Makefile: Build Git with non-collision-detecting SHA1 (!7575) · Merge requests · GitLab.org / Gitaly

Merged Justin Tobler requested to merge jt/git-sha1-no-dc into master 1 month ago

Jan 28, 2025

Makefile: Build Git with non-collision-detecting SHA1 · 8e9d4424

Justin Tobler authored 1 month ago

By default, Git uses SHA1DC for all SHA1 hashing operations. This
implementation includes collision detection to protect against collision
attacks, but comes with a performance penalty. Not all hashing
operations performed by Git are vulnerable to collision attacks though.

In Git version 2.47.0, Git can be built with `OPENSSL_SHA1_UNSAFE` set
to use a non-collision-detecting SHA1 implementation in
non-cryptographic scenarios. This improves performance without
compromising security.

Update the Gitaly Makefile to build the bundled Git v2.48 with this
option set.

8e9d4424

Makefile: Build Git with non-collision-detecting SHA1

Merge request reports

Activity