From: Justin Tobler <jltobler@gmail.com>
To: git@vger.kernel.org
Cc: christian.couder@gmail.com, ps@pks.im,
Justin Tobler <jltobler@gmail.com>
Subject: [PATCH v3 1/2] help: include SHA implementation in version info
Date: Thu, 3 Apr 2025 09:05:28 -0500 [thread overview]
Message-ID: <20250403140529.497876-2-jltobler@gmail.com> (raw)
In-Reply-To: <20250403140529.497876-1-jltobler@gmail.com>
When the `--build-options` flag is used with git-version(1), additional
information about the built version of Git is printed. During build
time, different SHA implementations may be configured, but this
information is not included in the version info.
Add the SHA implementations Git is built with to the version info by
requiring each backend to define a SHA1_BACKEND or SHA256_BACKEND symbol
as appropriate and use the value in the printed build options.
Signed-off-by: Justin Tobler <jltobler@gmail.com>
---
Documentation/git-version.adoc | 6 ++++++
hash.h | 8 ++++++++
help.c | 3 +++
3 files changed, 17 insertions(+)
diff --git a/Documentation/git-version.adoc b/Documentation/git-version.adoc
index 80fa7754a6..913ebf147d 100644
--- a/Documentation/git-version.adoc
+++ b/Documentation/git-version.adoc
@@ -22,6 +22,12 @@ OPTIONS
--build-options::
Include additional information about how git was built for diagnostic
purposes.
++
+The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed
+in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
+options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
+detection algorithm and thus may be vulnerable to known SHA-1 collision
+attacks.
GIT
---
diff --git a/hash.h b/hash.h
index 4367acfec5..51cd0ec7b6 100644
--- a/hash.h
+++ b/hash.h
@@ -2,16 +2,20 @@
#define HASH_H
#if defined(SHA1_APPLE)
+#define SHA1_BACKEND "SHA1_APPLE (No collision detection)"
#include <CommonCrypto/CommonDigest.h>
#elif defined(SHA1_OPENSSL)
+# define SHA1_BACKEND "SHA1_OPENSSL (No collision detection)"
# include <openssl/sha.h>
# if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
# define SHA1_NEEDS_CLONE_HELPER
# include "sha1/openssl.h"
# endif
#elif defined(SHA1_DC)
+#define SHA1_BACKEND "SHA1_DC"
#include "sha1dc_git.h"
#else /* SHA1_BLK */
+#define SHA1_BACKEND "SHA1_BLK (No collision detection)"
#include "block-sha1/sha1.h"
#endif
@@ -46,17 +50,21 @@
#endif
#if defined(SHA256_NETTLE)
+#define SHA256_BACKEND "SHA256_NETTLE"
#include "sha256/nettle.h"
#elif defined(SHA256_GCRYPT)
+#define SHA256_BACKEND "SHA256_GCRYPT"
#define SHA256_NEEDS_CLONE_HELPER
#include "sha256/gcrypt.h"
#elif defined(SHA256_OPENSSL)
+# define SHA256_BACKEND "SHA256_OPENSSL"
# include <openssl/sha.h>
# if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
# define SHA256_NEEDS_CLONE_HELPER
# include "sha256/openssl.h"
# endif
#else
+#define SHA256_BACKEND "SHA256_BLK"
#include "sha256/block/sha256.h"
#endif
diff --git a/help.c b/help.c
index c54bd9918a..991a9525db 100644
--- a/help.c
+++ b/help.c
@@ -9,6 +9,7 @@
#include "run-command.h"
#include "levenshtein.h"
#include "gettext.h"
+#include "hash.h"
#include "help.h"
#include "command-list.h"
#include "string-list.h"
@@ -803,6 +804,8 @@ void get_version_info(struct strbuf *buf, int show_build_options)
#elif defined ZLIB_VERSION
strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
#endif
+ strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
+ strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
}
}
--
2.49.0
next prev parent reply other threads:[~2025-04-03 14:09 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-28 17:01 [PATCH 0/2] help: include SHA build options in version info Justin Tobler
2025-03-28 17:01 ` [PATCH 1/2] help: include SHA implementation " Justin Tobler
2025-03-29 11:36 ` Junio C Hamano
2025-03-31 7:19 ` Patrick Steinhardt
2025-03-31 17:46 ` Justin Tobler
2025-04-01 9:47 ` Junio C Hamano
2025-03-31 17:21 ` Justin Tobler
2025-03-28 17:01 ` [PATCH 2/2] help: include unsafe SHA-1 build info in version Justin Tobler
2025-03-29 8:42 ` Christian Couder
2025-03-29 8:58 ` [PATCH 0/2] help: include SHA build options in version info Christian Couder
2025-03-31 18:17 ` Justin Tobler
2025-04-01 20:36 ` [PATCH v2 " Justin Tobler
2025-04-01 20:36 ` [PATCH v2 1/2] help: include SHA implementation " Justin Tobler
2025-04-02 7:38 ` Patrick Steinhardt
2025-04-02 11:26 ` Christian Couder
2025-04-02 11:27 ` Christian Couder
2025-04-02 14:56 ` Justin Tobler
2025-04-01 20:36 ` [PATCH v2 2/2] help: include unsafe SHA-1 build info in version Justin Tobler
2025-04-02 7:38 ` Patrick Steinhardt
2025-04-02 15:59 ` Justin Tobler
2025-04-03 5:10 ` Patrick Steinhardt
2025-04-03 14:05 ` [PATCH v3 0/2] help: include SHA build options in version info Justin Tobler
2025-04-03 14:05 ` Justin Tobler [this message]
2025-04-03 14:05 ` [PATCH v3 2/2] help: include unsafe SHA-1 build info in version Justin Tobler
2025-04-04 9:20 ` [PATCH v3 0/2] help: include SHA build options in version info Patrick Steinhardt
2025-04-04 11:06 ` Christian Couder
2025-04-08 0:33 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250403140529.497876-2-jltobler@gmail.com \
--to=jltobler@gmail.com \
--cc=christian.couder@gmail.com \
--cc=git@vger.kernel.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).