hash: provide generic wrappers to update hash contexts

pks-t · gitster · commit b2755c15e235 · 2025-01-31T10:06:11.000-08:00
The hash context is supposed to be updated via the `git_hash_algo` structure, which contains a list of function pointers to update, clone or finalize a hashing context. This requires the callers to track which algorithm was used to initialize the context and continue to use the exact same algorithm. If they fail to do that correctly, it can happen that we start to access context state of one hash algorithm with functions of a different hash algorithm. The result would typically be a segfault, as could be seen e.g. in the patches part of 9842294 (Merge branch 'ps/weak-sha1-for-tail-sum-fix', 2025-01-01). The situation was significantly improved starting with 04292c3 (hash.h: drop unsafe_ function variants, 2025-01-23) and its parent commits. These refactorings ensure that it is not possible to mix up safe and unsafe variants of the same hash algorithm anymore. But in theory, it is still possible to mix up different hash algorithms with each other, even though this is a lot less likely to happen. But still, we can do better: instead of asking the caller to remember the hash algorithm used to initialize a context, we can instead make the context itself remember which algorithm it has been initialized with. If we do so, callers can use a set of generic helpers to update the context and don't need to be aware of the hash algorithm at all anymore. Adapt the context initialization functions to store the hash algorithm in the hashing context and introduce these generic helpers. Callers will be adapted in the subsequent commit. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com>
diff --git a/hash.h b/hash.h
@@ -235,6 +235,7 @@ enum get_oid_result {
 
 /* A suitably aligned type for stack allocations of hash contexts. */
 struct git_hash_ctx {
+	const struct git_hash_algo *algop;
 	union {
 		git_SHA_CTX sha1;
 		git_SHA_CTX_unsafe sha1_unsafe;
@@ -296,6 +297,26 @@ struct git_hash_algo {
 };
 extern const struct git_hash_algo hash_algos[GIT_HASH_NALGOS];
 
+static inline void git_hash_clone(struct git_hash_ctx *dst, const struct git_hash_ctx *src)
+{
+	src->algop->clone_fn(dst, src);
+}
+
+static inline void git_hash_update(struct git_hash_ctx *ctx, const void *in, size_t len)
+{
+	ctx->algop->update_fn(ctx, in, len);
+}
+
+static inline void git_hash_final(unsigned char *hash, struct git_hash_ctx *ctx)
+{
+	ctx->algop->final_fn(hash, ctx);
+}
+
+static inline void git_hash_final_oid(struct object_id *oid, struct git_hash_ctx *ctx)
+{
+	ctx->algop->final_oid_fn(oid, ctx);
+}
+
 /*
  * Return a GIT_HASH_* constant based on the name.  Returns GIT_HASH_UNKNOWN if
  * the name doesn't match a known algorithm.
diff --git a/object-file.c b/object-file.c
@@ -88,11 +88,13 @@ static const struct object_id null_oid_sha256 = {
 
 static void git_hash_sha1_init(struct git_hash_ctx *ctx)
 {
+	ctx->algop = &hash_algos[GIT_HASH_SHA1];
 	git_SHA1_Init(&ctx->state.sha1);
 }
 
 static void git_hash_sha1_clone(struct git_hash_ctx *dst, const struct git_hash_ctx *src)
 {
+	dst->algop = src->algop;
 	git_SHA1_Clone(&dst->state.sha1, &src->state.sha1);
 }
 
@@ -115,11 +117,13 @@ static void git_hash_sha1_final_oid(struct object_id *oid, struct git_hash_ctx *
 
 static void git_hash_sha1_init_unsafe(struct git_hash_ctx *ctx)
 {
+	ctx->algop = unsafe_hash_algo(&hash_algos[GIT_HASH_SHA1]);
 	git_SHA1_Init_unsafe(&ctx->state.sha1_unsafe);
 }
 
 static void git_hash_sha1_clone_unsafe(struct git_hash_ctx *dst, const struct git_hash_ctx *src)
 {
+	dst->algop = src->algop;
 	git_SHA1_Clone_unsafe(&dst->state.sha1_unsafe, &src->state.sha1_unsafe);
 }
 
@@ -143,11 +147,13 @@ static void git_hash_sha1_final_oid_unsafe(struct object_id *oid, struct git_has
 
 static void git_hash_sha256_init(struct git_hash_ctx *ctx)
 {
+	ctx->algop = unsafe_hash_algo(&hash_algos[GIT_HASH_SHA256]);
 	git_SHA256_Init(&ctx->state.sha256);
 }
 
 static void git_hash_sha256_clone(struct git_hash_ctx *dst, const struct git_hash_ctx *src)
 {
+	dst->algop = src->algop;
 	git_SHA256_Clone(&dst->state.sha256, &src->state.sha256);
 }
 

Original file line number	Diff line number	Diff line change
`@@ -88,11 +88,13 @@ static const struct object_id null_oid_sha256 = {`
`88`	`88`
`89`	`89`	`static void git_hash_sha1_init(struct git_hash_ctx *ctx)`
`90`	`90`	`{`
	`91`	`+ ctx->algop = &hash_algos[GIT_HASH_SHA1];`
`91`	`92`	`git_SHA1_Init(&ctx->state.sha1);`
`92`	`93`	`}`
`93`	`94`
`94`	`95`	`static void git_hash_sha1_clone(struct git_hash_ctx dst, const struct git_hash_ctx src)`
`95`	`96`	`{`
	`97`	`+ dst->algop = src->algop;`
`96`	`98`	`git_SHA1_Clone(&dst->state.sha1, &src->state.sha1);`
`97`	`99`	`}`
`98`	`100`
`@@ -115,11 +117,13 @@ static void git_hash_sha1_final_oid(struct object_id oid, struct git_hash_ctx `
`115`	`117`
`116`	`118`	`static void git_hash_sha1_init_unsafe(struct git_hash_ctx *ctx)`
`117`	`119`	`{`
	`120`	`+ ctx->algop = unsafe_hash_algo(&hash_algos[GIT_HASH_SHA1]);`
`118`	`121`	`git_SHA1_Init_unsafe(&ctx->state.sha1_unsafe);`
`119`	`122`	`}`
`120`	`123`
`121`	`124`	`static void git_hash_sha1_clone_unsafe(struct git_hash_ctx dst, const struct git_hash_ctx src)`
`122`	`125`	`{`
	`126`	`+ dst->algop = src->algop;`
`123`	`127`	`git_SHA1_Clone_unsafe(&dst->state.sha1_unsafe, &src->state.sha1_unsafe);`
`124`	`128`	`}`
`125`	`129`
`@@ -143,11 +147,13 @@ static void git_hash_sha1_final_oid_unsafe(struct object_id *oid, struct git_has`
`143`	`147`
`144`	`148`	`static void git_hash_sha256_init(struct git_hash_ctx *ctx)`
`145`	`149`	`{`
	`150`	`+ ctx->algop = unsafe_hash_algo(&hash_algos[GIT_HASH_SHA256]);`
`146`	`151`	`git_SHA256_Init(&ctx->state.sha256);`
`147`	`152`	`}`
`148`	`153`
`149`	`154`	`static void git_hash_sha256_clone(struct git_hash_ctx dst, const struct git_hash_ctx src)`
`150`	`155`	`{`
	`156`	`+ dst->algop = src->algop;`
`151`	`157`	`git_SHA256_Clone(&dst->state.sha256, &src->state.sha256);`
`152`	`158`	`}`
`153`	`159`