Makefile: make DC_SHA1 the default
We used to use the SHA1 implementation from the OpenSSL library by default. As we are trying to be careful against collision attacks after the recent "shattered" announcement, switch the default to encourage people to use DC_SHA1 implementation instead. Those who want to use the implementation from OpenSSL can explicitly ask for it by OPENSSL_SHA1=YesPlease when running "make". Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
		
							
								
								
									
										16
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								Makefile
									
									
									
									
									
								
							| @ -146,6 +146,9 @@ all:: | ||||
| # algorithm. This is slower, but may detect attempted collision attacks. | ||||
| # Takes priority over other *_SHA1 knobs. | ||||
| # | ||||
| # Define OPENSSL_SHA1 environment variable when running make to link | ||||
| # with the SHA1 routine from openssl library. | ||||
| # | ||||
| # Define SHA1_MAX_BLOCK_SIZE to limit the amount of data that will be hashed | ||||
| # in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO | ||||
| # wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined. | ||||
| @ -1390,10 +1393,9 @@ ifdef APPLE_COMMON_CRYPTO | ||||
| 	SHA1_MAX_BLOCK_SIZE = 1024L*1024L*1024L | ||||
| endif | ||||
|  | ||||
| ifdef DC_SHA1 | ||||
| 	LIB_OBJS += sha1dc/sha1.o | ||||
| 	LIB_OBJS += sha1dc/ubc_check.o | ||||
| 	BASIC_CFLAGS += -DSHA1_DC | ||||
| ifdef OPENSSL_SHA1 | ||||
| 	EXTLIBS += $(LIB_4_CRYPTO) | ||||
| 	BASIC_CFLAGS += -DSHA1_OPENSSL | ||||
| else | ||||
| ifdef BLK_SHA1 | ||||
| 	LIB_OBJS += block-sha1/sha1.o | ||||
| @ -1407,8 +1409,10 @@ ifdef APPLE_COMMON_CRYPTO | ||||
| 	COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL | ||||
| 	BASIC_CFLAGS += -DSHA1_APPLE | ||||
| else | ||||
| 	EXTLIBS += $(LIB_4_CRYPTO) | ||||
| 	BASIC_CFLAGS += -DSHA1_OPENSSL | ||||
| 	DC_SHA1 := YesPlease | ||||
| 	LIB_OBJS += sha1dc/sha1.o | ||||
| 	LIB_OBJS += sha1dc/ubc_check.o | ||||
| 	BASIC_CFLAGS += -DSHA1_DC | ||||
| endif | ||||
| endif | ||||
| endif | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 Junio C Hamano
					Junio C Hamano