sha: support mbedTLS for SHA256
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184
diff --git a/cmake/SelectHTTPSBackend.cmake b/cmake/SelectHTTPSBackend.cmake
index 7931950..20221bf 100644
--- a/cmake/SelectHTTPSBackend.cmake
+++ b/cmake/SelectHTTPSBackend.cmake
@@ -64,7 +64,7 @@ if(USE_HTTPS)
if(NOT CERT_LOCATION)
message(STATUS "Auto-detecting default certificates location")
- if(CMAKE_SYSTEM_NAME MATCHES Darwin)
+ if(EXISTS "/usr/local/opt/openssl/bin/openssl")
# Check for an Homebrew installation
set(OPENSSL_CMD "/usr/local/opt/openssl/bin/openssl")
else()
diff --git a/cmake/SelectHashes.cmake b/cmake/SelectHashes.cmake
index acd4706..d358acd 100644
--- a/cmake/SelectHashes.cmake
+++ b/cmake/SelectHashes.cmake
@@ -6,6 +6,8 @@ include(SanitizeBool)
sanitizebool(USE_SHA1)
sanitizebool(USE_SHA256)
+# sha1
+
if(USE_SHA1 STREQUAL ON)
SET(USE_SHA1 "CollisionDetection")
elseif(USE_SHA1 STREQUAL "HTTPS")
@@ -35,18 +37,14 @@ elseif(USE_SHA1 STREQUAL "CommonCrypto")
set(GIT_SHA1_COMMON_CRYPTO 1)
elseif(USE_SHA1 STREQUAL "mbedTLS")
set(GIT_SHA1_MBEDTLS 1)
- list(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR})
- list(APPEND LIBGIT2_SYSTEM_LIBS ${MBEDTLS_LIBRARIES})
- # mbedTLS has no pkgconfig file, hence we can't require it
- # https://github.com/ARMmbed/mbedtls/issues/228
- # For now, pass its link flags as our own
- list(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES})
elseif(USE_SHA1 STREQUAL "Win32")
set(GIT_SHA1_WIN32 1)
else()
message(FATAL_ERROR "Asked for unknown SHA1 backend: ${USE_SHA1}")
endif()
+# sha256
+
if(USE_SHA256 STREQUAL ON AND USE_HTTPS)
SET(USE_SHA256 "HTTPS")
elseif(USE_SHA256 STREQUAL ON)
@@ -67,9 +65,24 @@ if(USE_SHA256 STREQUAL "Builtin")
set(GIT_SHA256_BUILTIN 1)
elseif(USE_SHA256 STREQUAL "CommonCrypto")
set(GIT_SHA256_COMMON_CRYPTO 1)
+elseif(USE_SHA256 STREQUAL "mbedTLS")
+ set(GIT_SHA256_MBEDTLS 1)
else()
message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
endif()
+# add library requirements
+
+if(USE_SHA1 STREQUAL "mbedTLS" OR USE_SHA256 STREQUAL "mbedTLS")
+ list(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR})
+ list(APPEND LIBGIT2_SYSTEM_LIBS ${MBEDTLS_LIBRARIES})
+ # mbedTLS has no pkgconfig file, hence we can't require it
+ # https://github.com/ARMmbed/mbedtls/issues/228
+ # For now, pass its link flags as our own
+ list(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES})
+endif()
+
+# notify feature enablement
+
add_feature_info(SHA1 ON "using ${USE_SHA1}")
add_feature_info(SHA256 ON "using ${USE_SHA256}")
diff --git a/src/features.h.in b/src/features.h.in
index 3085259..351fdf3 100644
--- a/src/features.h.in
+++ b/src/features.h.in
@@ -50,6 +50,7 @@
#cmakedefine GIT_SHA256_BUILTIN 1
#cmakedefine GIT_SHA256_COMMON_CRYPTO 1
+#cmakedefine GIT_SHA256_MBEDTLS 1
#cmakedefine GIT_RAND_GETENTROPY 1
diff --git a/src/util/CMakeLists.txt b/src/util/CMakeLists.txt
index e18789c..509b751 100644
--- a/src/util/CMakeLists.txt
+++ b/src/util/CMakeLists.txt
@@ -51,6 +51,8 @@ if(USE_SHA256 STREQUAL "Builtin")
file(GLOB UTIL_SRC_SHA256 hash/builtin.* hash/rfc6234/*)
elseif(USE_SHA256 STREQUAL "CommonCrypto")
file(GLOB UTIL_SRC_SHA256 hash/common_crypto.*)
+elseif(USE_SHA256 STREQUAL "mbedTLS")
+ file(GLOB UTIL_SRC_SHA256 hash/mbedtls.*)
else()
message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
endif()
diff --git a/src/util/hash/mbedtls.c b/src/util/hash/mbedtls.c
index 56016be..ecdfb78 100644
--- a/src/util/hash/mbedtls.c
+++ b/src/util/hash/mbedtls.c
@@ -7,6 +7,8 @@
#include "mbedtls.h"
+#ifdef GIT_SHA1_MBEDTLS
+
int git_hash_sha1_global_init(void)
{
return 0;
@@ -44,3 +46,47 @@ int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
mbedtls_sha1_finish(&ctx->c, out);
return 0;
}
+
+#endif
+
+#ifdef GIT_SHA256_MBEDTLS
+
+int git_hash_sha256_global_init(void)
+{
+ return 0;
+}
+
+int git_hash_sha256_ctx_init(git_hash_sha256_ctx *ctx)
+{
+ return git_hash_sha256_init(ctx);
+}
+
+void git_hash_sha256_ctx_cleanup(git_hash_sha256_ctx *ctx)
+{
+ if (ctx)
+ mbedtls_sha256_free(&ctx->c);
+}
+
+int git_hash_sha256_init(git_hash_sha256_ctx *ctx)
+{
+ GIT_ASSERT_ARG(ctx);
+ mbedtls_sha256_init(&ctx->c);
+ mbedtls_sha256_starts(&ctx->c, 0);
+ return 0;
+}
+
+int git_hash_sha256_update(git_hash_sha256_ctx *ctx, const void *data, size_t len)
+{
+ GIT_ASSERT_ARG(ctx);
+ mbedtls_sha256_update(&ctx->c, data, len);
+ return 0;
+}
+
+int git_hash_sha256_final(unsigned char *out, git_hash_sha256_ctx *ctx)
+{
+ GIT_ASSERT_ARG(ctx);
+ mbedtls_sha256_finish(&ctx->c, out);
+ return 0;
+}
+
+#endif
diff --git a/src/util/hash/mbedtls.h b/src/util/hash/mbedtls.h
index efe9c07..05fb38b 100644
--- a/src/util/hash/mbedtls.h
+++ b/src/util/hash/mbedtls.h
@@ -10,10 +10,20 @@
#include "hash/sha.h"
-#include <mbedtls/sha1.h>
+#ifdef GIT_SHA1_MBEDTLS
+# include <mbedtls/sha1.h>
struct git_hash_sha1_ctx {
mbedtls_sha1_context c;
};
+#endif
+
+#ifdef GIT_SHA256_MBEDTLS
+# include <mbedtls/sha256.h>
+
+struct git_hash_sha256_ctx {
+ mbedtls_sha256_context c;
+};
+#endif
#endif /* INCLUDE_hash_sha1_mbedtls_h__ */