From: Justin Tobler <jltobler@gmail.com>
To: git@vger.kernel.org
Cc: christian.couder@gmail.com, ps@pks.im,
Justin Tobler <jltobler@gmail.com>
Subject: [PATCH v3 2/2] help: include unsafe SHA-1 build info in version
Date: Thu, 3 Apr 2025 09:05:29 -0500 [thread overview]
Message-ID: <20250403140529.497876-3-jltobler@gmail.com> (raw)
In-Reply-To: <20250403140529.497876-1-jltobler@gmail.com>
In 06c92dafb8 (Makefile: allow specifying a SHA-1 for non-cryptographic
uses, 2024-09-26), support for unsafe SHA-1 is added. Add the unsafe
SHA-1 build info to `git version --build-info` and update corresponding
documentation.
Signed-off-by: Justin Tobler <jltobler@gmail.com>
---
Documentation/git-version.adoc | 4 +++-
hash.h | 3 +++
help.c | 4 ++++
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/Documentation/git-version.adoc b/Documentation/git-version.adoc
index 913ebf147d..9462043a14 100644
--- a/Documentation/git-version.adoc
+++ b/Documentation/git-version.adoc
@@ -27,7 +27,9 @@ The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed
in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
detection algorithm and thus may be vulnerable to known SHA-1 collision
-attacks.
+attacks. When a faster SHA-1 implementation without collision detection is used
+for only non-cryptographic purposes, the algorithm is displayed in the form
+`non-collision-detecting-SHA-1: <option>`.
GIT
---
diff --git a/hash.h b/hash.h
index 51cd0ec7b6..72334d3506 100644
--- a/hash.h
+++ b/hash.h
@@ -20,12 +20,14 @@
#endif
#if defined(SHA1_APPLE_UNSAFE)
+# define SHA1_UNSAFE_BACKEND "SHA1_APPLE_UNSAFE"
# include <CommonCrypto/CommonDigest.h>
# define platform_SHA_CTX_unsafe CC_SHA1_CTX
# define platform_SHA1_Init_unsafe CC_SHA1_Init
# define platform_SHA1_Update_unsafe CC_SHA1_Update
# define platform_SHA1_Final_unsafe CC_SHA1_Final
#elif defined(SHA1_OPENSSL_UNSAFE)
+# define SHA1_UNSAFE_BACKEND "SHA1_OPENSSL_UNSAFE"
# include <openssl/sha.h>
# if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
# define SHA1_NEEDS_CLONE_HELPER_UNSAFE
@@ -42,6 +44,7 @@
# define platform_SHA1_Final_unsafe SHA1_Final
# endif
#elif defined(SHA1_BLK_UNSAFE)
+# define SHA1_UNSAFE_BACKEND "SHA1_BLK_UNSAFE"
# include "block-sha1/sha1.h"
# define platform_SHA_CTX_unsafe blk_SHA_CTX
# define platform_SHA1_Init_unsafe blk_SHA1_Init
diff --git a/help.c b/help.c
index 991a9525db..6ef90838f1 100644
--- a/help.c
+++ b/help.c
@@ -805,6 +805,10 @@ void get_version_info(struct strbuf *buf, int show_build_options)
strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
#endif
strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
+#if defined SHA1_UNSAFE_BACKEND
+ strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n",
+ SHA1_UNSAFE_BACKEND);
+#endif
strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
}
}
--
2.49.0
next prev parent reply other threads:[~2025-04-03 14:09 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-28 17:01 [PATCH 0/2] help: include SHA build options in version info Justin Tobler
2025-03-28 17:01 ` [PATCH 1/2] help: include SHA implementation " Justin Tobler
2025-03-29 11:36 ` Junio C Hamano
2025-03-31 7:19 ` Patrick Steinhardt
2025-03-31 17:46 ` Justin Tobler
2025-04-01 9:47 ` Junio C Hamano
2025-03-31 17:21 ` Justin Tobler
2025-03-28 17:01 ` [PATCH 2/2] help: include unsafe SHA-1 build info in version Justin Tobler
2025-03-29 8:42 ` Christian Couder
2025-03-29 8:58 ` [PATCH 0/2] help: include SHA build options in version info Christian Couder
2025-03-31 18:17 ` Justin Tobler
2025-04-01 20:36 ` [PATCH v2 " Justin Tobler
2025-04-01 20:36 ` [PATCH v2 1/2] help: include SHA implementation " Justin Tobler
2025-04-02 7:38 ` Patrick Steinhardt
2025-04-02 11:26 ` Christian Couder
2025-04-02 11:27 ` Christian Couder
2025-04-02 14:56 ` Justin Tobler
2025-04-01 20:36 ` [PATCH v2 2/2] help: include unsafe SHA-1 build info in version Justin Tobler
2025-04-02 7:38 ` Patrick Steinhardt
2025-04-02 15:59 ` Justin Tobler
2025-04-03 5:10 ` Patrick Steinhardt
2025-04-03 14:05 ` [PATCH v3 0/2] help: include SHA build options in version info Justin Tobler
2025-04-03 14:05 ` [PATCH v3 1/2] help: include SHA implementation " Justin Tobler
2025-04-03 14:05 ` Justin Tobler [this message]
2025-04-04 9:20 ` [PATCH v3 0/2] help: include SHA build options " Patrick Steinhardt
2025-04-04 11:06 ` Christian Couder
2025-04-08 0:33 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250403140529.497876-3-jltobler@gmail.com \
--to=jltobler@gmail.com \
--cc=christian.couder@gmail.com \
--cc=git@vger.kernel.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.