thodg/libgit2

Browse

Commit b3e3fa10eacbdf11efb1815d6f3cfcccdde2a23d

Edward Thomson 2021-12-12T15:34:35

sha: support mbedTLS for SHA256 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

diff --git a/cmake/SelectHTTPSBackend.cmake b/cmake/SelectHTTPSBackend.cmake
index 7931950..20221bf 100644
--- a/cmake/SelectHTTPSBackend.cmake
+++ b/cmake/SelectHTTPSBackend.cmake
@@ -64,7 +64,7 @@ if(USE_HTTPS)
 
 		if(NOT CERT_LOCATION)
 			message(STATUS "Auto-detecting default certificates location")
-			if(CMAKE_SYSTEM_NAME MATCHES Darwin)
+			if(EXISTS "/usr/local/opt/openssl/bin/openssl")
 				# Check for an Homebrew installation
 				set(OPENSSL_CMD "/usr/local/opt/openssl/bin/openssl")
 			else()
diff --git a/cmake/SelectHashes.cmake b/cmake/SelectHashes.cmake
index acd4706..d358acd 100644
--- a/cmake/SelectHashes.cmake
+++ b/cmake/SelectHashes.cmake
@@ -6,6 +6,8 @@ include(SanitizeBool)
 sanitizebool(USE_SHA1)
 sanitizebool(USE_SHA256)
 
+# sha1
+
 if(USE_SHA1 STREQUAL ON)
 	SET(USE_SHA1 "CollisionDetection")
 elseif(USE_SHA1 STREQUAL "HTTPS")
@@ -35,18 +37,14 @@ elseif(USE_SHA1 STREQUAL "CommonCrypto")
 	set(GIT_SHA1_COMMON_CRYPTO 1)
 elseif(USE_SHA1 STREQUAL "mbedTLS")
 	set(GIT_SHA1_MBEDTLS 1)
-	list(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR})
-	list(APPEND LIBGIT2_SYSTEM_LIBS ${MBEDTLS_LIBRARIES})
-	# mbedTLS has no pkgconfig file, hence we can't require it
-	# https://github.com/ARMmbed/mbedtls/issues/228
-	# For now, pass its link flags as our own
-	list(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES})
 elseif(USE_SHA1 STREQUAL "Win32")
 	set(GIT_SHA1_WIN32 1)
 else()
 	message(FATAL_ERROR "Asked for unknown SHA1 backend: ${USE_SHA1}")
 endif()
 
+# sha256
+
 if(USE_SHA256 STREQUAL ON AND USE_HTTPS)
 	SET(USE_SHA256 "HTTPS")
 elseif(USE_SHA256 STREQUAL ON)
@@ -67,9 +65,24 @@ if(USE_SHA256 STREQUAL "Builtin")
 	set(GIT_SHA256_BUILTIN 1)
 elseif(USE_SHA256 STREQUAL "CommonCrypto")
 	set(GIT_SHA256_COMMON_CRYPTO 1)
+elseif(USE_SHA256 STREQUAL "mbedTLS")
+	set(GIT_SHA256_MBEDTLS 1)
 else()
 	message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
 endif()
 
+# add library requirements
+
+if(USE_SHA1 STREQUAL "mbedTLS" OR USE_SHA256 STREQUAL "mbedTLS")
+	list(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR})
+	list(APPEND LIBGIT2_SYSTEM_LIBS ${MBEDTLS_LIBRARIES})
+	# mbedTLS has no pkgconfig file, hence we can't require it
+	# https://github.com/ARMmbed/mbedtls/issues/228
+	# For now, pass its link flags as our own
+	list(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES})
+endif()
+
+# notify feature enablement
+
 add_feature_info(SHA1 ON "using ${USE_SHA1}")
 add_feature_info(SHA256 ON "using ${USE_SHA256}")
diff --git a/src/features.h.in b/src/features.h.in
index 3085259..351fdf3 100644
--- a/src/features.h.in
+++ b/src/features.h.in
@@ -50,6 +50,7 @@
 
