From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: git@vger.kernel.org
Cc: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>,
"Junio C Hamano" <gitster@pobox.com>,
"Eric Sunshine" <sunshine@sunshineco.com>,
"Martin Ågren" <martin.agren@gmail.com>,
"SZEDER Gábor" <szeder.dev@gmail.com>
Subject: [PATCH v2 25/42] builtin/receive-pack: avoid hard-coded constants for push certs
Date: Wed, 2 May 2018 00:25:53 +0000 [thread overview]
Message-ID: <20180502002610.915892-26-sandals@crustytoothpaste.net> (raw)
In-Reply-To: <20180502002610.915892-1-sandals@crustytoothpaste.net>
Use the GIT_SHA1_RAWSZ and GIT_SHA1_HEXSZ macros instead of hard-coding
the constants 20 and 40. Switch one use of 20 with a format specifier
for a hex value to use the hex constant instead, as the original appears
to have been a typo.
At this point, avoid converting the hard-coded use of SHA-1 to use
the_hash_algo. SHA-1, even if not collision resistant, is secure in the
context in which it is used here, and the hash algorithm of the repo
need not match what is used here. When we adopt a new hash algorithm,
we can simply adopt the new algorithm wholesale here, as the nonce is
opaque and its length and validity are entirely controlled by the
server. Consequently, defer updating this code until that point.
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
---
builtin/receive-pack.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index 4b68a28e92..6501d6b6cf 100644
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -454,21 +454,21 @@ static void hmac_sha1(unsigned char *out,
/* RFC 2104 2. (6) & (7) */
git_SHA1_Init(&ctx);
git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
- git_SHA1_Update(&ctx, out, 20);
+ git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
git_SHA1_Final(out, &ctx);
}
static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
{
struct strbuf buf = STRBUF_INIT;
- unsigned char sha1[20];
+ unsigned char sha1[GIT_SHA1_RAWSZ];
strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
strbuf_release(&buf);
/* RFC 2104 5. HMAC-SHA1-80 */
- strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
+ strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
return strbuf_detach(&buf, NULL);
}
next prev parent reply other threads:[~2018-05-02 0:27 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-02 0:25 [PATCH v2 00/42] object_id part 13 brian m. carlson
2018-05-02 0:25 ` [PATCH v2 01/42] cache: add a function to read an object ID from a buffer brian m. carlson
2018-05-02 0:25 ` [PATCH v2 02/42] server-info: remove unused members from struct pack_info brian m. carlson
2018-05-02 0:25 ` [PATCH v2 03/42] Remove unused member in struct object_context brian m. carlson
2018-05-02 0:25 ` [PATCH v2 04/42] packfile: remove unused member from struct pack_entry brian m. carlson
2018-05-02 0:25 ` [PATCH v2 05/42] packfile: convert has_sha1_pack to object_id brian m. carlson
2018-05-02 0:25 ` [PATCH v2 06/42] sha1-file: convert freshen functions " brian m. carlson
2018-05-02 0:25 ` [PATCH v2 07/42] packfile: convert find_pack_entry " brian m. carlson
2018-05-02 0:25 ` [PATCH v2 08/42] packfile: abstract away hash constant values brian m. carlson
2018-05-02 0:25 ` [PATCH v2 09/42] pack-objects: abstract away hash algorithm brian m. carlson
2018-05-02 0:25 ` [PATCH v2 10/42] pack-redundant: " brian m. carlson
2018-05-02 0:25 ` [PATCH v2 11/42] tree-walk: avoid hard-coded 20 constant brian m. carlson
