Skip to content

Commit f6d27d2

Browse files
bk2204gitster
authored andcommitted
builtin/receive-pack: avoid hard-coded constants for push certs
Use the GIT_SHA1_RAWSZ and GIT_SHA1_HEXSZ macros instead of hard-coding the constants 20 and 40. Switch one use of 20 with a format specifier for a hex value to use the hex constant instead, as the original appears to have been a typo. At this point, avoid converting the hard-coded use of SHA-1 to use the_hash_algo. SHA-1, even if not collision resistant, is secure in the context in which it is used here, and the hash algorithm of the repo need not match what is used here. When we adopt a new hash algorithm, we can simply adopt the new algorithm wholesale here, as the nonce is opaque and its length and validity are entirely controlled by the server. Consequently, defer updating this code until that point. Signed-off-by: brian m. carlson <[email protected]> Signed-off-by: Junio C Hamano <[email protected]>
1 parent de1d81d commit f6d27d2

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

builtin/receive-pack.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -454,21 +454,21 @@ static void hmac_sha1(unsigned char *out,
454454
/* RFC 2104 2. (6) & (7) */
455455
git_SHA1_Init(&ctx);
456456
git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
457-
git_SHA1_Update(&ctx, out, 20);
457+
git_SHA1_Update(&ctx, out, GIT_SHA1_RAWSZ);
458458
git_SHA1_Final(out, &ctx);
459459
}
460460

461461
static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
462462
{
463463
struct strbuf buf = STRBUF_INIT;
464-
unsigned char sha1[20];
464+
unsigned char sha1[GIT_SHA1_RAWSZ];
465465

466466
strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
467467
hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
468468
strbuf_release(&buf);
469469

470470
/* RFC 2104 5. HMAC-SHA1-80 */
471-
strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
471+
strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, GIT_SHA1_HEXSZ, sha1_to_hex(sha1));
472472
return strbuf_detach(&buf, NULL);
473473
}
474474

0 commit comments

Comments
 (0)