1

I'm not really familiar with Perl, but I've been searching in the documentation and other sources without success for the last 2 days. In the documentation, it is written:

Perl v5.18 includes support for multiple hash functions, and changed the default (to ONE_AT_A_TIME_HARD), you can choose a different algorithm by defining a symbol at compile time. For a current list, consult the INSTALL document. Note that as of Perl v5.18 we can only recommend use of the default or SIPHASH. All the others are known to have security issues and are for research purposes only.

The thing is that neither in INSTALL document nor in other sources/sites etc. I can find how to define this symbol.

What I want to do is to change the default ONE_AT_A_TIME_HARD hash function to ONE_AT_A_TIME_OLD so I can simulate the old Perl 5.16 behavior.

lingo
  • 1,848
  • 6
  • 28
  • 56
afe
  • 43
  • 4
  • 1
    Why are you trying to do this? It's not a good idea. This sounds like an XY problem. – Sobrique Aug 14 '15 at 08:53
  • I need to run a lot of test cases written in perl 5.16 whose functionality depends on the old hash implementation and it's quite impossible to change the code as the cases are hundreds. – afe Aug 14 '15 at 08:55
  • 1
    Your code relies on the ordering from a datatype that is explicitly _not_ ordered? – Sobrique Aug 14 '15 at 08:56
  • The problem is that it is not my code. I was just assigned the task to find a way to simulate the old 5.16 behavior and the code I received is huge and a mess actually. So instead of sorting thousands of hashes, I prefer to check if I can get the same behavior by changing to the old algorithm.Security is not an issue in this case. Do you know how I can do this? – afe Aug 14 '15 at 08:59
  • Yes. Add `-DPERL_HASH_FUNC_ONE_AT_A_TIME_HARD` to the `Configure` commmand. But it's really incredibly dirty, because it's not a problem you _should_ be having in the first place, because all it does is adjust the default ordering of something that's defined as "not ordered". – Sobrique Aug 14 '15 at 09:01
  • Although, that's the _new_ default in 5.18, so that's probably not what you're looking for. – Sobrique Aug 14 '15 at 09:10
  • 1
    Actually, if you need to maintain code that -requires- 5.16, then you probably just want to be using perl-5.16. If your tests aren't working with newer versions - out of the box - then the code is due a rewrite. – Sobrique Aug 14 '15 at 09:26

1 Answers1

5

This sounds like an XY problem. What are you trying to accomplish by forcibly downgrading the hash algorithm in perl to one that has known problems?

From comments:

I need to run a lot of test cases written in perl 5.16 whose functionality depends on the old hash implementation and it's quite impossible to change the code as the cases are hundreds.

Whew, that's bad news. Find those developers, and hit them around the head with a copy perldata:

Hashes are unordered collections of scalar values indexed by their associated string key.

Specifically - if this is a problem for you, it means your codebase treats hashes as ordered, when they aren't and never were. (It's just they were fairly consistent before 5.18 and more random after).

From perldelta:

When encountering these changes, the key to cleaning up from them is to accept that hashes are unordered collections and to act accordingly.

See: http://blog.booking.com/hardening-perls-hash-function.html

To answer your question - if you really must:

./Configure -DPERL_HASH_FUNC_ONE_AT_A_TIME_OLD -des && make && make test

But it's a very very bad idea, because as the INSTALL file in your perl source package points out:

Note that as of Perl 5.18 we can only recommend the use of default or SIPHASH. All the others are known to have security issues and are for research purposes only.

By building your perl this way you introduce a known security flaw for every perl program using it.

Note - ONE_AT_A_TIME_HARD is the new default, so this won't change how perl 5.18 works. You may mean PERL_HASH_FUNC_ONE_AT_A_TIME_OLD

Sobrique
  • 52,974
  • 7
  • 60
  • 101
  • Dunno if I'm doing something the wrong way,tried but this is what I get :Can't open perl script "Configure": Permission denied. I have to say that i'm in Windows environment – afe Aug 14 '15 at 09:13
  • Ah, this would not be helping - you're going to have to rebuild your perl from source to make this go. Perl supplies a `Configure` script within the source tarball to set up OS specific stuff. I've never tried a source build of `perl` on Windows, so I'm afraid I can't advise further. (Usually just install Activeperl or Strawberry - but this won't help you, because you need to change a compliation parameter). – Sobrique Aug 14 '15 at 09:17
  • Yes,actually we are using Activeperl and I have no idea how to change this parameter and build perl from source.We have contacted the support and we are waiting for an answer.Still if someone here has any useful info, I'll be glad to hear.Thanks anyway. – afe Aug 14 '15 at 10:22
  • Activeperl is compiled and built by Activestate. That's part of why they offer support contracts for business editions. But seriously - this change hasn't actually _broken_ anything, because hashes never were reliable in their key ordering. That your code relies on this means you have some bugs in there that need fixing - all this update did was make it more obvious you have a problem, not introduce it. – Sobrique Aug 14 '15 at 10:35
  • 3
    To expand a little one what Sobrique said, hash key order has been randomized since Perl 5.8. All 5.18 did is make it happen more often. If your code can't handle the change, it's buggy, and has always been. – ikegami Aug 14 '15 at 11:01
  • As for building Perl on Windows, read `README.win32` in the Perl distro. – ikegami Aug 14 '15 at 11:05