From: Junio C Hamano <gitster@pobox.com>
To: git@vger.kernel.org
Cc: Jeff King <peff@peff.net>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 3/3] Makefile: make DC_SHA1 the default
Date: Fri, 17 Mar 2017 10:09:38 -0700 [thread overview]
Message-ID: <20170317170938.20593-4-gitster@pobox.com> (raw)
In-Reply-To: <20170317170938.20593-1-gitster@pobox.com>
We used to use the SHA1 implementation from the OpenSSL library by
default. As we are trying to be careful against collision attacks
after the recent "shattered" announcement, switch the default to
encourage people to use DC_SHA1 implementation instead. Those who
want to use the implementation from OpenSSL can explicitly ask for
it by OPENSSL_SHA1=YesPlease when running "make".
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
Makefile | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/Makefile b/Makefile
index fc9d89498b..fd4421eeb8 100644
--- a/Makefile
+++ b/Makefile
@@ -146,6 +146,9 @@ all::
# algorithm. This is slower, but may detect attempted collision attacks.
# Takes priority over other *_SHA1 knobs.
#
+# Define OPENSSL_SHA1 environment variable when running make to link
+# with the SHA1 routine from openssl library.
+#
# Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed
# in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO
# wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined.
@@ -1390,10 +1393,9 @@ ifdef APPLE_COMMON_CRYPTO
SHA1_MAX_BLOCK_SIZE = 1024L*1024L*1024L
endif
-ifdef DC_SHA1
- LIB_OBJS += sha1dc/sha1.o
- LIB_OBJS += sha1dc/ubc_check.o
- BASIC_CFLAGS += -DSHA1_DC
+ifdef OPENSSL_SHA1
+ EXTLIBS += $(LIB_4_CRYPTO)
+ BASIC_CFLAGS += -DSHA1_OPENSSL
else
ifdef BLK_SHA1
LIB_OBJS += block-sha1/sha1.o
@@ -1407,8 +1409,10 @@ ifdef APPLE_COMMON_CRYPTO
COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL
BASIC_CFLAGS += -DSHA1_APPLE
else
- EXTLIBS += $(LIB_4_CRYPTO)
- BASIC_CFLAGS += -DSHA1_OPENSSL
+ DC_SHA1 := YesPlease
+ LIB_OBJS += sha1dc/sha1.o
+ LIB_OBJS += sha1dc/ubc_check.o
+ BASIC_CFLAGS += -DSHA1_DC
endif
endif
endif
--
2.12.0-317-g32c43f595f
next prev parent reply other threads:[~2017-03-17 17:09 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-16 20:24 [PATCH 0/2] Re-integrate sha1dc Linus Torvalds
2017-03-16 22:04 ` Jeff King
2017-03-16 22:08 ` [PATCH 2/5] sha1dc: adjust header includes for git Jeff King
2017-03-16 22:08 ` [PATCH 3/5] sha1dc: disable safe_hash feature Jeff King
2017-03-16 22:09 ` [PATCH 4/5] Makefile: add USE_SHA1DC knob Jeff King
2017-03-16 22:43 ` Junio C Hamano
2017-03-17 0:11 ` Jeff King
2017-03-17 5:24 ` Junio C Hamano
2017-03-17 11:18 ` Jeff King
2017-03-17 17:09 ` [RFC PATCH 0/3] Git integration update for DC-SHA1 Junio C Hamano
2017-03-17 17:09 ` [PATCH 1/3] Makefile: add DC_SHA1 knob Junio C Hamano
2017-03-17 17:09 ` Junio C Hamano [this message]
2017-03-17 17:41 ` [RFC PATCH 0/3] Git integration update for DC-SHA1 Junio C Hamano
2017-03-17 17:45 ` Jeff King
2017-03-16 22:10 ` [PATCH 0/2] Re-integrate sha1dc Jeff King
2017-03-16 22:23 ` Junio C Hamano
2017-03-17 0:14 ` Jeff King
2017-03-17 5:22 ` Junio C Hamano
2017-03-17 11:22 ` Jeff King
2017-03-16 22:30 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170317170938.20593-4-gitster@pobox.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).