mbox series

[v3,0/9] hash.h: support choosing a separate SHA-1 for non-cryptographic uses

Message ID cover.1725651952.git.me@ttaylorr.com (mailing list archive)
Headers show
Series hash.h: support choosing a separate SHA-1 for non-cryptographic uses | expand

Message

Taylor Blau Sept. 6, 2024, 7:46 p.m. UTC
This series adds a build-time knob to allow selecting an alternative
SHA-1 implementation for non-cryptographic hashing within Git, starting
with the `hashwrite()` family of functions.

This version is a more size-able reroll from the first two rounds, which
updates pack-objects to use a (hardened) version of
`finalize_object_file()`, that is now sensitive to checksum collisions.

Peff and I wrote the first four (new) patches together, and I feel
confident now that we're in a good spot to address the concerns raised
in [1].

Thanks in advance for your review!

[1]: https://lore.kernel.org/git/20240905202707.GA2602440@coredump.intra.peff.net/

Taylor Blau (9):
  finalize_object_file(): check for name collision before renaming
  finalize_object_file(): refactor unlink_or_warn() placement
  finalize_object_file(): implement collision check
  pack-objects: use finalize_object_file() to rename pack/idx/etc
  i5500-git-daemon.sh: use compile-able version of Git without OpenSSL
  sha1: do not redefine `platform_SHA_CTX` and friends
  hash.h: scaffolding for _fast hashing variants
  Makefile: allow specifying a SHA-1 for non-cryptographic uses
  csum-file.c: use fast SHA-1 implementation when available

 Makefile                              |  25 ++++++
 block-sha1/sha1.h                     |   2 +
 csum-file.c                           |  18 ++---
 hash.h                                |  72 +++++++++++++++++
 object-file.c                         | 110 +++++++++++++++++++++++++-
 pack-write.c                          |   7 +-
 sha1/openssl.h                        |   2 +
 sha1dc_git.h                          |   3 +
 t/interop/i5500-git-daemon.sh         |   2 +-
 t/t5303-pack-corruption-resilience.sh |   7 +-
 10 files changed, 230 insertions(+), 18 deletions(-)

Range-diff against v2:
 -:  ----------- >  1:  738b1eb17b4 finalize_object_file(): check for name collision before renaming
 -:  ----------- >  2:  e1c2c39711f finalize_object_file(): refactor unlink_or_warn() placement
 -:  ----------- >  3:  0feee5d1d4f finalize_object_file(): implement collision check
 -:  ----------- >  4:  620dde48a9d pack-objects: use finalize_object_file() to rename pack/idx/etc
 -:  ----------- >  5:  bfe992765cd i5500-git-daemon.sh: use compile-able version of Git without OpenSSL
 1:  e7cd23bf4cd =  6:  22863d9f6df sha1: do not redefine `platform_SHA_CTX` and friends
 2:  3b5f21e4a62 =  7:  119c318d812 hash.h: scaffolding for _fast hashing variants
 3:  02764de1395 =  8:  137ec30d68a Makefile: allow specifying a SHA-1 for non-cryptographic uses
 4:  311fcc95960 =  9:  4018261366f csum-file.c: use fast SHA-1 implementation when available

base-commit: 159f2d50e75c17382c9f4eb7cbda671a6fa612d1

Comments

Junio C Hamano Sept. 6, 2024, 9:50 p.m. UTC | #1
Taylor Blau <me@ttaylorr.com> writes:

> Peff and I wrote the first four (new) patches together, and I feel
> confident now that we're in a good spot to address the concerns raised
> in [1].

I just read the first four and they made sense.

With "fast" -> "insecure", the latter half of the series would also
cover the review comments on earlier rounds, I would imagine?

Thanks.