On 29/07/2018 22:06, brian m. carlson wrote:
On Sun, Jul 29, 2018 at 09:48:43PM +0200, Michael wrote:
On 29/07/2018 21:27, brian m. carlson wrote:
Well, that explains it. I would recommend submitting a patch to
https://github.com/cr-marcstevens/sha1collisiondetection, and the we can
pull in the updated submodule with that fix.
Not sure I am smart enough to do that. I'll have to download, build, and see
what it says.
The issue is that somewhere in lib/sha1.c, you need to cause
SHA1DC_BIGENDIAN to be set. That means you need to figure out what
compiler macro might indicate that.
I remember - roughly - a few decades back - having an assignment to
write code to determine endianness. PDP and VAC were different iirc, and
many other micro-processors besides the 8088/8086/z85/68k/etc..
If you are looking for a compiler macro as a way to determine this -
maybe you have one for gcc, but not for xlc. I do not know it - currently :)
I can tell you that a POWER- or
PowerPC-specific one is going to be a bad choice unless it includes the
endianness, since those chips come in little-endian versions as well.
Actually, the POWER8 and POWER9 (and I expect all future versions)
support both. There are not separate chips. Per virtual machine - a mode
is determined during boot (virtual power on) e.g., SLES11 only ran in
BigEndian and SLES12 only runs in LittleEndian. afaik, RHEL was
supplying both BE and LE distributions. AIX, as an OS, only runs in BE
mode, and I expect IBM i (was os/400) is also only running in BE.
_AIX might be a fine choice if you know that it only ever runs on
big-endian chips.
Do you mean just testing for _AIX. That would be very very easy - yes!
In the mean time, you could build using OpenSSL or the block SHA-1
implementation, and switch back once things are in a good state. I do
recommend using SHA1DC for things long term, though, as attacks on SHA-1
are only going to get better.
Any suggestions on where/how to do this?
root@x066:[/data/prj/aixtools/git/git-2.13.2]./configure --help | grep -i
sha
--sharedstatedir=DIR modifiable architecture-independent data
[PREFIX/com]
--datarootdir=DIR read-only arch.-independent data root
[PREFIX/share]
root@x066:[/data/prj/aixtools/git/git-2.13.2]./configure --help | grep ssl
--with-openssl use OpenSSL library (default is YES)
ARG can be prefix for openssl library and headers
If you're using configure, you can use --with-openssl, or
--with-openssl=PREFIX if your OpenSSL isn't in the standard location but
is instead in PREFIX.
I'll look in configure to see if it is not finding openssl. I was
assuming it was found - as everything else using GNU "auto" tools find
it okay. i.e., /var/lib/libssl.a, etc..
Tomorrow!
