diff --git a/Makefile b/Makefile index f2bb7f2f63..68948dfbf3 100644 --- a/Makefile +++ b/Makefile @@ -162,6 +162,11 @@ all:: # algorithm. This is slower, but may detect attempted collision attacks. # Takes priority over other *_SHA1 knobs. # +# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link +# git with the external SHA1 collision-detect library. +# Without this option, i.e. the default behavior is to build git with its +# own built-in code (or submodule). +# # Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the # sha1collisiondetection shipped as a submodule instead of the # non-submodule copy in sha1dc/. This is an experimental option used @@ -1475,6 +1480,15 @@ ifdef APPLE_COMMON_CRYPTO BASIC_CFLAGS += -DSHA1_APPLE else DC_SHA1 := YesPlease + BASIC_CFLAGS += -DSHA1_DC + LIB_OBJS += sha1dc_git.o +ifdef DC_SHA1_EXTERNAL + ifdef DC_SHA1_SUBMODULE +$(error Only set DC_SHA1_EXTERNAL or DC_SHA1_SUBMODULE, not both) + endif + BASIC_CFLAGS += -DDC_SHA1_EXTERNAL + EXTLIBS += -lsha1detectcoll +else ifdef DC_SHA1_SUBMODULE LIB_OBJS += sha1collisiondetection/lib/sha1.o LIB_OBJS += sha1collisiondetection/lib/ubc_check.o @@ -1484,17 +1498,15 @@ else LIB_OBJS += sha1dc/ubc_check.o endif BASIC_CFLAGS += \ - -DSHA1_DC \ -DSHA1DC_NO_STANDARD_INCLUDES \ -DSHA1DC_INIT_SAFE_HASH_DEFAULT=0 \ -DSHA1DC_CUSTOM_INCLUDE_SHA1_C="\"cache.h\"" \ - -DSHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C="\"sha1dc_git.c\"" \ - -DSHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H="\"sha1dc_git.h\"" \ -DSHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C="\"git-compat-util.h\"" endif endif endif endif +endif ifdef SHA1_MAX_BLOCK_SIZE LIB_OBJS += compat/sha1-chunked.o diff --git a/hash.h b/hash.h index bef3e630a0..024d0d3d50 100644 --- a/hash.h +++ b/hash.h @@ -8,11 +8,7 @@ #elif defined(SHA1_OPENSSL) #include #elif defined(SHA1_DC) -#ifdef DC_SHA1_SUBMODULE -#include "sha1collisiondetection/lib/sha1.h" -#else -#include "sha1dc/sha1.h" -#endif +#include "sha1dc_git.h" #else /* SHA1_BLK */ #include "block-sha1/sha1.h" #endif diff --git a/sha1dc_git.c b/sha1dc_git.c index 4d32b4f77e..e0cc9d988c 100644 --- a/sha1dc_git.c +++ b/sha1dc_git.c @@ -1,8 +1,19 @@ -/* - * This code is included at the end of sha1dc/sha1.c with the - * SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C macro. - */ +#include "cache.h" +#ifdef DC_SHA1_EXTERNAL +/* + * Same as SHA1DCInit, but with default save_hash=0 + */ +void git_SHA1DCInit(SHA1_CTX *ctx) +{ + SHA1DCInit(ctx); + SHA1DCSetSafeHash(ctx, 0); +} +#endif + +/* + * Same as SHA1DCFinal, but convert collision attack case into a verbose die(). + */ void git_SHA1DCFinal(unsigned char hash[20], SHA1_CTX *ctx) { if (!SHA1DCFinal(hash, ctx)) @@ -11,6 +22,9 @@ void git_SHA1DCFinal(unsigned char hash[20], SHA1_CTX *ctx) sha1_to_hex(hash)); } +/* + * Same as SHA1DCUpdate, but adjust types to match git's usual interface. + */ void git_SHA1DCUpdate(SHA1_CTX *ctx, const void *vdata, unsigned long len) { const char *data = vdata; diff --git a/sha1dc_git.h b/sha1dc_git.h index a8a5c1da16..a8c2729278 100644 --- a/sha1dc_git.h +++ b/sha1dc_git.h @@ -1,19 +1,23 @@ -/* - * This code is included at the end of sha1dc/sha1.h with the - * SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H macro. - */ +/* Plumbing with collition-detecting SHA1 code */ + +#ifdef DC_SHA1_SUBMODULE +#include "sha1collisiondetection/lib/sha1.h" +#elif defined(DC_SHA1_EXTERNAL) +#include +#else +#include "sha1dc/sha1.h" +#endif + +#ifdef DC_SHA1_EXTERNAL +void git_SHA1DCInit(SHA1_CTX *); +#else +#define git_SHA1DCInit SHA1DCInit +#endif -/* - * Same as SHA1DCFinal, but convert collision attack case into a verbose die(). - */ void git_SHA1DCFinal(unsigned char [20], SHA1_CTX *); - -/* - * Same as SHA1DCUpdate, but adjust types to match git's usual interface. - */ void git_SHA1DCUpdate(SHA1_CTX *ctx, const void *data, unsigned long len); #define platform_SHA_CTX SHA1_CTX -#define platform_SHA1_Init SHA1DCInit +#define platform_SHA1_Init git_SHA1DCInit #define platform_SHA1_Update git_SHA1DCUpdate #define platform_SHA1_Final git_SHA1DCFinal