng.finish_hash(ctx->ctx.cng.hash_handle, hash, GIT_OID_RAWSZ, 0) < 0) {
-		git_error_set(GIT_ERROR_OS, "hash implementation could not be finished");
-		return -1;
-	}
-
-	ctx->ctx.cng.updated = 0;
-
-	return 0;
-}
-
-GIT_INLINE(int) hash_cng_update(git_hash_sha1_ctx *ctx, const void *_data, size_t len)
-{
-	PBYTE data = (PBYTE)_data;
-
-	while (len > 0) {
-		ULONG chunk = (len > ULONG_MAX) ? ULONG_MAX : (ULONG)len;
-
-		if (ctx->prov->prov.cng.hash_data(ctx->ctx.cng.hash_handle, data, chunk, 0) < 0) {
-			git_error_set(GIT_ERROR_OS, "hash could not be updated");
-			return -1;
-		}
-
-		data += chunk;
-		len -= chunk;
-	}
-
-	return 0;
-}
-
-GIT_INLINE(int) hash_cng_final(unsigned char *out, git_hash_sha1_ctx *ctx)
-{
-	if (ctx->prov->prov.cng.finish_hash(ctx->ctx.cng.hash_handle, out, GIT_HASH_SHA1_SIZE, 0) < 0) {
-		git_error_set(GIT_ERROR_OS, "hash could not be finished");
-		return -1;
-	}
-
-	ctx->ctx.cng.updated = 0;
-
-	return 0;
-}
-
-GIT_INLINE(void) hash_ctx_cng_cleanup(git_hash_sha1_ctx *ctx)
-{
-	ctx->prov->prov.cng.destroy_hash(ctx->ctx.cng.hash_handle);
-	git__free(ctx->ctx.cng.hash_object);
-}
-
-/* Indirection between CryptoAPI and CNG */
-
-int git_hash_sha1_ctx_init(git_hash_sha1_ctx *ctx)
-{
-	int error = 0;
-
-	GIT_ASSERT_ARG(ctx);
-
-	/*
-	 * When compiled with GIT_THREADS, the global hash_prov data is
-	 * initialized with git_libgit2_init.  Otherwise, it must be initialized
-	 * at first use.
-	 */
-	if (hash_prov.type == INVALID && (error = git_hash_sha1_global_init()) < 0)
-		return error;
-
-	memset(ctx, 0x0, sizeof(git_hash_sha1_ctx));
-
-	return (hash_prov.type == CNG) ? hash_ctx_cng_init(ctx) : hash_ctx_cryptoapi_init(ctx);
-}
-
-int git_hash_sha1_init(git_hash_sha1_ctx *ctx)
-{
-	GIT_ASSERT_ARG(ctx);
-	GIT_ASSERT_ARG(ctx->type);
-	return (ctx->type == CNG) ? hash_cng_init(ctx) : hash_cryptoapi_init(ctx);
-}
-
-int git_hash_sha1_update(git_hash_sha1_ctx *ctx, const void *data, size_t len)
-{
-	GIT_ASSERT_ARG(ctx);
-	GIT_ASSERT_ARG(ctx->type);
-	return (ctx->type == CNG) ? hash_cng_update(ctx, data, len) : hash_cryptoapi_update(ctx, data, len);
-}
-
-int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
-{
-	GIT_ASSERT_ARG(ctx);
-	GIT_ASSERT_ARG(ctx->type);
-	return (ctx->type == CNG) ? hash_cng_final(out, ctx) : hash_cryptoapi_final(out, ctx);
-}
-
-void git_hash_sha1_ctx_cleanup(git_hash_sha1_ctx *ctx)
-{
-	if (!ctx)
-		return;
-	else if (ctx->type == CNG)
-		hash_ctx_cng_cleanup(ctx);
-	else if(ctx->type == CRYPTOAPI)
-		hash_ctx_cryptoapi_cleanup(ctx);
-}

