summaryrefslogtreecommitdiffstats
path: root/Makefile
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2017-03-24 21:07:38 +0100
committerJunio C Hamano <gitster@pobox.com>2017-03-24 21:07:38 +0100
commit48b3693d3cec7bd7996b1394a8df901d1fc26320 (patch)
treee3565517c9a75e63c6d216f3044f39f679c9bc75 /Makefile
parentMerge branch 'sg/test-with-stdin' (diff)
parentMakefile: make DC_SHA1 the default (diff)
downloadgit-48b3693d3cec7bd7996b1394a8df901d1fc26320.tar.xz
git-48b3693d3cec7bd7996b1394a8df901d1fc26320.zip
Merge branch 'jk/sha1dc'
The "detect attempt to create collisions" variant of SHA-1 implementation by Marc Stevens (CWI) and Dan Shumow (Microsoft) has been integrated and made the default. * jk/sha1dc: Makefile: make DC_SHA1 the default t0013: add a basic sha1 collision detection test Makefile: add DC_SHA1 knob sha1dc: disable safe_hash feature sha1dc: adjust header includes for git sha1dc: add collision-detecting sha1 implementation
Diffstat (limited to 'Makefile')
-rw-r--r--Makefile19
1 files changed, 17 insertions, 2 deletions
diff --git a/Makefile b/Makefile
index a5a11e721a..c80fec2920 100644
--- a/Makefile
+++ b/Makefile
@@ -140,6 +140,13 @@ all::
# Define PPC_SHA1 environment variable when running make to make use of
# a bundled SHA1 routine optimized for PowerPC.
#
+# Define DC_SHA1 to unconditionally enable the collision-detecting sha1
+# algorithm. This is slower, but may detect attempted collision attacks.
+# Takes priority over other *_SHA1 knobs.
+#
+# Define OPENSSL_SHA1 environment variable when running make to link
+# with the SHA1 routine from openssl library.
+#
# Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed
# in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO
# wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined.
@@ -1383,6 +1390,10 @@ ifdef APPLE_COMMON_CRYPTO
SHA1_MAX_BLOCK_SIZE = 1024L*1024L*1024L
endif
+ifdef OPENSSL_SHA1
+ EXTLIBS += $(LIB_4_CRYPTO)
+ BASIC_CFLAGS += -DSHA1_OPENSSL
+else
ifdef BLK_SHA1
LIB_OBJS += block-sha1/sha1.o
BASIC_CFLAGS += -DSHA1_BLK
@@ -1395,8 +1406,11 @@ ifdef APPLE_COMMON_CRYPTO
COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL
BASIC_CFLAGS += -DSHA1_APPLE
else
- EXTLIBS += $(LIB_4_CRYPTO)
- BASIC_CFLAGS += -DSHA1_OPENSSL
+ DC_SHA1 := YesPlease
+ LIB_OBJS += sha1dc/sha1.o
+ LIB_OBJS += sha1dc/ubc_check.o
+ BASIC_CFLAGS += -DSHA1_DC
+endif
endif
endif
endif
@@ -2223,6 +2237,7 @@ GIT-BUILD-OPTIONS: FORCE
@echo NO_PYTHON=\''$(subst ','\'',$(subst ','\'',$(NO_PYTHON)))'\' >>$@+
@echo NO_UNIX_SOCKETS=\''$(subst ','\'',$(subst ','\'',$(NO_UNIX_SOCKETS)))'\' >>$@+
@echo PAGER_ENV=\''$(subst ','\'',$(subst ','\'',$(PAGER_ENV)))'\' >>$@+
+ @echo DC_SHA1=\''$(subst ','\'',$(subst ','\'',$(DC_SHA1)))'\' >>$@+
ifdef TEST_OUTPUT_DIRECTORY
@echo TEST_OUTPUT_DIRECTORY=\''$(subst ','\'',$(subst ','\'',$(TEST_OUTPUT_DIRECTORY)))'\' >>$@+
endif