Merge branch 'jt/help-sha-backend-info-in-build-options'

"git help --build-options" reports SHA-1 and SHA-256 backends used
in the build.

* jt/help-sha-backend-info-in-build-options:
  help: include unsafe SHA-1 build info in version
  help: include SHA implementation in version info
maint
Junio C Hamano 2025-04-16 13:54:19 -07:00
commit 8f490db4e2
3 changed files with 26 additions and 0 deletions

View File

@ -22,6 +22,14 @@ OPTIONS
--build-options::
Include additional information about how git was built for diagnostic
purposes.
+
The libraries used to implement the SHA-1 and SHA-256 algorithms are displayed
in the form `SHA-1: <option>` and `SHA-256: <option>`. Note that the SHA-1
options `SHA1_APPLE`, `SHA1_OPENSSL`, and `SHA1_BLK` do not use a collision
detection algorithm and thus may be vulnerable to known SHA-1 collision
attacks. When a faster SHA-1 implementation without collision detection is used
for only non-cryptographic purposes, the algorithm is displayed in the form
`non-collision-detecting-SHA-1: <option>`.

GIT
---

11
hash.h
View File

@ -2,26 +2,32 @@
#define HASH_H

#if defined(SHA1_APPLE)
#define SHA1_BACKEND "SHA1_APPLE (No collision detection)"
#include <CommonCrypto/CommonDigest.h>
#elif defined(SHA1_OPENSSL)
# define SHA1_BACKEND "SHA1_OPENSSL (No collision detection)"
# include <openssl/sha.h>
# if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
# define SHA1_NEEDS_CLONE_HELPER
# include "sha1/openssl.h"
# endif
#elif defined(SHA1_DC)
#define SHA1_BACKEND "SHA1_DC"
#include "sha1dc_git.h"
#else /* SHA1_BLK */
#define SHA1_BACKEND "SHA1_BLK (No collision detection)"
#include "block-sha1/sha1.h"
#endif

#if defined(SHA1_APPLE_UNSAFE)
# define SHA1_UNSAFE_BACKEND "SHA1_APPLE_UNSAFE"
# include <CommonCrypto/CommonDigest.h>
# define platform_SHA_CTX_unsafe CC_SHA1_CTX
# define platform_SHA1_Init_unsafe CC_SHA1_Init
# define platform_SHA1_Update_unsafe CC_SHA1_Update
# define platform_SHA1_Final_unsafe CC_SHA1_Final
#elif defined(SHA1_OPENSSL_UNSAFE)
# define SHA1_UNSAFE_BACKEND "SHA1_OPENSSL_UNSAFE"
# include <openssl/sha.h>
# if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
# define SHA1_NEEDS_CLONE_HELPER_UNSAFE
@ -38,6 +44,7 @@
# define platform_SHA1_Final_unsafe SHA1_Final
# endif
#elif defined(SHA1_BLK_UNSAFE)
# define SHA1_UNSAFE_BACKEND "SHA1_BLK_UNSAFE"
# include "block-sha1/sha1.h"
# define platform_SHA_CTX_unsafe blk_SHA_CTX
# define platform_SHA1_Init_unsafe blk_SHA1_Init
@ -46,17 +53,21 @@
#endif

#if defined(SHA256_NETTLE)
#define SHA256_BACKEND "SHA256_NETTLE"
#include "sha256/nettle.h"
#elif defined(SHA256_GCRYPT)
#define SHA256_BACKEND "SHA256_GCRYPT"
#define SHA256_NEEDS_CLONE_HELPER
#include "sha256/gcrypt.h"
#elif defined(SHA256_OPENSSL)
# define SHA256_BACKEND "SHA256_OPENSSL"
# include <openssl/sha.h>
# if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
# define SHA256_NEEDS_CLONE_HELPER
# include "sha256/openssl.h"
# endif
#else
#define SHA256_BACKEND "SHA256_BLK"
#include "sha256/block/sha256.h"
#endif


7
help.c
View File

@ -9,6 +9,7 @@
#include "run-command.h"
#include "levenshtein.h"
#include "gettext.h"
#include "hash.h"
#include "help.h"
#include "command-list.h"
#include "string-list.h"
@ -803,6 +804,12 @@ void get_version_info(struct strbuf *buf, int show_build_options)
#elif defined ZLIB_VERSION
strbuf_addf(buf, "zlib: %s\n", ZLIB_VERSION);
#endif
strbuf_addf(buf, "SHA-1: %s\n", SHA1_BACKEND);
#if defined SHA1_UNSAFE_BACKEND
strbuf_addf(buf, "non-collision-detecting-SHA-1: %s\n",
SHA1_UNSAFE_BACKEND);
#endif
strbuf_addf(buf, "SHA-256: %s\n", SHA256_BACKEND);
}
}