 #cmakedefine GIT_SHA256_BUILTIN 1
 #cmakedefine GIT_SHA256_COMMON_CRYPTO 1
+#cmakedefine GIT_SHA256_MBEDTLS 1
 
 #cmakedefine GIT_RAND_GETENTROPY 1
 
diff --git a/src/util/CMakeLists.txt b/src/util/CMakeLists.txt
index e18789c..509b751 100644
--- a/src/util/CMakeLists.txt
+++ b/src/util/CMakeLists.txt
@@ -51,6 +51,8 @@ if(USE_SHA256 STREQUAL "Builtin")
 	file(GLOB UTIL_SRC_SHA256 hash/builtin.* hash/rfc6234/*)
 elseif(USE_SHA256 STREQUAL "CommonCrypto")
 	file(GLOB UTIL_SRC_SHA256 hash/common_crypto.*)
+elseif(USE_SHA256 STREQUAL "mbedTLS")
+	file(GLOB UTIL_SRC_SHA256 hash/mbedtls.*)
 else()
 	message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
 endif()
diff --git a/src/util/hash/mbedtls.c b/src/util/hash/mbedtls.c
index 56016be..ecdfb78 100644
--- a/src/util/hash/mbedtls.c
+++ b/src/util/hash/mbedtls.c
@@ -7,6 +7,8 @@
 
 #include "mbedtls.h"
 
+#ifdef GIT_SHA1_MBEDTLS
+
 int git_hash_sha1_global_init(void)
 {
 	return 0;
@@ -44,3 +46,47 @@ int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
 	mbedtls_sha1_finish(&ctx->c, out);
 	return 0;
 }
+
+#endif
+
+#ifdef GIT_SHA256_MBEDTLS
+
+int git_hash_sha256_global_init(void)
+{
+	return 0;
+}
+
+int git_hash_sha256_ctx_init(git_hash_sha256_ctx *ctx)
+{
+	return git_hash_sha256_init(ctx);
+}
+
+void git_hash_sha256_ctx_cleanup(git_hash_sha256_ctx *ctx)
+{
+	if (ctx)
+		mbedtls_sha256_free(&ctx->c);
+}
+
+int git_hash_sha256_init(git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+	mbedtls_sha256_init(&ctx->c);
+	mbedtls_sha256_starts(&ctx->c, 0);
+	return 0;
+}
+
+int git_hash_sha256_update(git_hash_sha256_ctx *ctx, const void *data, size_t len)
+{
+	GIT_ASSERT_ARG(ctx);
+	mbedtls_sha256_update(&ctx->c, data, len);
+	return 0;
+}
+
+int git_hash_sha256_final(unsigned char *out, git_hash_sha256_ctx *ctx)
+{
+	GIT_ASSERT_ARG(ctx);
+	mbedtls_sha256_finish(&ctx->c, out);
+	return 0;
+}
+
+#endif
diff --git a/src/util/hash/mbedtls.h b/src/util/hash/mbedtls.h
index efe9c07..05fb38b 100644
--- a/src/util/hash/mbedtls.h
+++ b/src/util/hash/mbedtls.h
@@ -10,10 +10,20 @@
 
 #include "hash/sha.h"
 
-#include <mbedtls/sha1.h>
+#ifdef GIT_SHA1_MBEDTLS
+# include <mbedtls/sha1.h>
 
 struct git_hash_sha1_ctx {
     mbedtls_sha1_context c;
 };
+#endif
+
+#ifdef GIT_SHA256_MBEDTLS
+# include <mbedtls/sha256.h>
+
+struct git_hash_sha256_ctx {
+    mbedtls_sha256_context c;
+};
+#endif
 
 #endif /* INCLUDE_hash_sha1_mbedtls_h__ */
kmx.io     mail     discord kmxgit v0.4.0