Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
16 check-ins using file src/main.c version 4624a1efda
|
2011-10-04
| ||
| 14:34 | Rename constant_time_eq to constant_time_cmp to better indicate that these functions return 0 when values are equal, like memcmp, strcmp, etc., not truth, to avoid possible mistakes. check-in: d244c484e7 user: dmitry tags: dmitry-security | |
| 14:28 |
Revert the previous change after thinking more about it.
Login cards in the sync protocol have the following format: login userid nonce signature Nonce is SHA-1 of the message that follows this line, signature is SHA-1 of the concatenation of the nonce and user's shared secret. The successful timing attack can reveal only signature for this p... check-in: 13a9a1244c user: dmitry tags: dmitry-security | |
|
2011-10-01
| ||
| 20:50 | Variable used for return value of send(2) must be signed, otherwise error conditions just result in infinite loops. check-in: 5e3519873f user: joerg tags: trunk | |
|
2011-09-30
| ||
| 10:51 | It seems like blob_constant_time_eq() is unnecessary for sync protocol signatures; removed. check-in: 48bcfbd47b user: dmitry tags: dmitry-security | |
| 09:41 | Catch zero length early in blob_constant_time_eq(). check-in: e3d022dffa user: dmitry tags: dmitry-security | |
|
2011-09-29
| ||
| 21:06 | Fix to the previous fix: install function to the correct database. check-in: 3782276da6 user: dmitry tags: dmitry-security | |
| 21:04 | Fix login groups. check-in: 6f29649ef3 user: dmitry tags: dmitry-security | |
| 17:26 | Fix comment. check-in: a0fa120b74 user: dmitry tags: dmitry-security | |
| 17:21 | Protect against timing attacks by using constant-time comparison function to compare passwords and cookies. check-in: 7f110475ec user: dmitry tags: dmitry-security | |
| 14:07 | When creating a manifest, get isExe and isLink bits from filesystem at once instead of doing two stat(2) calls. check-in: 9bfa186be0 user: dmitry tags: trunk | |
| 11:45 | Change file_size() to file_wd_size() in file_is_the_same(). check-in: 13a771ce18 user: dmitry tags: trunk | |
| 11:05 | Cache "manifest" setting in fossil_reserved_name() instead of reading it from the database on every call. This speeds up adding many files. check-in: a369dc7721 user: dmitry tags: trunk | |
|
2011-09-28
| ||
| 11:35 | Use the check-in time as the timestamp for zlib compression on tarballs, os that every tarball for the same check-in is identical. check-in: 3e141b792c user: drh tags: trunk | |
|
2011-09-27
| ||
| 19:28 | Call file_wd_isdir() in file_mkdir(). check-in: 13120e9620 user: dmitry tags: trunk | |
| 19:15 | Change a few instances of file_isdir() to file_wd_isdir(). check-in: f1329470c0 user: dmitry tags: trunk | |
| 16:34 | Add the --stats option to the rebuild command. check-in: f25e5e53c4 user: drh tags: trunk | |