cmake: allow for using external sha1dc

Allow users to use an external sha1collisiondetection library build.

This may be of interest to distribution maintainers, who want to use
external dependencies whenever possible.

cmake/SelectHashes.cmake

@@ -29,6 +29,9 @@ endif()
 if(USE_SHA1 STREQUAL "builtin")
 	set(GIT_SHA1_BUILTIN 1)
 	add_feature_info(SHA1 ON "using bundled collision detection implementation")
+elseif(USE_SHA1 STREQUAL "sha1collisiondetection")
+	set(GIT_SHA1_COLLISIONDETECTION 1)
+	add_feature_info(SHA1 ON "using sha1collisiondetection")
 elseif(USE_SHA1 STREQUAL "openssl")
 	set(GIT_SHA1_OPENSSL 1)
 	add_feature_info(SHA1 ON "using OpenSSL")
@@ -101,6 +104,12 @@ else()
 endif()
 
 # add library requirements
+
+if(USE_SHA1 STREQUAL "sha1collisiondetection")
+	list(APPEND LIBGIT2_SYSTEM_LIBS "-lsha1detectcoll")
+	list(APPEND LIBGIT2_PC_LIBS "-lsha1detectcoll")
+endif()
+
 if(USE_SHA1 STREQUAL "openssl" OR USE_SHA256 STREQUAL "openssl" OR
    USE_SHA1 STREQUAL "openssl-fips" OR USE_SHA256 STREQUAL "openssl-fips")
 	if(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
@@ -121,7 +130,7 @@ endif()
 
 # warn for users who do not use sha1dc
 
-if(NOT "${USE_SHA1}" STREQUAL "builtin")
+if(NOT "${USE_SHA1}" STREQUAL "builtin" AND NOT "${USE_SHA1}" STREQUAL "sha1collisiondetection")
 	list(APPEND WARNINGS "SHA1 support is set to ${USE_SHA1} which is not recommended - git's hash algorithm is sha1dc, it is *not* SHA1. Using SHA1 may leave you and your users susceptible to SHAttered-style attacks.")
 	set(WARNINGS ${WARNINGS} PARENT_SCOPE)
 endif()

src/libgit2/libgit2.c

@@ -236,6 +236,8 @@ const char *git_libgit2_feature_backend(git_feature_t feature)
 	case GIT_FEATURE_SHA1:
 #if defined(GIT_SHA1_BUILTIN)
 		return "builtin";
+#elif defined(GIT_SHA1_COLLISIONDETECTION)
+		return "sha1collisiondetection";
 #elif defined(GIT_SHA1_OPENSSL)
 		return "openssl";
 #elif defined(GIT_SHA1_OPENSSL_FIPS)

src/util/CMakeLists.txt

@@ -34,6 +34,8 @@ if(USE_SHA1 STREQUAL "builtin")
 	target_compile_definitions(util PRIVATE SHA1DC_NO_STANDARD_INCLUDES=1)
         target_compile_definitions(util PRIVATE SHA1DC_CUSTOM_INCLUDE_SHA1_C=\"git2_util.h\")
         target_compile_definitions(util PRIVATE SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C=\"git2_util.h\")
+elseif(USE_SHA1 STREQUAL "sha1collisiondetection")
+	file(GLOB UTIL_SRC_SHA1 hash/collisiondetect.*)
 elseif(USE_SHA1 STREQUAL "openssl" OR
        USE_SHA1 STREQUAL "openssl-dynamic" OR
        USE_SHA1 STREQUAL "openssl-fips")

src/util/git2_features.h.in

@@ -21,6 +21,7 @@
 #cmakedefine GIT_SHA1_MBEDTLS 1
 #cmakedefine GIT_SHA1_COMMON_CRYPTO 1
 #cmakedefine GIT_SHA1_WIN32 1
+#cmakedefine GIT_SHA1_COLLISIONDETECTION 1
 
 #cmakedefine GIT_SHA256_BUILTIN 1
 #cmakedefine GIT_SHA256_WIN32 1

src/util/hash/sha.h

@@ -13,7 +13,7 @@
 typedef struct git_hash_sha1_ctx git_hash_sha1_ctx;
 typedef struct git_hash_sha256_ctx git_hash_sha256_ctx;
 
-#if defined(GIT_SHA1_BUILTIN)
+#if defined(GIT_SHA1_BUILTIN) || defined(GIT_SHA1_COLLISIONDETECTION)
 # include "collisiondetect.h"
 #endif
 

tests/libgit2/core/features.c

@@ -198,6 +198,8 @@ void test_core_features__backends(void)
 
 #if defined(GIT_SHA1_BUILTIN)
 	cl_assert_equal_s("builtin", sha1);
+#elif defined(GIT_SHA1_COLLISIONDETECTION)
+	cl_assert_equal_s("sha1collisiondetection", sha1);
 #elif defined(GIT_SHA1_OPENSSL)
 	cl_assert_equal_s("openssl", sha1);
 #elif defined(GIT_SHA1_OPENSSL_FIPS)