cmake: standardize builtin sha1dc selection

All `USE_*` options are now `builtin`. Use that for the builtin sha1dc implementation, keeping `CollisionDetection` for backward compatibility.
2026-06-22 06:26:26 +00:00 · 2024-12-28 15:34:04 +00:00
parent 9961198879
commit c4a65c34c2
8 changed files with 21 additions and 14 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -32,7 +32,7 @@ option(USE_NSEC                "Support nanosecond precision file mtimes and cti
 # Backend selection
   set(USE_SSH                 "" CACHE STRING "Enables SSH support and optionally selects provider. One of ON, OFF, or a specific provider: libssh2 or exec. (Defaults to OFF.)")
   set(USE_HTTPS               "" CACHE STRING "Enable HTTPS support and optionally selects the provider. One of ON, OFF, or a specific provider: OpenSSL, OpenSSL-FIPS, OpenSSL-Dynamic, mbedTLS, SecureTransport, Schannel, or WinHTTP. (Defaults to ON.)")
-   set(USE_SHA1                "" CACHE STRING "Selects SHA1 provider. One of CollisionDetection, HTTPS, or a specific provider. (Defaults to CollisionDetection.)")
+   set(USE_SHA1                "" CACHE STRING "Selects SHA1 provider. One of builtin, HTTPS, or a specific provider. (Defaults to builtin.)")
   set(USE_SHA256              "" CACHE STRING "Selects SHA256 provider. One of Builtin, HTTPS, or a specific provider. (Defaults to HTTPS.)")
 option(USE_GSSAPI              "Enable SPNEGO authentication using GSSAPI" OFF)
   set(USE_HTTP_PARSER         "" CACHE STRING "Selects HTTP Parser support: http-parser, llhttp, or builtin. (Defaults to builtin.)")
--- a/cmake/SelectHashes.cmake
+++ b/cmake/SelectHashes.cmake
@@ -8,7 +8,7 @@ sanitizebool(USE_SHA256)
 # sha1
 if(USE_SHA1 STREQUAL "" OR USE_SHA1 STREQUAL ON)
-	SET(USE_SHA1 "CollisionDetection")
+	SET(USE_SHA1 "builtin")
 elseif(USE_SHA1 STREQUAL "HTTPS")
 	if(USE_HTTPS STREQUAL "SecureTransport")
 		set(USE_SHA1 "CommonCrypto")
@@ -23,8 +23,12 @@ elseif(USE_SHA1 STREQUAL "HTTPS")
 	endif()
 endif()
-if(USE_SHA1 STREQUAL "CollisionDetection")
+if(USE_SHA1 STREQUAL "Builtin" OR USE_SHA1 STREQUAL "CollisionDetection")
-	set(GIT_SHA1_COLLISIONDETECT 1)
+	set(USE_SHA1 "builtin")
 endif()
 if(USE_SHA1 STREQUAL "builtin")
 	set(GIT_SHA1_BUILTIN 1)
 elseif(USE_SHA1 STREQUAL "OpenSSL")
 	set(GIT_SHA1_OPENSSL 1)
 elseif(USE_SHA1 STREQUAL "OpenSSL-FIPS")
@@ -90,6 +94,7 @@ else()
 endif()
 # add library requirements
 if(USE_SHA1 STREQUAL "OpenSSL" OR USE_SHA256 STREQUAL "OpenSSL" OR
   USE_SHA1 STREQUAL "OpenSSL-FIPS" OR USE_SHA256 STREQUAL "OpenSSL-FIPS")
 	if(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
@@ -115,7 +120,7 @@ add_feature_info(SHA256 ON "using ${USE_SHA256}")
 # warn for users who do not use sha1dc
-if(NOT "${USE_SHA1}" STREQUAL "CollisionDetection")
+if(NOT "${USE_SHA1}" STREQUAL "builtin")
 	list(APPEND WARNINGS "SHA1 support is set to ${USE_SHA1} which is not recommended - git's hash algorithm is sha1dc, it is *not* SHA1. Using SHA1 may leave you and your users susceptible to SHAttered-style attacks.")