src/util/hash/sha1/win32.h

-/*
- * Copyright (C) the libgit2 contributors. All rights reserved.
- *
- * This file is part of libgit2, distributed under the GNU GPL v2 with
- * a Linking Exception. For full terms see the included COPYING file.
- */
-
-#ifndef INCLUDE_hash_sha1_win32_h__
-#define INCLUDE_hash_sha1_win32_h__
-
-#include "hash/sha1.h"
-
-#include <wincrypt.h>
-#include <strsafe.h>
-
-enum hash_win32_prov_type {
-	INVALID = 0,
-	CRYPTOAPI,
-	CNG
-};
-
-/*
- * CryptoAPI is available for hashing on Windows XP and newer.
- */
-
-struct hash_cryptoapi_prov {
-	HCRYPTPROV handle;
-};
-
-/*
- * CNG (bcrypt.dll) is significantly more performant than CryptoAPI and is
- * preferred, however it is only available on Windows 2008 and newer and
- * must therefore be dynamically loaded, and we must inline constants that
- * would not exist when building in pre-Windows 2008 environments.
- */
-
-/* Function declarations for CNG */
-typedef NTSTATUS (WINAPI *hash_win32_cng_open_algorithm_provider_fn)(
-	HANDLE /* BCRYPT_ALG_HANDLE */ *phAlgorithm,
-	LPCWSTR pszAlgId,
-	LPCWSTR pszImplementation,
-	DWORD dwFlags);
-
-typedef NTSTATUS (WINAPI *hash_win32_cng_get_property_fn)(
-	HANDLE /* BCRYPT_HANDLE */ hObject,
-	LPCWSTR pszProperty,
-	PUCHAR pbOutput,
-	ULONG cbOutput,
-	ULONG *pcbResult,
-	ULONG dwFlags);
-
-typedef NTSTATUS (WINAPI *hash_win32_cng_create_hash_fn)(
-	HANDLE /* BCRYPT_ALG_HANDLE */ hAlgorithm,
-	HANDLE /* BCRYPT_HASH_HANDLE */ *phHash,
-	PUCHAR pbHashObject, ULONG cbHashObject,
-	PUCHAR pbSecret,
-	ULONG cbSecret,
-	ULONG dwFlags);
-
-typedef NTSTATUS (WINAPI *hash_win32_cng_finish_hash_fn)(
-	HANDLE /* BCRYPT_HASH_HANDLE */ hHash,
-	PUCHAR pbOutput,
-	ULONG cbOutput,
-	ULONG dwFlags);
-
-typedef NTSTATUS (WINAPI *hash_win32_cng_hash_data_fn)(
-	HANDLE /* BCRYPT_HASH_HANDLE */ hHash,
-	PUCHAR pbInput,
-	ULONG cbInput,
-	ULONG dwFlags);
-
-typedef NTSTATUS (WINAPI *hash_win32_cng_destroy_hash_fn)(
-	HANDLE /* BCRYPT_HASH_HANDLE */ hHash);
-
-typedef NTSTATUS (WINAPI *hash_win32_cng_close_algorithm_provider_fn)(
-	HANDLE /* BCRYPT_ALG_HANDLE */ hAlgorithm,
-	ULONG dwFlags);
-
-struct hash_cng_prov {
-	/* DLL for CNG */
-	HINSTANCE dll;
-
-	/* Function pointers for CNG */
-	hash_win32_cng_open_algorithm_provider_fn open_algorithm_provider;
-	hash_win32_cng_get_property_fn get_property;
-	hash_win32_cng_create_hash_fn create_hash;
-	hash_win32_cng_finish_hash_fn finish_hash;
-	hash_win32_cng_hash_data_fn hash_data;
-	hash_win32_cng_destroy_hash_fn destroy_hash;
-	hash_win32_cng_close_algorithm_provider_fn close_algorithm_provider;
-
-	HANDLE /* BCRYPT_ALG_HANDLE */ handle;
-	DWORD hash_object_size;
-};
-
-typedef struct {
-	enum hash_win32_prov_type type;
-
-	union {
-		struct hash_cryptoapi_prov cryptoapi;
-		struct hash_cng_prov cng;
-	} prov;
-} git_hash_prov;
-
-/* Hash contexts */
-
-struct hash_cryptoapi_ctx {
-	bool valid;
-	HCRYPTHASH hash_handle;
-};
-
-struct hash_cng_ctx {
-	bool updated;
-	HANDLE /* BCRYPT_HASH_HANDLE */ hash_handle;
-	PBYTE hash_object;
-};
-
-struct git_hash_sha1_ctx {
-	enum hash_win32_prov_type type;
-	git_hash_prov *prov;
-
-	union {
-		struct hash_cryptoapi_ctx cryptoapi;
-		struct hash_cng_ctx cng;
-	} ctx;
-};
-
-#endif

