From ca6daa1368eb9b0b48f64ef57907821318d7971c Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Tue, 1 Jul 2025 21:22:27 +0000 Subject: hash: add a constant for the default hash algorithm Right now, SHA-1 is the default hash algorithm in Git. However, this may change in the future. We have many places in our code that use the SHA-1 constant to indicate the default hash if none is specified, but it will end up being more practical to specify this explicitly and clearly using a constant for whatever the default hash algorithm is. Then, if we decide to change it in the future, we can simply replace the constant representing the default with a new value. For these reasons, introduce GIT_HASH_DEFAULT to represent the default hash algorithm. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- hash.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'hash.h') diff --git a/hash.h b/hash.h index d6422ddf45..0d3d85e04c 100644 --- a/hash.h +++ b/hash.h @@ -174,6 +174,8 @@ static inline void git_SHA256_Clone(git_SHA256_CTX *dst, const git_SHA256_CTX *s #define GIT_HASH_SHA256 2 /* Number of algorithms supported (including unknown). */ #define GIT_HASH_NALGOS (GIT_HASH_SHA256 + 1) +/* Default hash algorithm if unspecified. */ +#define GIT_HASH_DEFAULT GIT_HASH_SHA1 /* "sha1", big-endian */ #define GIT_SHA1_FORMAT_ID 0x73686131 -- cgit v1.3-5-g9baa From 1f68f3da877a91fefd6cc84b79986af2ef73d21e Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Tue, 1 Jul 2025 21:22:28 +0000 Subject: hash: add a constant for the legacy hash algorithm We have a a variety of uses of GIT_HASH_SHA1 littered throughout our code. Some of these really mean to represent specifically SHA-1, but some actually represent the original hash algorithm used in Git which is implied by older, legacy formats and protocols which do not contain hash information. For instance, the bundle v1 and v2 formats do not contain hash algorithm information, and thus SHA-1 is implied by the use of these formats. Add a constant for documentary purposes which indicates this value. It will always be the same as SHA-1, since this is an essential part of these formats, but its use indicates this particular reason and not any other reason why SHA-1 might be used. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- hash.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'hash.h') diff --git a/hash.h b/hash.h index 0d3d85e04c..953e840d15 100644 --- a/hash.h +++ b/hash.h @@ -176,6 +176,8 @@ static inline void git_SHA256_Clone(git_SHA256_CTX *dst, const git_SHA256_CTX *s #define GIT_HASH_NALGOS (GIT_HASH_SHA256 + 1) /* Default hash algorithm if unspecified. */ #define GIT_HASH_DEFAULT GIT_HASH_SHA1 +/* Legacy hash algorithm. Implied for older data formats which don't specify. */ +#define GIT_HASH_SHA1_LEGACY GIT_HASH_SHA1 /* "sha1", big-endian */ #define GIT_SHA1_FORMAT_ID 0x73686131 -- cgit v1.3-5-g9baa From c79bb70a2e7d9158ec165ea16ad45371cd6e350d Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Tue, 1 Jul 2025 21:22:37 +0000 Subject: Enable SHA-256 by default in breaking changes mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Our document on breaking changes indicates that we intend to default to SHA-256 in Git 3.0. Since most people choose the default option, this is an important security upgrade to our defaults. To allow people to test this case, when WITH_BREAKING_CHANGES is set in the configuration, build Git with SHA-256 as the default hash. Update the testsuite to use the build options information to automatically choose the right value. Note that if the command substitution for GIT_TEST_BUILTIN_HASH fails, so does the testsuiteā€”and quite spectacularly at that. Thus, the case where the Git binary is somehow subtly broken will not go undetected. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- hash.h | 8 +++++++- t/test-lib.sh | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'hash.h') diff --git a/hash.h b/hash.h index 953e840d15..3fcbe9bcba 100644 --- a/hash.h +++ b/hash.h @@ -174,8 +174,14 @@ static inline void git_SHA256_Clone(git_SHA256_CTX *dst, const git_SHA256_CTX *s #define GIT_HASH_SHA256 2 /* Number of algorithms supported (including unknown). */ #define GIT_HASH_NALGOS (GIT_HASH_SHA256 + 1) + /* Default hash algorithm if unspecified. */ -#define GIT_HASH_DEFAULT GIT_HASH_SHA1 +#ifdef WITH_BREAKING_CHANGES +# define GIT_HASH_DEFAULT GIT_HASH_SHA256 +#else +# define GIT_HASH_DEFAULT GIT_HASH_SHA1 +#endif + /* Legacy hash algorithm. Implied for older data formats which don't specify. */ #define GIT_HASH_SHA1_LEGACY GIT_HASH_SHA1 diff --git a/t/test-lib.sh b/t/test-lib.sh index be71890678..315543f293 100644 --- a/t/test-lib.sh +++ b/t/test-lib.sh @@ -536,7 +536,7 @@ export GIT_COMMITTER_EMAIL GIT_COMMITTER_NAME export GIT_COMMITTER_DATE GIT_AUTHOR_DATE export EDITOR -GIT_TEST_BUILTIN_HASH=sha1 +GIT_TEST_BUILTIN_HASH=$("$GIT_BUILD_DIR/git" version --build-options | sed -ne 's/^default-hash: //p') GIT_DEFAULT_HASH="${GIT_TEST_DEFAULT_HASH:-$GIT_TEST_BUILTIN_HASH}" export GIT_DEFAULT_HASH GIT_DEFAULT_REF_FORMAT="${GIT_TEST_DEFAULT_REF_FORMAT:-files}" -- cgit v1.3-5-g9baa