From: Taylor Blau <me@ttaylorr•com>
To: git@vger•kernel.org
Cc: Jeff King <peff@peff•net>, Junio C Hamano <gitster@pobox•com>,
Elijah Newren <newren@gmail•com>, Patrick Steinhardt <ps@pks•im>
Subject: [PATCH v4 0/8] hash: introduce unsafe_hash_algo(), drop unsafe_ variants
Date: Thu, 23 Jan 2025 12:34:12 -0500 [thread overview]
Message-ID: <cover.1737653640.git.me@ttaylorr.com> (raw)
In-Reply-To: <cover.1732130001.git.me@ttaylorr.com>
(This series is based on 14650065b7 (RelNotes/2.48.0: fix typos etc.,
2025-01-07)).
Here is a hopefully final version of my series to harden the unsafe hash
algorithm changes added in v2.47.0. The only difference from last time
is that hash_algo_by_ptr() now returns GIT_HASH_UNKNOWN for NULL and
unsafe variants, which is a strict improvement from both v3 of this
series and the status-quo on master.
As usual, a (small) range-diff is included below for convenience, and
the original cover letter is as follows:
------------
This series implements an idea discussed in [2] which suggests that we
introduce a way to access a wrapped version of a 'struct git_hash_algo'
which represents the unsafe variant of that algorithm, rather than
having individual unsafe_ functions (like unsafe_init_fn() versus
init_fn(), etc.).
This approach is relatively straightforward to implement, and removes a
significant deficiency in the original implementation of
unsafe/non-cryptographic hash functions by making it impossible to
switch between safe- and unsafe variants of hash functions. It also
cleans up the sha1-unsafe test helper's implementation by removing a
large number of "if (unsafe)"-style conditionals.
The series is laid out as follows:
* The first two patches prepare the hashfile API for the upcoming
change:
csum-file: store the hash algorithm as a struct field
csum-file.c: extract algop from hashfile_checksum_valid()
* The next patch implements the new 'unsafe_hash_algo()' function at
the heart of this series' approach:
hash.h: introduce `unsafe_hash_algo()`
* The next two patches convert existing callers to use the new
'unsafe_hash_algo()' function, instead of switching between safe and
unsafe_ variants of individual functions:
csum-file.c: use unsafe_hash_algo()
t/helper/test-hash.c: use unsafe_hash_algo()
* The final patch drops the unsafe_ function variants following all
callers being converted to use the new pattern:
hash.h: drop unsafe_ function variants
Thanks in advance for your review!
[1]: https://lore.kernel.org/git/20241230-pks-meson-sha1-unsafe-v1-0-efb276e171f5@pks.im/
[2]: https://lore.kernel.org/git/20241107013915.GA961214@coredump.intra.peff.net/
Taylor Blau (8):
t/helper/test-tool: implement sha1-unsafe helper
csum-file: store the hash algorithm as a struct field
csum-file.c: extract algop from hashfile_checksum_valid()
hash.h: introduce `unsafe_hash_algo()`
csum-file.c: use unsafe_hash_algo()
t/helper/test-hash.c: use unsafe_hash_algo()
csum-file: introduce hashfile_checkpoint_init()
