Little endian platforms on all *BSD variants are broken since commit 33a694a9ee1b, because _BIG_ENDIAN is always defined even on little endian platforms.

problem found by nonaka at NetBSD.org

Compiling on macOS requires a few changes to the Makefile and some really trivial changes to some source files (only white space!) because Clang seems to be more strict to the standard.

First issue was resolving compile errors regarding missing newline characters at the end of some source files as this is required by the standard (error: no newline at end of file).

A slightly more complicated issue was Clang complaining about that "ISO C requires a translation unit to contain at least one declaration" which was caused by an empty source file because an #ifdef was false. This issue was resolved by only adding these source files when they are needed. Propably the defines (HAVE_MMX, HAVE_SSE, etc.) can be left out.

Lastly a check was introduced to set compiler flags and file extensions required or specific for macOS.

Additionally a few smaller issues in the Makefile where resolved:

• the "bin" folder is not created (perhaps this was not noticed as the "clean" target does not remove the "bin" folder)
• the "clean" taget now removes the "bin" folder to get a cleaner state

I did not check if building still works on Linux. I suspect at least one change (line 137/158: change from ${LD} to ${CC}) could cause a little trouble. It would be nice if someone could check this out.

The default make that ships with the latest Xcode or Mac OS Yosemite does not honor the president going to the most specialized suffix rule: as a result the SIMD compile time flags don't get added and clang chokes trying to compile some of the avx356 code because -mavx2 doesn't get passed. See #4 for additional discussion.

This is a rework of PR #4 which was split into smaller PRs which where not related to macOS only. This PR waschanged to reflect the changes which were made in the mean time.

Compiling on macOS requires following changes to the Makefile:

Some checks were introduced to set compiler flags and file extensions required or specific for macOS.

Additionally the order of general pattern rules was changed. The sets of patterns to match certain source files for different CPU features are based on suffixes in their filenames. make on Linux seems to pick the most specific rule whereas make shipped with Xcode does pick the first and therefore disregards the remaining rules. This was fixed by rearranging the rules from most specific to most general. This potentially fixes issue #10.

I did not check if building still works on Linux. I suspect at least one change (line 137/158: change from ${LD} to ${CC}) could cause a little trouble. It would be nice if someone could check this out.

The 2.13.2 git release with the latest sha1collisiondetection master still broke on Solaris SPARC. These are two commits.

The first one is a failed attempt (there seems to be no sun macro, despite what Oracle's docs say, maybe only the latest version?), it's left there for the git history.

The second one rewrites the Big Endian detection completely based on my investigations into how gcc/glibc etc. and finally Solaris have exported specific macros indicating what the endianness is over time.

This hopefully solves the Solaris bug (I've had reports from two SPARC users that it works), doesn't introduce any regressions, and makes the detection easier to understand going forward.

Besides the gcc flags (see PR #41) there is also the issue that dependent files are not generated.

[email protected]:[/data/prj/aixtools/git]git clone https://github.com/cr-marcstevens/sha1collisiondetection.git sha1test Cloning into 'sha1test'... remote: Counting objects: 864, done. remote: Total 864 (delta 0), reused 0 (delta 0), pack-reused 864 Receiving objects: 100% (864/864), 602.00 KiB | 552.00 KiB/s, done. Resolving deltas: 100% (560/560), done. [email protected]:[/data/prj/aixtools/git]cd sha1test [email protected]:[/data/prj/aixtools/git/sha1test]ls -l total 96 drwxr-sr-x 8 root felt 4096 Jul 30 06:38 .git -rw-r--r-- 1 root felt 422 Jul 30 06:38 .gitignore -rw-r--r-- 1 root felt 396 Jul 30 06:38 .travis.yml -rw-r--r-- 1 root felt 1270 Jul 30 06:38 LICENSE.txt -rw-r--r-- 1 root felt 5215 Jul 30 06:38 Makefile -rw-r--r-- 1 root felt 5786 Jul 30 06:38 README.md drwxr-sr-x 2 root felt 4096 Jul 30 06:38 lib drwxr-sr-x 2 root felt 4096 Jul 30 06:38 src drwxr-sr-x 2 root felt 4096 Jul 30 06:38 test drwxr-sr-x 4 root felt 4096 Jul 30 06:38 vs2015 [email protected]:[/data/prj/aixtools/git/sha1test]make mkdir -p dep_lib && cc -O2 -Wall -Werror -Wextra -pedantic -std=c90 -Ilib -M -MF dep_lib/sha1.d lib/sha1.c cc: 1501-210 (S) command option Wall contains an incorrect subargument mkdir -p dep_lib && cc -O2 -Wall -Werror -Wextra -pedantic -std=c90 -Ilib -M -MF dep_lib/ubc_check.d lib/ubc_check.c cc: 1501-210 (S) command option Wall contains an incorrect subargument mkdir -p dep_src && cc -O2 -Wall -Werror -Wextra -pedantic -std=c90 -Ilib -M -MF dep_src/main.d src/main.c cc: 1501-210 (S) command option Wall contains an incorrect subargument make: *** No rule to make target 'dep_lib/ubc_check.d', needed by 'obj_lib/ubc_check.lo'. Stop.

