From: Junio C Hamano Date: Fri, 24 Mar 2017 20:07:38 +0000 (-0700) Subject: Merge branch 'jk/sha1dc' X-Git-Tag: v2.13.0-rc0~74 X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/48b3693d3cec7bd7996b1394a8df901d1fc26320?ds=inline;hp=-c Merge branch 'jk/sha1dc' The "detect attempt to create collisions" variant of SHA-1 implementation by Marc Stevens (CWI) and Dan Shumow (Microsoft) has been integrated and made the default. * jk/sha1dc: Makefile: make DC_SHA1 the default t0013: add a basic sha1 collision detection test Makefile: add DC_SHA1 knob sha1dc: disable safe_hash feature sha1dc: adjust header includes for git sha1dc: add collision-detecting sha1 implementation --- 48b3693d3cec7bd7996b1394a8df901d1fc26320 diff --combined Makefile index a5a11e721a,fd4421eeb8..c80fec2920 --- a/Makefile +++ b/Makefile @@@ -102,6 -102,8 +102,6 @@@ all: # # Define MKDIR_WO_TRAILING_SLASH if your mkdir() can't deal with trailing slash. # -# Define NO_MKSTEMPS if you don't have mkstemps in the C library. -# # Define NO_GECOS_IN_PWENT if you don't have pw_gecos in struct passwd # in the C library. # @@@ -140,6 -142,13 +140,13 @@@ # Define PPC_SHA1 environment variable when running make to make use of # a bundled SHA1 routine optimized for PowerPC. # + # Define DC_SHA1 to unconditionally enable the collision-detecting sha1 + # algorithm. This is slower, but may detect attempted collision attacks. + # Takes priority over other *_SHA1 knobs. + # + # Define OPENSSL_SHA1 environment variable when running make to link + # with the SHA1 routine from openssl library. + # # Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed # in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO # wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined. @@@ -779,7 -788,6 +786,7 @@@ LIB_OBJS += notes-cache. LIB_OBJS += notes-merge.o LIB_OBJS += notes-utils.o LIB_OBJS += object.o +LIB_OBJS += oidset.o LIB_OBJS += pack-bitmap.o LIB_OBJS += pack-bitmap-write.o LIB_OBJS += pack-check.o @@@ -931,7 -939,6 +938,7 @@@ BUILTIN_OBJS += builtin/prune. BUILTIN_OBJS += builtin/pull.o BUILTIN_OBJS += builtin/push.o BUILTIN_OBJS += builtin/read-tree.o +BUILTIN_OBJS += builtin/rebase--helper.o BUILTIN_OBJS += builtin/receive-pack.o BUILTIN_OBJS += builtin/reflog.o BUILTIN_OBJS += builtin/remote.o @@@ -1280,6 -1287,9 +1287,6 @@@ ifdef MKDIR_WO_TRAILING_SLAS COMPAT_CFLAGS += -DMKDIR_WO_TRAILING_SLASH COMPAT_OBJS += compat/mkdir.o endif -ifdef NO_MKSTEMPS - COMPAT_CFLAGS += -DNO_MKSTEMPS -endif ifdef NO_UNSETENV COMPAT_CFLAGS += -DNO_UNSETENV COMPAT_OBJS += compat/unsetenv.o @@@ -1383,6 -1393,10 +1390,10 @@@ ifdef APPLE_COMMON_CRYPT SHA1_MAX_BLOCK_SIZE = 1024L*1024L*1024L endif + ifdef OPENSSL_SHA1 + EXTLIBS += $(LIB_4_CRYPTO) + BASIC_CFLAGS += -DSHA1_OPENSSL + else ifdef BLK_SHA1 LIB_OBJS += block-sha1/sha1.o BASIC_CFLAGS += -DSHA1_BLK @@@ -1395,8 -1409,11 +1406,11 @@@ ifdef APPLE_COMMON_CRYPT COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL BASIC_CFLAGS += -DSHA1_APPLE else - EXTLIBS += $(LIB_4_CRYPTO) - BASIC_CFLAGS += -DSHA1_OPENSSL + DC_SHA1 := YesPlease + LIB_OBJS += sha1dc/sha1.o + LIB_OBJS += sha1dc/ubc_check.o + BASIC_CFLAGS += -DSHA1_DC + endif endif endif endif @@@ -2223,6 -2240,7 +2237,7 @@@ GIT-BUILD-OPTIONS: FORC @echo NO_PYTHON=\''$(subst ','\'',$(subst ','\'',$(NO_PYTHON)))'\' >>$@+ @echo NO_UNIX_SOCKETS=\''$(subst ','\'',$(subst ','\'',$(NO_UNIX_SOCKETS)))'\' >>$@+ @echo PAGER_ENV=\''$(subst ','\'',$(subst ','\'',$(PAGER_ENV)))'\' >>$@+ + @echo DC_SHA1=\''$(subst ','\'',$(subst ','\'',$(DC_SHA1)))'\' >>$@+ ifdef TEST_OUTPUT_DIRECTORY @echo TEST_OUTPUT_DIRECTORY=\''$(subst ','\'',$(subst ','\'',$(TEST_OUTPUT_DIRECTORY)))'\' >>$@+ endif @@@ -2249,9 -2267,6 +2264,9 @@@ endi ifdef GIT_PERF_MAKE_OPTS @echo GIT_PERF_MAKE_OPTS=\''$(subst ','\'',$(subst ','\'',$(GIT_PERF_MAKE_OPTS)))'\' >>$@+ endif +ifdef GIT_INTEROP_MAKE_OPTS + @echo GIT_INTEROP_MAKE_OPTS=\''$(subst ','\'',$(subst ','\'',$(GIT_INTEROP_MAKE_OPTS)))'\' >>$@+ +endif ifdef TEST_GIT_INDEX_VERSION @echo TEST_GIT_INDEX_VERSION=\''$(subst ','\'',$(subst ','\'',$(TEST_GIT_INDEX_VERSION)))'\' >>$@+ endif