hash.h: drop unsafe_ function variants
builtin/fast-import.c | 2 +-
bulk-checkin.c | 9 ++++++---
csum-file.c | 40 +++++++++++++++++++++++++---------------
csum-file.h | 2 ++
hash.h | 28 ++++++++++++----------------
object-file.c | 41 ++++++++++++++++++++++++++---------------
t/helper/test-hash.c | 4 +++-
t/helper/test-sha1.c | 7 ++++++-
t/helper/test-sha1.sh | 38 ++++++++++++++++++++++----------------
t/helper/test-sha256.c | 2 +-
t/helper/test-tool.c | 1 +
t/helper/test-tool.h | 3 ++-
12 files changed, 107 insertions(+), 70 deletions(-)
Range-diff against v3:
1: ae6b8c75294 = 1: b64ae238248 t/helper/test-tool: implement sha1-unsafe helper
2: 2b79c76e471 = 2: d03f503682f csum-file: store the hash algorithm as a struct field
3: d7deb3f338e = 3: 73554c3b881 csum-file.c: extract algop from hashfile_checksum_valid()
4: b6b2bb2714f ! 4: ae01f1f4274 hash.h: introduce `unsafe_hash_algo()`
@@ hash.h: int hash_algo_by_length(int len);
+ size_t i;
+ for (i = 0; i < GIT_HASH_NALGOS; i++) {
+ const struct git_hash_algo *algop = &hash_algos[i];
-+ if (p == algop || (algop->unsafe && p == algop->unsafe))
++ if (p == algop)
+ return i;
+ }
+ return GIT_HASH_UNKNOWN;
5: ca67de80971 = 5: 64a850c77ae csum-file.c: use unsafe_hash_algo()
6: 21b175b07ff = 6: 3dcccccf752 t/helper/test-hash.c: use unsafe_hash_algo()
7: 850d4f407db = 7: da97157c4a1 csum-file: introduce hashfile_checkpoint_init()
8: 0c4d006e6e8 = 8: 0ba27182b5e hash.h: drop unsafe_ function variants
base-commit: 14650065b76b28d3cfa9453356ac5669b19e706e
--
2.48.0.rc2.35.gd215225db14
next prev parent reply other threads:[~2025-01-23 17:34 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-20 19:13 [PATCH 0/6] hash: introduce unsafe_hash_algo(), drop unsafe_ variants Taylor Blau
2024-11-20 19:13 ` [PATCH 1/6] csum-file: store the hash algorithm as a struct field Taylor Blau
2024-11-21 9:18 ` Jeff King
2024-11-20 19:13 ` [PATCH 2/6] csum-file.c: extract algop from hashfile_checksum_valid() Taylor Blau
2024-11-20 19:13 ` [PATCH 3/6] hash.h: introduce `unsafe_hash_algo()` Taylor Blau
2024-11-21 9:37 ` Jeff King
2024-11-22 0:39 ` brian m. carlson
2024-11-22 8:25 ` Jeff King
2024-11-22 20:37 ` brian m. carlson
2025-01-10 21:38 ` Taylor Blau
2025-01-11 2:45 ` Jeff King
2024-11-20 19:13 ` [PATCH 4/6] csum-file.c: use unsafe_hash_algo() Taylor Blau
2024-11-20 19:13 ` [PATCH 5/6] t/helper/test-hash.c: " Taylor Blau
2024-11-20 19:13 ` [PATCH 6/6] hash.h: drop unsafe_ function variants Taylor Blau
2024-11-21 9:41 ` Jeff King
2025-01-08 19:14 ` [PATCH v2 0/8] hash: introduce unsafe_hash_algo(), drop unsafe_ variants Taylor Blau
2025-01-08 19:14 ` [PATCH v2 1/8] t/helper/test-tool: implement sha1-unsafe helper Taylor Blau
2025-01-08 19:14 ` [PATCH v2 2/8] csum-file: store the hash algorithm as a struct field Taylor Blau
2025-01-16 11:48 ` Patrick Steinhardt
2025-01-17 21:17 ` Taylor Blau
2025-01-08 19:14 ` [PATCH v2 3/8] csum-file.c: extract algop from hashfile_checksum_valid() Taylor Blau
