From: Justin Tobler <jltobler@gmail.com>
To: git@vger.kernel.org
Cc: christian.couder@gmail.com, ps@pks.im,
Justin Tobler <jltobler@gmail.com>
Subject: [PATCH v3 0/2] help: include SHA build options in version info
Date: Thu, 3 Apr 2025 09:05:27 -0500 [thread overview]
Message-ID: <20250403140529.497876-1-jltobler@gmail.com> (raw)
In-Reply-To: <20250401203630.285451-1-jltobler@gmail.com>
Greetings,
Additional information regarding how Git was built can be found via the
`--build-options` flag for git-version(1). This currently does not
include information about the SHA-1 and SHA-256 implementations Git is
built with.
This short series adds build option info for the SHA-1, SHA-256, and
non-crypto-SHA-1 (if any) implementations which may be useful for
diagnostic purposes
Changes since V2:
- Updates to documentation to provide additional context.
- Inlined `get_sha_impl()` function.
Changes since V1:
- Each SHA backend is expected to define either `SHA1_BACKEND`,
`SHA1_UNSAFE_BACKEND`, or `SHA256_BACKEND` as appropriate.
These symbols are then used to print the SHA build options in
the additional version info.
- The names of the build options are used instead of
human-readable names.
- Appended "(No collision detection)" to warn about SHA1
backends without collision detection.
- Renamed "unsafe-SHA-1" to "non-crypto-SHA-1" in the printed
build options.
- Small updates to documentation.
Thanks,
-Justin
Justin Tobler (2):
help: include SHA implementation in version info
help: include unsafe SHA-1 build info in version
Documentation/git-version.adoc | 8 ++++++++
hash.h | 11 +++++++++++
help.c | 7 +++++++
3 files changed, 26 insertions(+)
Range-diff against v2:
1: aa0f464c52 ! 1: b01e5a18cb help: include SHA implementation in version info
@@ Documentation/git-version.adoc: OPTIONS
Include additional information about how git was built for diagnostic
purposes.
++
-+Note that the SHA1 options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not
-+have collision detection.
++The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed
++in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
++options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
++detection algorithm and thus may be vulnerable to known SHA-1 collision
++attacks.
GIT
---
@@ help.c
#include "help.h"
#include "command-list.h"
#include "string-list.h"
-@@ help.c: char *help_unknown_cmd(const char *cmd)
- exit(1);
- }
-
-+static void get_sha_impl(struct strbuf *buf)
-+{
-+ strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
-+ strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
-+}
-+
- void get_version_info(struct strbuf *buf, int show_build_options)
- {
- /*
@@ help.c: void get_version_info(struct strbuf *buf, int show_build_options)
#elif defined ZLIB_VERSION
strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
#endif
-+ get_sha_impl(buf);
++ strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
++ strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
}
}
2: 95c92a05df ! 2: cf33e4ac9e help: include unsafe SHA-1 build info in version
@@ Commit message
Signed-off-by: Justin Tobler <jltobler@gmail.com>
## Documentation/git-version.adoc ##
-@@ Documentation/git-version.adoc: OPTIONS
- +
- Note that the SHA1 options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not
- have collision detection.
-++
-+If built to use a faster SHA-1 implementation for non-cryptographic purposes,
-+that implementation is denoted as "non-crypto-SHA-1".
+@@ Documentation/git-version.adoc: The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed
+ in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
+ options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
+ detection algorithm and thus may be vulnerable to known SHA-1 collision
+-attacks.
++attacks. When a faster SHA-1 implementation without collision detection is used
++for only non-cryptographic purposes, the algorithm is displayed in the form
++`non-collision-detecting-SHA-1: <option>`.
GIT
---
@@ hash.h
# define platform_SHA1_Init_unsafe blk_SHA1_Init
## help.c ##
-@@ help.c: char *help_unknown_cmd(const char *cmd)
- static void get_sha_impl(struct strbuf *buf)
- {
- strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
-+
-+#if defined(SHA1_UNSAFE_BACKEND)
-+ strbuf_addf(buf, "non-crypto-SHA-1: %s\n", SHA1_UNSAFE_BACKEND);
+@@ help.c: void get_version_info(struct strbuf *buf, int show_build_options)
+ strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
+ #endif
+ strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
++#if defined SHA1_UNSAFE_BACKEND
++ strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n",
++ SHA1_UNSAFE_BACKEND);
+#endif
-+
- strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
+ strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
+ }
}
-
base-commit: 683c54c999c301c2cd6f715c411407c413b1d84e
--
2.49.0
next prev parent reply other threads:[~2025-04-03 14:09 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-28 17:01 [PATCH 0/2] help: include SHA build options in version info Justin Tobler
2025-03-28 17:01 ` [PATCH 1/2] help: include SHA implementation " Justin Tobler
2025-03-29 11:36 ` Junio C Hamano
2025-03-31 7:19 ` Patrick Steinhardt
2025-03-31 17:46 ` Justin Tobler
2025-04-01 9:47 ` Junio C Hamano
2025-03-31 17:21 ` Justin Tobler
2025-03-28 17:01 ` [PATCH 2/2] help: include unsafe SHA-1 build info in version Justin Tobler
2025-03-29 8:42 ` Christian Couder
2025-03-29 8:58 ` [PATCH 0/2] help: include SHA build options in version info Christian Couder
2025-03-31 18:17 ` Justin Tobler
2025-04-01 20:36 ` [PATCH v2 " Justin Tobler
2025-04-01 20:36 ` [PATCH v2 1/2] help: include SHA implementation " Justin Tobler
2025-04-02 7:38 ` Patrick Steinhardt
2025-04-02 11:26 ` Christian Couder
2025-04-02 11:27 ` Christian Couder
2025-04-02 14:56 ` Justin Tobler
2025-04-01 20:36 ` [PATCH v2 2/2] help: include unsafe SHA-1 build info in version Justin Tobler
2025-04-02 7:38 ` Patrick Steinhardt
2025-04-02 15:59 ` Justin Tobler
2025-04-03 5:10 ` Patrick Steinhardt
2025-04-03 14:05 ` Justin Tobler [this message]
2025-04-03 14:05 ` [PATCH v3 1/2] help: include SHA implementation in version info Justin Tobler
2025-04-03 14:05 ` [PATCH v3 2/2] help: include unsafe SHA-1 build info in version Justin Tobler
2025-04-04 9:20 ` [PATCH v3 0/2] help: include SHA build options in version info Patrick Steinhardt
2025-04-04 11:06 ` Christian Couder
2025-04-08 0:33 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250403140529.497876-1-jltobler@gmail.com \
--to=jltobler@gmail.com \
--cc=christian.couder@gmail.com \
--cc=git@vger.kernel.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).