In 06c92dafb8 (Makefile: allow specifying a SHA-1 for non-cryptographic uses, 2024-09-26), support for unsafe SHA-1 is added. Add the unsafe SHA-1 build info to `git version --build-info` and update corresponding documentation. Signed-off-by: Justin Tobler <jltobler@xxxxxxxxx> --- Documentation/git-version.adoc | 4 +++- hash.h | 3 +++ help.c | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/Documentation/git-version.adoc b/Documentation/git-version.adoc index 913ebf147d..9462043a14 100644 --- a/Documentation/git-version.adoc +++ b/Documentation/git-version.adoc @@ -27,7 +27,9 @@ The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1 options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision detection algorithm and thus may be vulnerable to known SHA-1 collision -attacks. +attacks. When a faster SHA-1 implementation without collision detection is used +for only non-cryptographic purposes, the algorithm is displayed in the form +`non-collision-detecting-SHA-1: <option>`. GIT --- diff --git a/hash.h b/hash.h index 51cd0ec7b6..72334d3506 100644 --- a/hash.h +++ b/hash.h @@ -20,12 +20,14 @@ #endif #if defined(SHA1_APPLE_UNSAFE) +# define SHA1_UNSAFE_BACKEND "SHA1_APPLE_UNSAFE" # include <CommonCrypto/CommonDigest.h> # define platform_SHA_CTX_unsafe CC_SHA1_CTX # define platform_SHA1_Init_unsafe CC_SHA1_Init # define platform_SHA1_Update_unsafe CC_SHA1_Update # define platform_SHA1_Final_unsafe CC_SHA1_Final #elif defined(SHA1_OPENSSL_UNSAFE) +# define SHA1_UNSAFE_BACKEND "SHA1_OPENSSL_UNSAFE" # include <openssl/sha.h> # if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3 # define SHA1_NEEDS_CLONE_HELPER_UNSAFE @@ -42,6 +44,7 @@ # define platform_SHA1_Final_unsafe SHA1_Final # endif #elif defined(SHA1_BLK_UNSAFE) +# define SHA1_UNSAFE_BACKEND "SHA1_BLK_UNSAFE" # include "block-sha1/sha1.h" # define platform_SHA_CTX_unsafe blk_SHA_CTX # define platform_SHA1_Init_unsafe blk_SHA1_Init diff --git a/help.c b/help.c index 991a9525db..6ef90838f1 100644 --- a/help.c +++ b/help.c @@ -805,6 +805,10 @@ void get_version_info(struct strbuf *buf, int show_build_options) strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION); #endif strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND); +#if defined SHA1_UNSAFE_BACKEND + strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n", + SHA1_UNSAFE_BACKEND); +#endif strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND); } } -- 2.49.0
