diff options
| author | Justin Tobler <jltobler@gmail.com> | 2025-04-03 09:05:29 -0500 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2025-04-07 14:39:27 -0700 |
| commit | 6cf65440d39250880e747d2c5281881e95eb9499 (patch) | |
| tree | fe2f97c48e21f64be5f831470b7703c51ad9d9db | |
| parent | 16fd6c85e4d036e789916e4d802b47a792fe496e (diff) | |
| download | git-6cf65440d39250880e747d2c5281881e95eb9499.tar.xz | |
help: include unsafe SHA-1 build info in version
In 06c92dafb8 (Makefile: allow specifying a SHA-1 for non-cryptographic
uses, 2024-09-26), support for unsafe SHA-1 is added. Add the unsafe
SHA-1 build info to `git version --build-info` and update corresponding
documentation.
Signed-off-by: Justin Tobler <jltobler@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | Documentation/git-version.adoc | 4 | ||||
| -rw-r--r-- | hash.h | 3 | ||||
| -rw-r--r-- | help.c | 4 |
3 files changed, 10 insertions, 1 deletions
diff --git a/Documentation/git-version.adoc b/Documentation/git-version.adoc index 913ebf147d..9462043a14 100644 --- a/Documentation/git-version.adoc +++ b/Documentation/git-version.adoc @@ -27,7 +27,9 @@ The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1 options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision detection algorithm and thus may be vulnerable to known SHA-1 collision -attacks. +attacks. When a faster SHA-1 implementation without collision detection is used +for only non-cryptographic purposes, the algorithm is displayed in the form +`non-collision-detecting-SHA-1: <option>`. GIT --- @@ -20,12 +20,14 @@ #endif #if defined(SHA1_APPLE_UNSAFE) +# define SHA1_UNSAFE_BACKEND "SHA1_APPLE_UNSAFE" # include <CommonCrypto/CommonDigest.h> # define platform_SHA_CTX_unsafe CC_SHA1_CTX # define platform_SHA1_Init_unsafe CC_SHA1_Init # define platform_SHA1_Update_unsafe CC_SHA1_Update # define platform_SHA1_Final_unsafe CC_SHA1_Final #elif defined(SHA1_OPENSSL_UNSAFE) +# define SHA1_UNSAFE_BACKEND "SHA1_OPENSSL_UNSAFE" # include <openssl/sha.h> # if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3 # define SHA1_NEEDS_CLONE_HELPER_UNSAFE @@ -42,6 +44,7 @@ # define platform_SHA1_Final_unsafe SHA1_Final # endif #elif defined(SHA1_BLK_UNSAFE) +# define SHA1_UNSAFE_BACKEND "SHA1_BLK_UNSAFE" # include "block-sha1/sha1.h" # define platform_SHA_CTX_unsafe blk_SHA_CTX # define platform_SHA1_Init_unsafe blk_SHA1_Init @@ -805,6 +805,10 @@ void get_version_info(struct strbuf *buf, int show_build_options) strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION); #endif strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND); +#if defined SHA1_UNSAFE_BACKEND + strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n", + SHA1_UNSAFE_BACKEND); +#endif strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND); } } |