 	set(WARNINGS ${WARNINGS} PARENT_SCOPE)
 endif()
--- a/src/libgit2/libgit2.c
+++ b/src/libgit2/libgit2.c
@@ -224,7 +224,7 @@ const char *git_libgit2_feature_backend(git_feature_t feature)
 		break;
 	case GIT_FEATURE_SHA1:
-#if defined(GIT_SHA1_COLLISIONDETECT)
+#if defined(GIT_SHA1_BUILTIN)
 		return "builtin";
 #elif defined(GIT_SHA1_OPENSSL)
 		return "openssl";
--- a/src/util/CMakeLists.txt
+++ b/src/util/CMakeLists.txt
@@ -29,11 +29,13 @@ endif()
 # Hash backend selection
 #
-if(USE_SHA1 STREQUAL "CollisionDetection")
+if(USE_SHA1 STREQUAL "builtin")
 	file(GLOB UTIL_SRC_SHA1 hash/collisiondetect.* hash/sha1dc/*)
 	target_compile_definitions(util PRIVATE SHA1DC_NO_STANDARD_INCLUDES=1)
        target_compile_definitions(util PRIVATE SHA1DC_CUSTOM_INCLUDE_SHA1_C=\"git2_util.h\")
        target_compile_definitions(util PRIVATE SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C=\"git2_util.h\")
 elseif(USE_SHA1 STREQUAL "SHA1CollisionDetection")
 	file(GLOB UTIL_SRC_SHA1 hash/collisiondetect.*)
 elseif(USE_SHA1 STREQUAL "OpenSSL" OR USE_SHA1 STREQUAL "OpenSSL-Dynamic" OR USE_SHA1 STREQUAL "OpenSSL-FIPS")
 	add_definitions(-DOPENSSL_API_COMPAT=0x10100000L)
 	file(GLOB UTIL_SRC_SHA1 hash/openssl.*)
--- a/src/util/git2_features.h.in
+++ b/src/util/git2_features.h.in
@@ -50,7 +50,7 @@
 #cmakedefine GIT_HTTPPARSER_LLHTTP 1
 #cmakedefine GIT_HTTPPARSER_BUILTIN 1
-#cmakedefine GIT_SHA1_COLLISIONDETECT 1
+#cmakedefine GIT_SHA1_BUILTIN 1
 #cmakedefine GIT_SHA1_WIN32 1
 #cmakedefine GIT_SHA1_COMMON_CRYPTO 1
 #cmakedefine GIT_SHA1_OPENSSL 1
--- a/src/util/hash/sha.h
+++ b/src/util/hash/sha.h
@@ -13,6 +13,10 @@
 typedef struct git_hash_sha1_ctx git_hash_sha1_ctx;
 typedef struct git_hash_sha256_ctx git_hash_sha256_ctx;
 #if defined(GIT_SHA1_BUILTIN)
 # include "collisiondetect.h"
 #endif
 #if defined(GIT_SHA1_COMMON_CRYPTO) || defined(GIT_SHA256_COMMON_CRYPTO)
 # include "common_crypto.h"
 #endif
@@ -32,10 +36,6 @@ typedef struct git_hash_sha256_ctx git_hash_sha256_ctx;
 # include "mbedtls.h"
 #endif
 #if defined(GIT_SHA1_COLLISIONDETECT)
 # include "collisiondetect.h"
 #endif
 #if defined(GIT_SHA256_BUILTIN)
 # include "builtin.h"
 #endif
--- a/tests/libgit2/core/features.c
+++ b/tests/libgit2/core/features.c
@@ -186,7 +186,7 @@ void test_core_features__backends(void)
 	cl_assert(0);
 #endif
-#if defined(GIT_SHA1_COLLISIONDETECT)
+#if defined(GIT_SHA1_BUILTIN)
 	cl_assert_equal_s("builtin", sha1);
 #elif defined(GIT_SHA1_OPENSSL)
 	cl_assert_equal_s("openssl", sha1);
--- a/tests/util/sha1.c
+++ b/tests/util/sha1.c
@@ -70,7 +70,7 @@ void test_sha1__detect_collision_attack(void)
 		0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a
 	};
-#ifdef GIT_SHA1_COLLISIONDETECT
+#ifdef GIT_SHA1_BUILTIN
 	GIT_UNUSED(&expected);
 	cl_git_fail(sha1_file(actual, FIXTURE_DIR "/shattered-1.pdf"));
 	cl_assert_equal_s("SHA1 collision attack detected", git_error_last()->message);