2025-01-08 19:14 ` [PATCH v2 4/8] hash.h: introduce `unsafe_hash_algo()` Taylor Blau
2025-01-16 11:49 ` Patrick Steinhardt
2025-01-17 21:18 ` Taylor Blau
2025-01-08 19:14 ` [PATCH v2 5/8] csum-file.c: use unsafe_hash_algo() Taylor Blau
2025-01-08 19:14 ` [PATCH v2 6/8] t/helper/test-hash.c: " Taylor Blau
2025-01-08 19:14 ` [PATCH v2 7/8] csum-file: introduce hashfile_checkpoint_init() Taylor Blau
2025-01-10 10:37 ` Jeff King
2025-01-10 21:50 ` Taylor Blau
2025-01-17 21:30 ` Taylor Blau
2025-01-18 12:15 ` Jeff King
2025-01-08 19:14 ` [PATCH v2 8/8] hash.h: drop unsafe_ function variants Taylor Blau
2025-01-10 10:41 ` [PATCH v2 0/8] hash: introduce unsafe_hash_algo(), drop unsafe_ variants Jeff King
2025-01-10 21:29 ` Taylor Blau
2025-01-11 2:42 ` Jeff King
2025-01-11 0:14 ` Junio C Hamano
2025-01-11 17:14 ` Taylor Blau
2025-01-17 22:03 ` [PATCH v3 " Taylor Blau
2025-01-17 22:03 ` [PATCH v3 1/8] t/helper/test-tool: implement sha1-unsafe helper Taylor Blau
2025-01-17 22:03 ` [PATCH v3 2/8] csum-file: store the hash algorithm as a struct field Taylor Blau
2025-01-17 22:03 ` [PATCH v3 3/8] csum-file.c: extract algop from hashfile_checksum_valid() Taylor Blau
2025-01-17 22:03 ` [PATCH v3 4/8] hash.h: introduce `unsafe_hash_algo()` Taylor Blau
2025-01-17 22:03 ` [PATCH v3 5/8] csum-file.c: use unsafe_hash_algo() Taylor Blau
2025-01-17 22:03 ` [PATCH v3 6/8] t/helper/test-hash.c: " Taylor Blau
2025-01-17 22:03 ` [PATCH v3 7/8] csum-file: introduce hashfile_checkpoint_init() Taylor Blau
2025-01-17 22:03 ` [PATCH v3 8/8] hash.h: drop unsafe_ function variants Taylor Blau
2025-01-18 12:28 ` [PATCH v3 0/8] hash: introduce unsafe_hash_algo(), drop unsafe_ variants Jeff King
2025-01-18 12:43 ` Jeff King
2025-01-22 21:31 ` Junio C Hamano
2025-01-23 17:34 ` Taylor Blau [this message]
2025-01-23 17:34 ` [PATCH v4 1/8] t/helper/test-tool: implement sha1-unsafe helper Taylor Blau
2025-01-23 17:34 ` [PATCH v4 2/8] csum-file: store the hash algorithm as a struct field Taylor Blau
2025-01-23 17:34 ` [PATCH v4 3/8] csum-file.c: extract algop from hashfile_checksum_valid() Taylor Blau
2025-01-23 17:34 ` [PATCH v4 4/8] hash.h: introduce `unsafe_hash_algo()` Taylor Blau
2025-01-23 17:34 ` [PATCH v4 5/8] csum-file.c: use unsafe_hash_algo() Taylor Blau
2025-01-23 17:34 ` [PATCH v4 6/8] t/helper/test-hash.c: " Taylor Blau
2025-01-23 17:34 ` [PATCH v4 7/8] csum-file: introduce hashfile_checkpoint_init() Taylor Blau
2025-01-23 17:34 ` [PATCH v4 8/8] hash.h: drop unsafe_ function variants Taylor Blau
2025-01-23 18:30 ` [PATCH v4 0/8] hash: introduce unsafe_hash_algo(), drop unsafe_ variants Junio C Hamano
2025-01-23 18:50 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1737653640.git.me@ttaylorr.com \
--to=me@ttaylorr$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
--cc=gitster@pobox$(echo .)com \
--cc=newren@gmail$(echo .)com \
--cc=peff@peff$(echo .)net \
--cc=ps@pks$(echo .)im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox