On Sun, Jul 29, 2018 at 09:48:43PM +0200, Michael wrote: > On 29/07/2018 21:27, brian m. carlson wrote: > > Well, that explains it. I would recommend submitting a patch to > > https://github.com/cr-marcstevens/sha1collisiondetection, and the we can > > pull in the updated submodule with that fix. > Not sure I am smart enough to do that. I'll have to download, build, and see > what it says. The issue is that somewhere in lib/sha1.c, you need to cause SHA1DC_BIGENDIAN to be set. That means you need to figure out what compiler macro might indicate that. I can tell you that a POWER- or PowerPC-specific one is going to be a bad choice unless it includes the endianness, since those chips come in little-endian versions as well. _AIX might be a fine choice if you know that it only ever runs on big-endian chips. > > In the mean time, you could build using OpenSSL or the block SHA-1 > > implementation, and switch back once things are in a good state. I do > > recommend using SHA1DC for things long term, though, as attacks on SHA-1 > > are only going to get better. > Any suggestions on where/how to do this? > > root@x066:[/data/prj/aixtools/git/git-2.13.2]./configure --help | grep -i > sha > --sharedstatedir=DIR modifiable architecture-independent data > [PREFIX/com] > --datarootdir=DIR read-only arch.-independent data root > [PREFIX/share] > > root@x066:[/data/prj/aixtools/git/git-2.13.2]./configure --help | grep ssl > --with-openssl use OpenSSL library (default is YES) > ARG can be prefix for openssl library and headers If you're using configure, you can use --with-openssl, or --with-openssl=PREFIX if your OpenSSL isn't in the standard location but is instead in PREFIX. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204
Attachment:
signature.asc
Description: PGP signature