The library supports both an indicator flag that applications can check and act on, as well as a special safe-hash mode that returns the real SHA-1 hash when no collision was detected and a different safe hash when a collision was detected. Colliding files will have the same SHA-1 hash, but will have different unpredictable safe-hashes. This essentially enables protection of applications against SHA-1 collisions with no further changes in the application, e.g., digital signature forgeries based on SHA-1 collisions automatically become invalid.

Please clarify strength of the "safe hash"? Why it's not vulnerable to SHA-1 weaknesses?

HP-UX is not properly detected and classified as little endian. Add test macro for HP-UX to make it big endian.

Based on the discussion on the Git mailing list, here is the upstream patch for HP-UX detection.

Hopefully fix the issue with AIX falling through this detection logic and being detected as Little Endian reported on the Git mailing list, see https://public-inbox.org/git/[email protected]/

Attempt to solve this by extending the existing fallback we have for detecting always Big Endian processors to also detecting always Big Endian OSs. See the public-inbox link in the comment I'm adding for why this should work.

I have not tested this myself, since I have no access to AIX. I'll be pointing Michael Felt to the relevant MR so he can test it before this is merged.

This introduces no functional changes, but allows the lib/ code to be used as-is in other programs without patching these files directly.

With these changes the git project can use this code without any modifications to the upstream code.

This is used by a patch series I've just submitted as an RFC against git.git: https://public-inbox.org/git/[email protected]/T/#u

Currently that patch series points at my fork, but it would be great if you could merge this (or if you'd like to have this done differently, I'm happy to change it), then projects like git could use your code as-is via either a submodule, or just by copying the code as-is with no customizations to the files themselves, only to the Makefile that makes use of them.

Dear Marc Stevens and Dan Shumow, There are a variety of tools to calculate SHA1 that could benefit from including your library. But what’s the proper argumentation to move its authors to do that? For example, I asked RHash’s author to “reinforce SHA1 against collisions” which led to confusion.

The words "whitelist" and "blacklist" have cultural implications that are not inclusive. The words "allowlist" and "denylist" are self-descriptive without requiring cultural implications to understand the words in context.

A similar set of changes were sent to the Git project, but in those cases the words could be removed by rephrasing the sentences that used them, increasing clarity. In this example, the terms are used concretely enough that rephrasing would decrease clarity. Thus, a relatively mechanical replacement was applied.

These changes only affect comment lines, nothing functional.

I was redirected here after trying to make similar changes in the Git codebase [1], forgetting that this file is maintained in this repository.

Thanks for considering this change!

[1] https://lore.kernel.org/git/[email protected]

I downloaded the sample PDFs and uploaded them to the file checker at https://shattered.io/ and it says that they're safe. Tesed on Chrome and Firefox. Wasn't sure where to post about the issue, so hopefully this works.

It looks like the block where the collision is detected is re-compressed in some way, but I'm not enough of a C developer to be sure I understand what I'm reading. Is this documented anywhere?

These files contain the following note:

// this file was generated by the 'parse_bitrel' program in the tools section
// using the data files from directory 'tools/data/3565'

However, that directory does not exist.