help: include unsafe SHA-1 build info in version

jltobler · gitster · commit 6cf65440d392 · 2025-04-07T14:39:27.000-07:00
In 06c92da (Makefile: allow specifying a SHA-1 for non-cryptographic uses, 2024-09-26), support for unsafe SHA-1 is added. Add the unsafe SHA-1 build info to `git version --build-info` and update corresponding documentation. Signed-off-by: Justin Tobler <jltobler@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
diff --git a/Documentation/git-version.adoc b/Documentation/git-version.adoc
@@ -27,7 +27,9 @@ The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed
 in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
 options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
 detection algorithm and thus may be vulnerable to known SHA-1 collision
-attacks.
+attacks. When a faster SHA-1 implementation without collision detection is used
+for only non-cryptographic purposes, the algorithm is displayed in the form
+`non-collision-detecting-SHA-1: <option>`.
 
 GIT
 ---
diff --git a/hash.h b/hash.h
@@ -20,12 +20,14 @@
 #endif
 
 #if defined(SHA1_APPLE_UNSAFE)
+#  define SHA1_UNSAFE_BACKEND "SHA1_APPLE_UNSAFE"
 #  include <CommonCrypto/CommonDigest.h>
 #  define platform_SHA_CTX_unsafe CC_SHA1_CTX
 #  define platform_SHA1_Init_unsafe CC_SHA1_Init
 #  define platform_SHA1_Update_unsafe CC_SHA1_Update
 #  define platform_SHA1_Final_unsafe CC_SHA1_Final
 #elif defined(SHA1_OPENSSL_UNSAFE)
+#  define SHA1_UNSAFE_BACKEND "SHA1_OPENSSL_UNSAFE"
 #  include <openssl/sha.h>
 #  if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
 #    define SHA1_NEEDS_CLONE_HELPER_UNSAFE
@@ -42,6 +44,7 @@
 #    define platform_SHA1_Final_unsafe SHA1_Final
 #  endif
 #elif defined(SHA1_BLK_UNSAFE)
+#  define SHA1_UNSAFE_BACKEND "SHA1_BLK_UNSAFE"
 #  include "block-sha1/sha1.h"
 #  define platform_SHA_CTX_unsafe blk_SHA_CTX
 #  define platform_SHA1_Init_unsafe blk_SHA1_Init
diff --git a/help.c b/help.c
@@ -805,6 +805,10 @@ void get_version_info(struct strbuf *buf, int show_build_options)
 		strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
 #endif
 		strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
+#if defined SHA1_UNSAFE_BACKEND
+		strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n",
+			    SHA1_UNSAFE_BACKEND);
+#endif
 		strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -805,6 +805,10 @@ void get_version_info(struct strbuf *buf, int show_build_options)`
`805`	`805`	`strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);`
`806`	`806`	`#endif`
`807`	`807`	`strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);`
	`808`	`+#if defined SHA1_UNSAFE_BACKEND`
	`809`	`+ strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n",`
	`810`	`+ SHA1_UNSAFE_BACKEND);`
	`811`	`+#endif`
`808`	`812`	`strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);`
`809`	`813`	`}`
`810`	`814`	`}`