From 86cfd61e6bc12745751c43b4f69886b290cd85cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Sat, 1 Jul 2017 22:05:46 +0000 Subject: [PATCH 1/2] sha1dc: optionally use sha1collisiondetection as a submodule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add an option to use the sha1collisiondetection library from the submodule in sha1collisiondetection/ instead of in the copy in the sha1dc/ directory. This allows us to try out the submodule in sha1collisiondetection without breaking the build for anyone who's not expecting them as we work out any kinks. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- .gitmodules | 4 ++++ Makefile | 12 ++++++++++++ hash.h | 4 ++++ sha1collisiondetection | 1 + 4 files changed, 21 insertions(+) create mode 100644 .gitmodules create mode 160000 sha1collisiondetection diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000000..cbeebdab7a --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "sha1collisiondetection"] + path = sha1collisiondetection + url = https://github.com/cr-marcstevens/sha1collisiondetection.git + branch = master diff --git a/Makefile b/Makefile index ffa6da71b7..6baad1669e 100644 --- a/Makefile +++ b/Makefile @@ -144,6 +144,12 @@ all:: # algorithm. This is slower, but may detect attempted collision attacks. # Takes priority over other *_SHA1 knobs. # +# Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the +# sha1collisiondetection shipped as a submodule instead of the +# non-submodule copy in sha1dc/. This is an experimental option used +# by the git project to migrate to using sha1collisiondetection as a +# submodule. +# # Define OPENSSL_SHA1 environment variable when running make to link # with the SHA1 routine from openssl library. # @@ -1412,8 +1418,14 @@ ifdef APPLE_COMMON_CRYPTO BASIC_CFLAGS += -DSHA1_APPLE else DC_SHA1 := YesPlease +ifdef DC_SHA1_SUBMODULE + LIB_OBJS += sha1collisiondetection/lib/sha1.o + LIB_OBJS += sha1collisiondetection/lib/ubc_check.o + BASIC_CFLAGS += -DDC_SHA1_SUBMODULE +else LIB_OBJS += sha1dc/sha1.o LIB_OBJS += sha1dc/ubc_check.o +endif BASIC_CFLAGS += \ -DSHA1_DC \ -DSHA1DC_NO_STANDARD_INCLUDES \ diff --git a/hash.h b/hash.h index a11fc9233f..bef3e630a0 100644 --- a/hash.h +++ b/hash.h @@ -8,7 +8,11 @@ #elif defined(SHA1_OPENSSL) #include #elif defined(SHA1_DC) +#ifdef DC_SHA1_SUBMODULE +#include "sha1collisiondetection/lib/sha1.h" +#else #include "sha1dc/sha1.h" +#endif #else /* SHA1_BLK */ #include "block-sha1/sha1.h" #endif diff --git a/sha1collisiondetection b/sha1collisiondetection new file mode 160000 index 0000000000..19d97bf5af --- /dev/null +++ b/sha1collisiondetection @@ -0,0 +1 @@ +Subproject commit 19d97bf5af05312267c2e874ee6bcf584d9e9681 From cac87dc01d30ed8fc00f5b872a7ee7804f7b9ffa Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Sat, 1 Jul 2017 22:05:47 +0000 Subject: [PATCH 2/2] sha1collisiondetection: automatically enable when submodule is populated MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If a user wants to experiment with the version of collision detecting sha1 from the submodule, the user needed to not just populate the submodule but also needed to turn the knob. A Makefile trick is easy enough to do so, so let's do this. When somebody with a copy of the submodule populated wants not to use it, that can be done by overriding it in config.mak or from the command line. Signed-off-by: Junio C Hamano Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 6baad1669e..8d33936a12 100644 --- a/Makefile +++ b/Makefile @@ -989,6 +989,10 @@ EXTLIBS = GIT_USER_AGENT = git/$(GIT_VERSION) +ifeq ($(wildcard sha1collisiondetection/lib/sha1.h),sha1collisiondetection/lib/sha1.h) +DC_SHA1_SUBMODULE = auto +endif + include config.mak.uname -include config.mak.autogen -include config.mak