src/util/hash/win32.h

+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#ifndef INCLUDE_hash_win32_h__
+#define INCLUDE_hash_win32_h__
+
+#include "hash/sha.h"
+
+#include <wincrypt.h>
+
+typedef enum {
+	GIT_HASH_WIN32_INVALID = 0,
+	GIT_HASH_WIN32_CRYPTOAPI,
+	GIT_HASH_WIN32_CNG
+} git_hash_win32_provider_t;
+
+struct git_hash_win32_cryptoapi_ctx {
+	bool valid;
+	HCRYPTHASH hash_handle;
+};
+
+struct git_hash_win32_cng_ctx {
+	bool updated;
+	HANDLE /* BCRYPT_HASH_HANDLE */ hash_handle;
+	PBYTE hash_object;
+};
+
+typedef struct {
+	ALG_ID algorithm;
+
+	union {
+		struct git_hash_win32_cryptoapi_ctx cryptoapi;
+		struct git_hash_win32_cng_ctx cng;
+	} ctx;
+} git_hash_win32_ctx;
+
+/*
+ * Gets/sets the current hash provider (cng or cryptoapi).  This is only
+ * for testing purposes.
+ */
+git_hash_win32_provider_t git_hash_win32_provider(void);
+int git_hash_win32_set_provider(git_hash_win32_provider_t provider);
+
+#ifdef GIT_SHA1_WIN32
+struct git_hash_sha1_ctx {
+	git_hash_win32_ctx win32;
+};
+#endif
+
+#ifdef GIT_SHA256_WIN32
+struct git_hash_sha256_ctx {
+	git_hash_win32_ctx win32;
+};
+#endif
+
+#endif

tests/util/sha1.c

@@ -3,13 +3,25 @@
 
 #define FIXTURE_DIR "sha1"
 
+#ifdef GIT_SHA1_WIN32
+static git_hash_win32_provider_t orig_provider;
+#endif
+
 void test_sha1__initialize(void)
 {
+#ifdef GIT_SHA1_WIN32
+	orig_provider = git_hash_win32_provider();
+#endif
+
 	cl_fixture_sandbox(FIXTURE_DIR);
 }
 
 void test_sha1__cleanup(void)
 {
+#ifdef GIT_SHA1_WIN32
+	git_hash_win32_set_provider(orig_provider);
+#endif
+
 	cl_fixture_cleanup(FIXTURE_DIR);
 }
 
@@ -68,3 +80,21 @@ void test_sha1__detect_collision_attack(void)
 #endif
 }
 
+void test_sha1__win32_providers(void)
+{
+#ifdef GIT_SHA1_WIN32
+	unsigned char expected[GIT_HASH_SHA1_SIZE] = {
+		0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17,
+		0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a
+	};
+	unsigned char actual[GIT_HASH_SHA1_SIZE];
+
+	git_hash_win32_set_provider(GIT_HASH_WIN32_CRYPTOAPI);
+	cl_git_pass(sha1_file(actual, FIXTURE_DIR "/shattered-1.pdf"));
+	cl_assert_equal_i(0, memcmp(expected, actual, GIT_HASH_SHA1_SIZE));
+
+	git_hash_win32_set_provider(GIT_HASH_WIN32_CNG);
+	cl_git_pass(sha1_file(actual, FIXTURE_DIR "/shattered-1.pdf"));
+	cl_assert_equal_i(0, memcmp(expected, actual, GIT_HASH_SHA1_SIZE));
+#endif
+}

