THIS IS A TEST INSTANCE ONLY! REPOSITORIES CAN BE DELETED AT ANY TIME!

Browse Source

sha1dc: allow building with the external sha1dc library

Some distros provide SHA1 collision-detect code as a shared library.
It's the same code as we have in git tree (but may be with a different
init default for hash), and git can link with it as well; at least, it
may make maintenance easier, according to our security guys.

This patch allows user to build git linking with the external sha1dc
library instead of the built-in code.  User needs to define
DC_SHA1_EXTERNAL explicitly.  As default without it, the built-in
sha1dc code is used like before.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
tags/v2.15.0-rc0
Takashi Iwai Junio C Hamano 2 years ago
parent
commit
3964cbbb5c
3 changed files with 33 additions and 1 deletions
  1. 13
    0
      Makefile
  2. 11
    0
      sha1dc_git.c
  3. 9
    1
      sha1dc_git.h

+ 13
- 0
Makefile View File

@@ -162,6 +162,11 @@ all::
# algorithm. This is slower, but may detect attempted collision attacks.
# Takes priority over other *_SHA1 knobs.
#
# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link
# git with the external SHA1 collision-detect library.
# Without this option, i.e. the default behavior is to build git with its
# own built-in code (or submodule).
#
# Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the
# sha1collisiondetection shipped as a submodule instead of the
# non-submodule copy in sha1dc/. This is an experimental option used
@@ -1474,6 +1479,13 @@ else
DC_SHA1 := YesPlease
BASIC_CFLAGS += -DSHA1_DC
LIB_OBJS += sha1dc_git.o
ifdef DC_SHA1_EXTERNAL
ifdef DC_SHA1_SUBMODULE
$(error Only set DC_SHA1_EXTERNAL or DC_SHA1_SUBMODULE, not both)
endif
BASIC_CFLAGS += -DDC_SHA1_EXTERNAL
EXTLIBS += -lsha1detectcoll
else
ifdef DC_SHA1_SUBMODULE
LIB_OBJS += sha1collisiondetection/lib/sha1.o
LIB_OBJS += sha1collisiondetection/lib/ubc_check.o
@@ -1491,6 +1503,7 @@ endif
endif
endif
endif
endif

ifdef SHA1_MAX_BLOCK_SIZE
LIB_OBJS += compat/sha1-chunked.o

+ 11
- 0
sha1dc_git.c View File

@@ -1,5 +1,16 @@
#include "cache.h"

#ifdef DC_SHA1_EXTERNAL
/*
* Same as SHA1DCInit, but with default save_hash=0
*/
void git_SHA1DCInit(SHA1_CTX *ctx)
{
SHA1DCInit(ctx);
SHA1DCSetSafeHash(ctx, 0);
}
#endif

/*
* Same as SHA1DCFinal, but convert collision attack case into a verbose die().
*/

+ 9
- 1
sha1dc_git.h View File

@@ -2,14 +2,22 @@

#ifdef DC_SHA1_SUBMODULE
#include "sha1collisiondetection/lib/sha1.h"
#elif defined(DC_SHA1_EXTERNAL)
#include <sha1dc/sha1.h>
#else
#include "sha1dc/sha1.h"
#endif

#ifdef DC_SHA1_EXTERNAL
void git_SHA1DCInit(SHA1_CTX *);
#else
#define git_SHA1DCInit SHA1DCInit
#endif

void git_SHA1DCFinal(unsigned char [20], SHA1_CTX *);
void git_SHA1DCUpdate(SHA1_CTX *ctx, const void *data, unsigned long len);

#define platform_SHA_CTX SHA1_CTX
#define platform_SHA1_Init SHA1DCInit
#define platform_SHA1_Init git_SHA1DCInit
#define platform_SHA1_Update git_SHA1DCUpdate
#define platform_SHA1_Final git_SHA1DCFinal

Loading…
Cancel
Save