[PATCH v2 2/2] help: include unsafe SHA-1 build info in version

Justin Tobler <jltobler@xxxxxxxxx> · Tue, 1 Apr 2025 15:36:30 -0500

In 06c92dafb8 (Makefile: allow specifying a SHA-1 for non-cryptographic
uses, 2024-09-26), support for unsafe SHA-1 is added. Add the unsafe
SHA-1 build info to `git version --build-info` and update corresponding
documentation.

Signed-off-by: Justin Tobler <jltobler@xxxxxxxxx>
---
 Documentation/git-version.adoc | 3 +++
 hash.h                         | 3 +++
 help.c                         | 5 +++++
 3 files changed, 11 insertions(+)

diff --git a/Documentation/git-version.adoc b/Documentation/git-version.adoc
index f06758a7cf..753794988c 100644
--- a/Documentation/git-version.adoc
+++ b/Documentation/git-version.adoc
@@ -25,6 +25,9 @@ OPTIONS
 +
 Note that the SHA1 options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not
 have collision detection.
++
+If built to use a faster SHA-1 implementation for non-cryptographic purposes,
+that implementation is denoted as "non-crypto-SHA-1".
 
 GIT
 ---
diff --git a/hash.h b/hash.h
index 51cd0ec7b6..72334d3506 100644
--- a/hash.h
+++ b/hash.h
@@ -20,12 +20,14 @@
 #endif
 
 #if defined(SHA1_APPLE_UNSAFE)
+#  define SHA1_UNSAFE_BACKEND "SHA1_APPLE_UNSAFE"
 #  include <CommonCrypto/CommonDigest.h>
 #  define platform_SHA_CTX_unsafe CC_SHA1_CTX
 #  define platform_SHA1_Init_unsafe CC_SHA1_Init
 #  define platform_SHA1_Update_unsafe CC_SHA1_Update
 #  define platform_SHA1_Final_unsafe CC_SHA1_Final
 #elif defined(SHA1_OPENSSL_UNSAFE)
+#  define SHA1_UNSAFE_BACKEND "SHA1_OPENSSL_UNSAFE"
 #  include <openssl/sha.h>
 #  if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
 #    define SHA1_NEEDS_CLONE_HELPER_UNSAFE
@@ -42,6 +44,7 @@
 #    define platform_SHA1_Final_unsafe SHA1_Final
 #  endif
 #elif defined(SHA1_BLK_UNSAFE)
+#  define SHA1_UNSAFE_BACKEND "SHA1_BLK_UNSAFE"
 #  include "block-sha1/sha1.h"
 #  define platform_SHA_CTX_unsafe blk_SHA_CTX
 #  define platform_SHA1_Init_unsafe blk_SHA1_Init
diff --git a/help.c b/help.c
index 3aebfb3681..1238a962b0 100644
--- a/help.c
+++ b/help.c
@@ -772,6 +772,11 @@ char *help_unknown_cmd(const char *cmd)
 static void get_sha_impl(struct strbuf *buf)
 {
 	strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
+
+#if defined(SHA1_UNSAFE_BACKEND)
+	strbuf_addf(buf, "non-crypto-SHA-1: %s\n", SHA1_UNSAFE_BACKEND);
+#endif
+
 	strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
 }
 
-- 
2.49.0








