help: include unsafe SHA-1 build info in version
In 06c92dafb8 (Makefile: allow specifying a SHA-1 for non-cryptographic
uses, 2024-09-26), support for unsafe SHA-1 is added. Add the unsafe
SHA-1 build info to `git version --build-info` and update corresponding
documentation.
Signed-off-by: Justin Tobler <jltobler@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Justin Tobler
committed by
Junio C Hamano
Junio C Hamano
parent
16fd6c85e4
commit
6cf65440d3
@@ -27,7 +27,9 @@ The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed
|
|||||||
in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
|
in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
|
||||||
options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
|
options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
|
||||||
detection algorithm and thus may be vulnerable to known SHA-1 collision
|
detection algorithm and thus may be vulnerable to known SHA-1 collision
|
||||||
attacks.
|
attacks. When a faster SHA-1 implementation without collision detection is used
|
||||||
|
for only non-cryptographic purposes, the algorithm is displayed in the form
|
||||||
|
`non-collision-detecting-SHA-1: <option>`.
|
||||||
|
|
||||||
GIT
|
GIT
|
||||||
---
|
---
|
||||||
|
|||||||
3
hash.h
3
hash.h
@@ -20,12 +20,14 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(SHA1_APPLE_UNSAFE)
|
#if defined(SHA1_APPLE_UNSAFE)
|
||||||
|
# define SHA1_UNSAFE_BACKEND "SHA1_APPLE_UNSAFE"
|
||||||
# include <CommonCrypto/CommonDigest.h>
|
# include <CommonCrypto/CommonDigest.h>
|
||||||
# define platform_SHA_CTX_unsafe CC_SHA1_CTX
|
# define platform_SHA_CTX_unsafe CC_SHA1_CTX
|
||||||
# define platform_SHA1_Init_unsafe CC_SHA1_Init
|
# define platform_SHA1_Init_unsafe CC_SHA1_Init
|
||||||
# define platform_SHA1_Update_unsafe CC_SHA1_Update
|
# define platform_SHA1_Update_unsafe CC_SHA1_Update
|
||||||
# define platform_SHA1_Final_unsafe CC_SHA1_Final
|
# define platform_SHA1_Final_unsafe CC_SHA1_Final
|
||||||
#elif defined(SHA1_OPENSSL_UNSAFE)
|
#elif defined(SHA1_OPENSSL_UNSAFE)
|
||||||
|
# define SHA1_UNSAFE_BACKEND "SHA1_OPENSSL_UNSAFE"
|
||||||
# include <openssl/sha.h>
|
# include <openssl/sha.h>
|
||||||
# if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
|
# if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
|
||||||
# define SHA1_NEEDS_CLONE_HELPER_UNSAFE
|
# define SHA1_NEEDS_CLONE_HELPER_UNSAFE
|
||||||
@@ -42,6 +44,7 @@
|
|||||||
# define platform_SHA1_Final_unsafe SHA1_Final
|
# define platform_SHA1_Final_unsafe SHA1_Final
|
||||||
# endif
|
# endif
|
||||||
#elif defined(SHA1_BLK_UNSAFE)
|
#elif defined(SHA1_BLK_UNSAFE)
|
||||||
|
# define SHA1_UNSAFE_BACKEND "SHA1_BLK_UNSAFE"
|
||||||
# include "block-sha1/sha1.h"
|
# include "block-sha1/sha1.h"
|
||||||
# define platform_SHA_CTX_unsafe blk_SHA_CTX
|
# define platform_SHA_CTX_unsafe blk_SHA_CTX
|
||||||
# define platform_SHA1_Init_unsafe blk_SHA1_Init
|
# define platform_SHA1_Init_unsafe blk_SHA1_Init
|
||||||
|
|||||||
4
help.c
4
help.c
@@ -805,6 +805,10 @@ void get_version_info(struct strbuf *buf, int show_build_options)
|
|||||||
strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
|
strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
|
||||||
#endif
|
#endif
|
||||||
strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
|
strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
|
||||||
|
#if defined SHA1_UNSAFE_BACKEND
|
||||||
|
strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n",
|
||||||
|
SHA1_UNSAFE_BACKEND);
|
||||||
|
#endif
|
||||||
strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
|
strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user