help: include unsafe SHA-1 build info in version · freshlybakedca.ke/git@6cf6544

Git fork

help: include unsafe SHA-1 build info in version

In 06c92dafb8 (Makefile: allow specifying a SHA-1 for non-cryptographic
uses, 2024-09-26), support for unsafe SHA-1 is added. Add the unsafe
SHA-1 build info to `git version --build-info` and update corresponding
documentation.

Signed-off-by: Justin Tobler <jltobler@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

authored by

Justin Tobler and committed by

Junio C Hamano 11 months ago 6cf65440 16fd6c85

+10 -1

3 changed files

expand all

unified split

Documentation

git-version.adoc

hash.h

help.c

+3 -1

Documentation/git-version.adoc

··· 27 27 in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1 28 28 options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision 29 29 detection algorithm and thus may be vulnerable to known SHA-1 collision 30 - attacks. 30 + attacks. When a faster SHA-1 implementation without collision detection is used 31 + for only non-cryptographic purposes, the algorithm is displayed in the form 32 + `non-collision-detecting-SHA-1: <option>`. 31 33 32 34 GIT 33 35 ---

hash.h

··· 20 20 #endif 21 21 22 22 #if defined(SHA1_APPLE_UNSAFE) 23 + # define SHA1_UNSAFE_BACKEND "SHA1_APPLE_UNSAFE" 23 24 # include <CommonCrypto/CommonDigest.h> 24 25 # define platform_SHA_CTX_unsafe CC_SHA1_CTX 25 26 # define platform_SHA1_Init_unsafe CC_SHA1_Init 26 27 # define platform_SHA1_Update_unsafe CC_SHA1_Update 27 28 # define platform_SHA1_Final_unsafe CC_SHA1_Final 28 29 #elif defined(SHA1_OPENSSL_UNSAFE) 30 + # define SHA1_UNSAFE_BACKEND "SHA1_OPENSSL_UNSAFE" 29 31 # include <openssl/sha.h> 30 32 # if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3 31 33 # define SHA1_NEEDS_CLONE_HELPER_UNSAFE ··· 42 44 # define platform_SHA1_Final_unsafe SHA1_Final 43 45 # endif 44 46 #elif defined(SHA1_BLK_UNSAFE) 47 + # define SHA1_UNSAFE_BACKEND "SHA1_BLK_UNSAFE" 45 48 # include "block-sha1/sha1.h" 46 49 # define platform_SHA_CTX_unsafe blk_SHA_CTX 47 50 # define platform_SHA1_Init_unsafe blk_SHA1_Init

help.c

··· 805 805 strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION); 806 806 #endif 807 807 strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND); 808 + #if defined SHA1_UNSAFE_BACKEND 809 + strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n", 810 + SHA1_UNSAFE_BACKEND); 811 + #endif 808 812 strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND); 809 813 } 810 814 }