diff options
| author |  Takashi Iwai <tiwai@suse.de> | 2017-08-15 14:04:17 +0200 |
|---|---|---|
| committer |  Junio C Hamano <gitster@pobox.com> | 2017-08-16 14:44:25 -0700 |
| commit | 3964cbbb5c30609ebd795a979074251cf59436c3 (patch) | |
| tree | 28229c037201ab52741cefa13fb4756d5054ae7d | |
| parent | sha1dc: build git plumbing code more explicitly (diff) | |
| download | tgif-3964cbbb5c30609ebd795a979074251cf59436c3.tar.xz | |
sha1dc: allow building with the external sha1dc library
Some distros provide SHA1 collision-detect code as a shared library.
It's the same code as we have in git tree (but may be with a different
init default for hash), and git can link with it as well; at least, it
may make maintenance easier, according to our security guys.
This patch allows user to build git linking with the external sha1dc
library instead of the built-in code. User needs to define
DC_SHA1_EXTERNAL explicitly. As default without it, the built-in
sha1dc code is used like before.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | Makefile | 13 | ||||
| -rw-r--r-- | sha1dc_git.c | 11 | ||||
| -rw-r--r-- | sha1dc_git.h | 10 |
3 files changed, 33 insertions, 1 deletions
@@ -162,6 +162,11 @@ all:: # algorithm. This is slower, but may detect attempted collision attacks. # Takes priority over other *_SHA1 knobs. # +# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link +# git with the external SHA1 collision-detect library. +# Without this option, i.e. the default behavior is to build git with its +# own built-in code (or submodule). +# # Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the # sha1collisiondetection shipped as a submodule instead of the # non-submodule copy in sha1dc/. This is an experimental option used @@ -1474,6 +1479,13 @@ else DC_SHA1 := YesPlease BASIC_CFLAGS += -DSHA1_DC LIB_OBJS += sha1dc_git.o +ifdef DC_SHA1_EXTERNAL + ifdef DC_SHA1_SUBMODULE +$(error Only set DC_SHA1_EXTERNAL or DC_SHA1_SUBMODULE, not both) + endif + BASIC_CFLAGS += -DDC_SHA1_EXTERNAL + EXTLIBS += -lsha1detectcoll +else ifdef DC_SHA1_SUBMODULE LIB_OBJS += sha1collisiondetection/lib/sha1.o LIB_OBJS += sha1collisiondetection/lib/ubc_check.o @@ -1491,6 +1503,7 @@ endif endif endif endif +endif ifdef SHA1_MAX_BLOCK_SIZE LIB_OBJS += compat/sha1-chunked.o diff --git a/sha1dc_git.c b/sha1dc_git.c index 79466414f8..e0cc9d988c 100644 --- a/sha1dc_git.c +++ b/sha1dc_git.c @@ -1,5 +1,16 @@ #include "cache.h" +#ifdef DC_SHA1_EXTERNAL +/* + * Same as SHA1DCInit, but with default save_hash=0 + */ +void git_SHA1DCInit(SHA1_CTX *ctx) +{ + SHA1DCInit(ctx); + SHA1DCSetSafeHash(ctx, 0); +} +#endif + /* * Same as SHA1DCFinal, but convert collision attack case into a verbose die(). */ diff --git a/sha1dc_git.h b/sha1dc_git.h index af3e9514bc..a8c2729278 100644 --- a/sha1dc_git.h +++ b/sha1dc_git.h @@ -2,14 +2,22 @@ #ifdef DC_SHA1_SUBMODULE #include "sha1collisiondetection/lib/sha1.h" +#elif defined(DC_SHA1_EXTERNAL) +#include <sha1dc/sha1.h> #else #include "sha1dc/sha1.h" #endif +#ifdef DC_SHA1_EXTERNAL +void git_SHA1DCInit(SHA1_CTX *); +#else +#define git_SHA1DCInit SHA1DCInit +#endif + void git_SHA1DCFinal(unsigned char [20], SHA1_CTX *); void git_SHA1DCUpdate(SHA1_CTX *ctx, const void *data, unsigned long len); #define platform_SHA_CTX SHA1_CTX -#define platform_SHA1_Init SHA1DCInit +#define platform_SHA1_Init git_SHA1DCInit #define platform_SHA1_Update git_SHA1DCUpdate #define platform_SHA1_Final git_SHA1DCFinal |