2018-05-02 0:25 ` [PATCH v2 12/42] tree-walk: convert get_tree_entry_follow_symlinks to object_id brian m. carlson
2018-05-02 0:25 ` [PATCH v2 13/42] fsck: convert static functions to struct object_id brian m. carlson
2018-05-02 0:25 ` [PATCH v2 14/42] submodule-config: convert structures to object_id brian m. carlson
2018-05-02 0:25 ` [PATCH v2 15/42] split-index: convert struct split_index " brian m. carlson
2018-05-02 0:25 ` [PATCH v2 16/42] Update struct index_state to use struct object_id brian m. carlson
2018-05-02 0:25 ` [PATCH v2 17/42] pack-redundant: convert linked lists " brian m. carlson
2018-05-02 0:25 ` [PATCH v2 18/42] index-pack: abstract away hash function constant brian m. carlson
2018-05-02 0:25 ` [PATCH v2 19/42] commit: convert uses of get_sha1_hex to get_oid_hex brian m. carlson
2018-05-02 0:25 ` [PATCH v2 20/42] dir: convert struct untracked_cache_dir to object_id brian m. carlson
2018-05-02 0:25 ` [PATCH v2 21/42] http: eliminate hard-coded constants brian m. carlson
2018-05-02 0:25 ` [PATCH v2 22/42] revision: replace use of " brian m. carlson
2018-05-02 0:25 ` [PATCH v2 23/42] upload-pack: replace use of several " brian m. carlson
2018-05-02 0:25 ` [PATCH v2 24/42] diff: specify abbreviation size in terms of the_hash_algo brian m. carlson
2018-05-02 0:25 ` brian m. carlson [this message]
2018-05-02 0:25 ` [PATCH v2 26/42] sha1-file: add functions for hex empty tree and blob OIDs brian m. carlson
2018-05-02 0:25 ` [PATCH v2 27/42] builtin/am: convert uses of EMPTY_TREE_SHA1_BIN to the_hash_algo brian m. carlson
2018-05-02 0:25 ` [PATCH v2 28/42] builtin/merge: switch tree functions to use object_id brian m. carlson
2018-05-02 0:25 ` [PATCH v2 29/42] merge: convert empty tree constant to the_hash_algo brian m. carlson
2018-05-02 0:25 ` [PATCH v2 30/42] sequencer: convert one use of EMPTY_TREE_SHA1_HEX brian m. carlson
2018-05-02 0:25 ` [PATCH v2 31/42] submodule: convert several uses " brian m. carlson
2018-05-02 0:26 ` [PATCH v2 32/42] wt-status: convert two " brian m. carlson
2018-05-02 0:26 ` [PATCH v2 33/42] builtin/receive-pack: convert one use " brian m. carlson
2018-05-02 0:26 ` [PATCH v2 34/42] builtin/reset: convert use of EMPTY_TREE_SHA1_BIN brian m. carlson
2018-05-02 0:26 ` [PATCH v2 35/42] sha1_file: convert cached object code to struct object_id brian m. carlson
2018-05-02 0:26 ` [PATCH v2 36/42] cache-tree: use is_empty_tree_oid brian m. carlson
2018-05-02 0:26 ` [PATCH v2 37/42] sequencer: use the_hash_algo for empty tree object ID brian m. carlson
2018-05-02 0:26 ` [PATCH v2 38/42] dir: use the_hash_algo for empty blob " brian m. carlson
2018-05-02 0:26 ` [PATCH v2 39/42] sha1_file: only expose empty object constants through git_hash_algo brian m. carlson
2018-05-02 0:26 ` [PATCH v2 40/42] Update shell scripts to compute empty tree object ID brian m. carlson
2018-05-02 0:26 ` [PATCH v2 41/42] add--interactive: compute the empty tree value brian m. carlson
2018-05-02 0:26 ` [PATCH v2 42/42] merge-one-file: compute empty blob object ID brian m. carlson
2018-05-02 15:32 ` [PATCH v2 00/42] object_id part 13 Duy Nguyen
2018-05-02 23:42 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180502002610.915892-26-sandals@crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=martin.agren@gmail.com \
--cc=pclouds@gmail.com \
--cc=sunshine@sunshineco.com \
--cc=szeder.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).