From: Justin Tobler <jltobler@gmail.com>
To: git@vger.kernel.org
Cc: christian.couder@gmail.com, ps@pks.im,
Justin Tobler <jltobler@gmail.com>
Subject: [PATCH v3 2/2] help: include unsafe SHA-1 build info in version
Date: Thu, 3 Apr 2025 09:05:29 -0500 [thread overview]
Message-ID: <20250403140529.497876-3-jltobler@gmail.com> (raw)
In-Reply-To: <20250403140529.497876-1-jltobler@gmail.com>
In 06c92dafb8 (Makefile: allow specifying a SHA-1 for non-cryptographic
uses, 2024-09-26), support for unsafe SHA-1 is added. Add the unsafe
SHA-1 build info to `git version --build-info` and update corresponding
documentation.
Signed-off-by: Justin Tobler <jltobler@gmail.com>
---
Documentation/git-version.adoc | 4 +++-
hash.h | 3 +++
help.c | 4 ++++
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/Documentation/git-version.adoc b/Documentation/git-version.adoc
index 913ebf147d..9462043a14 100644
--- a/Documentation/git-version.adoc
+++ b/Documentation/git-version.adoc
@@ -27,7 +27,9 @@ The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed
in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
detection algorithm and thus may be vulnerable to known SHA-1 collision
-attacks.
+attacks. When a faster SHA-1 implementation without collision detection is used
+for only non-cryptographic purposes, the algorithm is displayed in the form
+`non-collision-detecting-SHA-1: <option>`.
GIT
---
diff --git a/hash.h b/hash.h
index 51cd0ec7b6..72334d3506 100644
--- a/hash.h
+++ b/hash.h
@@ -20,12 +20,14 @@
#endif
#if defined(SHA1_APPLE_UNSAFE)
+# define SHA1_UNSAFE_BACKEND "SHA1_APPLE_UNSAFE"
# include <CommonCrypto/CommonDigest.h>
# define platform_SHA_CTX_unsafe CC_SHA1_CTX
# define platform_SHA1_Init_unsafe CC_SHA1_Init
# define platform_SHA1_Update_unsafe CC_SHA1_Update
# define platform_SHA1_Final_unsafe CC_SHA1_Final
#elif defined(SHA1_OPENSSL_UNSAFE)
+# define SHA1_UNSAFE_BACKEND "SHA1_OPENSSL_UNSAFE"
# include <openssl/sha.h>
# if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
# define SHA1_NEEDS_CLONE_HELPER_UNSAFE
@@ -42,6 +44,7 @@
# define platform_SHA1_Final_unsafe SHA1_Final
# endif
#elif defined(SHA1_BLK_UNSAFE)
+# define SHA1_UNSAFE_BACKEND "SHA1_BLK_UNSAFE"
# include "block-sha1/sha1.h"
# define platform_SHA_CTX_unsafe blk_SHA_CTX
# define platform_SHA1_Init_unsafe blk_SHA1_Init
diff --git a/help.c b/help.c
index 991a9525db..6ef90838f1 100644
--- a/help.c
+++ b/help.c
@@ -805,6 +805,10 @@ void get_version_info(struct strbuf *buf, int show_build_options)
strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
#endif
strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
+#if defined SHA1_UNSAFE_BACKEND
+ strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n",
+ SHA1_UNSAFE_BACKEND);
+#endif
strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
}
}
--
2.49.0
next prev parent reply other threads:[~2025-04-03 14:09 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-28 17:01 [PATCH 0/2] help: include SHA build options in version info Justin Tobler
2025-03-28 17:01 ` [PATCH 1/2] help: include SHA implementation " Justin Tobler
2025-03-29 11:36 ` Junio C Hamano
2025-03-31 7:19 ` Patrick Steinhardt
2025-03-31 17:46 ` Justin Tobler
2025-04-01 9:47 ` Junio C Hamano
2025-03-31 17:21 ` Justin Tobler
2025-03-28 17:01 ` [PATCH 2/2] help: include unsafe SHA-1 build info in version Justin Tobler
2025-03-29 8:42 ` Christian Couder
2025-03-29 8:58 ` [PATCH 0/2] help: include SHA build options in version info Christian Couder
2025-03-31 18:17 ` Justin Tobler
2025-04-01 20:36 ` [PATCH v2 " Justin Tobler
2025-04-01 20:36 ` [PATCH v2 1/2] help: include SHA implementation " Justin Tobler
2025-04-02 7:38 ` Patrick Steinhardt
2025-04-02 11:26 ` Christian Couder
2025-04-02 11:27 ` Christian Couder
2025-04-02 14:56 ` Justin Tobler
2025-04-01 20:36 ` [PATCH v2 2/2] help: include unsafe SHA-1 build info in version Justin Tobler
2025-04-02 7:38 ` Patrick Steinhardt
2025-04-02 15:59 ` Justin Tobler
2025-04-03 5:10 ` Patrick Steinhardt
2025-04-03 14:05 ` [PATCH v3 0/2] help: include SHA build options in version info Justin Tobler
2025-04-03 14:05 ` [PATCH v3 1/2] help: include SHA implementation " Justin Tobler
2025-04-03 14:05 ` Justin Tobler [this message]
2025-04-04 9:20 ` [PATCH v3 0/2] help: include SHA build options " Patrick Steinhardt
2025-04-04 11:06 ` Christian Couder
2025-04-08 0:33 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250403140529.497876-3-jltobler@gmail.com \
--to=jltobler@gmail.com \
--cc=christian.couder@gmail.com \
--cc=git@vger.kernel.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).