Re: [PATCH 0/5] core: update our SHA-1 docs, use sha1collisiondetection on OSX too

From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: git-packagers@googlegroups.com, git@vger.kernel.org,
	"brian m . carlson" <sandals@crustytoothpaste.net>,
	Carlo Arenas <carenas@gmail.com>, Mike Hommey <mh@glandium.org>,
	Eric Sunshine <sunshine@sunshineco.com>,
	git-packagers <git-packagers@googlegroups.com>,
	Tim Harper <timcharper@gmail.com>, Jeff King <peff@peff.org>
Subject: Re: [PATCH 0/5] core: update our SHA-1 docs, use sha1collisiondetection on OSX too
Date: Thu, 26 May 2022 21:02:54 +0200	[thread overview]
Message-ID: <220526.86ilps3yk4.gmgdl@evledraar.gmail.com> (raw)
In-Reply-To: <220519.86k0ah2ryh.gmgdl@evledraar.gmail.com>

On Thu, May 19 2022, Ævar Arnfjörð Bjarmason wrote:

> On Fri, Apr 22 2022, Junio C Hamano wrote:
>
>> Ævar Arnfjörð Bjarmason  <avarab@gmail.com> writes:
>>
>>> I wasn't able to find any on-list references to it being intentional,
>>> but it appears that while we made the sha1collisiondetection variant
>>> of SHA-1 the default in early 2017 we've never updated the OSX builds
>>> to do likewise.
>>>
>>> I don't know what various git packages for OSX to, but our vanilla OSX
>>> distribution definitely uses Apple Common Crypto, and won't detect the
>>> https://shattered.io attack.
>>>
>>> This series changes that, and while doing so in 2/5 updates our
>>> documentation and Makefile interface for the SHA-1 selection. Our
>>> INSTALL file was still claiming we used OpenSSL's SHA-1 by default.
>>>
>>> Then since we'd made sha1collisiondetection the default we hadn't
>>> changed the code's default fallback to be that, it was still
>>> block-sha1. Now our fallback behavior is "error" instead, which makes
>>> it less likely that we'll get some foot-gun like the "OSX not using
>>> sha1collisiondetection" again.
>>>
>>> The 4/5 and 5/5 then remove the PPC_SHA1 implementation. I submitted
>>> this before as [1], and the range-diff is to that submission (it
>>> wasn't picked up). I think it makes sense as part of this general
>>> SHA-1 cleanup.
>>
>> Thanks for this effort.
>>
>> I'd like to see somebody with "building Git for distributing to
>> macOS" background to comment (I am assuming that the mailing list
>> git-packagers@googlegroups.com is the way to reach them).
>
> *Bump* in case anyone there would like to chime on this bit of OSX
> portability.
>
> I also sent an off-list E-Mail to Tim Harper today, and addresses which
> I gather (from some old git-security@ traffic) are involved in packaging
> the Apple Git shipped with OSX itself.
>
> In the meantime do you mind if this topic were queued up? If there are
> any lingering portability concerns getting it into CI and exposed to
> anyone else building on OSX would be a good thing.
>
> I don't see any reason for why we'd decide that OSX out of all our
> supported platforms should be the only one where we're not mitigating
> the SHAttered attack (and similar future attacks) by default.
>
> So aside from any finer details of OSX portability the direction here of
> building with sha1collisiondetection by default on OSX by default seems
> like a safe bet, just as we do on the rest of our (checks out
> config.mak.uname) 20+ supported platforms (per `uname -s`).

Update: I didn't get a reply from Tim or the people I E-Mailed
@apple.com a week ago.

Junio: I still think it makes sense to just queue this anyway & finally
get the OSX build to use the SHAttered mitigation sha1collisiondetection
gives us by default.