tests/util/sha256.c

+#include "clar_libgit2.h"
+#include "hash.h"
+
+#define FIXTURE_DIR "sha1"
+
+#ifdef GIT_SHA256_WIN32
+static git_hash_win32_provider_t orig_provider;
+#endif
+
+void test_sha256__initialize(void)
+{
+#ifdef GIT_SHA256_WIN32
+	orig_provider = git_hash_win32_provider();
+#endif
+
+	cl_fixture_sandbox(FIXTURE_DIR);
+}
+
+void test_sha256__cleanup(void)
+{
+#ifdef GIT_SHA256_WIN32
+	git_hash_win32_set_provider(orig_provider);
+#endif
+
+	cl_fixture_cleanup(FIXTURE_DIR);
+}
+
+static int sha256_file(unsigned char *out, const char *filename)
+{
+	git_hash_ctx ctx;
+	char buf[2048];
+	int fd, ret;
+	ssize_t read_len;
+
+	fd = p_open(filename, O_RDONLY);
+	cl_assert(fd >= 0);
+
+	cl_git_pass(git_hash_ctx_init(&ctx, GIT_HASH_ALGORITHM_SHA256));
+
+	while ((read_len = p_read(fd, buf, 2048)) > 0)
+		cl_git_pass(git_hash_update(&ctx, buf, (size_t)read_len));
+
+	cl_assert_equal_i(0, read_len);
+	p_close(fd);
+
+	ret = git_hash_final(out, &ctx);
+	git_hash_ctx_cleanup(&ctx);
+
+	return ret;
+}
+
+void test_sha256__empty(void)
+{
+	unsigned char expected[GIT_HASH_SHA256_SIZE] = {
+		0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+		0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+		0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+		0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
+	};
+	unsigned char actual[GIT_HASH_SHA256_SIZE];
+
+	cl_git_pass(sha256_file(actual, FIXTURE_DIR "/empty"));
+	cl_assert_equal_i(0, memcmp(expected, actual, GIT_HASH_SHA256_SIZE));
+}
+
+void test_sha256__hello(void)
+{
+	unsigned char expected[GIT_HASH_SHA256_SIZE] = {
+		0xaa, 0x32, 0x7f, 0xae, 0x5c, 0x91, 0x58, 0x3a,
+		0x4f, 0xb6, 0x54, 0xcc, 0xb6, 0xc2, 0xb1, 0x0c,
+		0x77, 0xd7, 0x49, 0xc9, 0x91, 0x2a, 0x8d, 0x6b,
+		0x47, 0x26, 0x13, 0xc0, 0xa0, 0x4b, 0x4d, 0xad
+	};
+	unsigned char actual[GIT_HASH_SHA256_SIZE];
+
+	cl_git_pass(sha256_file(actual, FIXTURE_DIR "/hello_c"));
+	cl_assert_equal_i(0, memcmp(expected, actual, GIT_HASH_SHA256_SIZE));
+}
+
+void test_sha256__pdf(void)
+{
+	unsigned char expected[GIT_HASH_SHA256_SIZE] = {
+		0x2b, 0xb7, 0x87, 0xa7, 0x3e, 0x37, 0x35, 0x2f,
+		0x92, 0x38, 0x3a, 0xbe, 0x7e, 0x29, 0x02, 0x93,
+		0x6d, 0x10, 0x59, 0xad, 0x9f, 0x1b, 0xa6, 0xda,
+		0xaa, 0x9c, 0x1e, 0x58, 0xee, 0x69, 0x70, 0xd0
+	};
+	unsigned char actual[GIT_HASH_SHA256_SIZE];
+
+	cl_git_pass(sha256_file(actual, FIXTURE_DIR "/shattered-1.pdf"));
+	cl_assert_equal_i(0, memcmp(expected, actual, GIT_HASH_SHA256_SIZE));
+}
+
+void test_sha256__win32_providers(void)
+{
+#ifdef GIT_SHA256_WIN32
+	unsigned char expected[GIT_HASH_SHA256_SIZE] = {
+		0x2b, 0xb7, 0x87, 0xa7, 0x3e, 0x37, 0x35, 0x2f,
+		0x92, 0x38, 0x3a, 0xbe, 0x7e, 0x29, 0x02, 0x93,
+		0x6d, 0x10, 0x59, 0xad, 0x9f, 0x1b, 0xa6, 0xda,
+		0xaa, 0x9c, 0x1e, 0x58, 0xee, 0x69, 0x70, 0xd0
+	};
+	unsigned char actual[GIT_HASH_SHA256_SIZE];
+
+	git_hash_win32_set_provider(GIT_HASH_WIN32_CRYPTOAPI);
+	cl_git_pass(sha256_file(actual, FIXTURE_DIR "/shattered-1.pdf"));
+	cl_assert_equal_i(0, memcmp(expected, actual, GIT_HASH_SHA256_SIZE));
+
+	git_hash_win32_set_provider(GIT_HASH_WIN32_CNG);
+	cl_git_pass(sha256_file(actual, FIXTURE_DIR "/shattered-1.pdf"));
+	cl_assert_equal_i(0, memcmp(expected, actual, GIT_HASH_SHA256_SIZE));
+#endif
+}