[PATCH v3 0/2] help: include SHA build options in version info

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings,

Additional information regarding how Git was built can be found via the
`--build-options` flag for git-version(1). This currently does not
include information about the SHA-1 and SHA-256 implementations Git is
built with.

This short series adds build option info for the SHA-1, SHA-256, and
non-crypto-SHA-1 (if any) implementations which may be useful for
diagnostic purposes

Changes since V2:

  - Updates to documentation to provide additional context.

  - Inlined `get_sha_impl()` function.

Changes since V1:

  - Each SHA backend is expected to define either `SHA1_BACKEND`,
    `SHA1_UNSAFE_BACKEND`, or `SHA256_BACKEND` as appropriate.
    These symbols are then used to print the SHA build options in
    the additional version info.

  - The names of the build options are used instead of
    human-readable names.

  - Appended "(No collision detection)" to warn about SHA1
    backends without collision detection.

  - Renamed "unsafe-SHA-1" to "non-crypto-SHA-1" in the printed
    build options.

  - Small updates to documentation.

Thanks,
-Justin

Justin Tobler (2):
  help: include SHA implementation in version info
  help: include unsafe SHA-1 build info in version

 Documentation/git-version.adoc |  8 ++++++++
 hash.h                         | 11 +++++++++++
 help.c                         |  7 +++++++
 3 files changed, 26 insertions(+)

Range-diff against v2:
1:  aa0f464c52 ! 1:  b01e5a18cb help: include SHA implementation in version info
    @@ Documentation/git-version.adoc: OPTIONS
      	Include additional information about how git was built for diagnostic
      	purposes.
     ++
    -+Note that the SHA1 options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not
    -+have collision detection.
    ++The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed
    ++in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
    ++options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
    ++detection algorithm and thus may be vulnerable to known SHA-1 collision
    ++attacks.
      
      GIT
      ---
    @@ help.c
      #include "help.h"
      #include "command-list.h"
      #include "string-list.h"
    -@@ help.c: char *help_unknown_cmd(const char *cmd)
    - 	exit(1);
    - }
    - 
    -+static void get_sha_impl(struct strbuf *buf)
    -+{
    -+	strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
    -+	strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
    -+}
    -+
    - void get_version_info(struct strbuf *buf, int show_build_options)
    - {
    - 	/*
     @@ help.c: void get_version_info(struct strbuf *buf, int show_build_options)
      #elif defined ZLIB_VERSION
      		strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
      #endif
    -+		get_sha_impl(buf);
    ++		strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
    ++		strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
      	}
      }
      
2:  95c92a05df ! 2:  cf33e4ac9e help: include unsafe SHA-1 build info in version
    @@ Commit message
         Signed-off-by: Justin Tobler <jltobler@xxxxxxxxx>
     
      ## Documentation/git-version.adoc ##
    -@@ Documentation/git-version.adoc: OPTIONS
    - +
    - Note that the SHA1 options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not
    - have collision detection.
    -++
    -+If built to use a faster SHA-1 implementation for non-cryptographic purposes,
    -+that implementation is denoted as "non-crypto-SHA-1".
    +@@ Documentation/git-version.adoc: The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed
    + in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
    + options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
    + detection algorithm and thus may be vulnerable to known SHA-1 collision
    +-attacks.
    ++attacks. When a faster SHA-1 implementation without collision detection is used
    ++for only non-cryptographic purposes, the algorithm is displayed in the form
    ++`non-collision-detecting-SHA-1: <option>`.
      
      GIT
      ---
    @@ hash.h
      #  define platform_SHA1_Init_unsafe blk_SHA1_Init
     
      ## help.c ##
    -@@ help.c: char *help_unknown_cmd(const char *cmd)
    - static void get_sha_impl(struct strbuf *buf)
    - {
    - 	strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
    -+
    -+#if defined(SHA1_UNSAFE_BACKEND)
    -+	strbuf_addf(buf, "non-crypto-SHA-1: %s\n", SHA1_UNSAFE_BACKEND);
    +@@ help.c: void get_version_info(struct strbuf *buf, int show_build_options)
    + 		strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
    + #endif
    + 		strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
    ++#if defined SHA1_UNSAFE_BACKEND
    ++		strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n",
    ++			    SHA1_UNSAFE_BACKEND);
     +#endif
    -+
    - 	strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
    + 		strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
    + 	}
      }
    - 

base-commit: 683c54c999c301c2cd6f715c411407c413b1d84e
-- 
2.49.0
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux