Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Indicate the use of hardened-SHA1 in the "fossil version -v" output. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | hardened-sha1 |
| Files: | files | file ages | folders |
| SHA1: |
e81f4d4ec7380048d019a431e8f30236 |
| User & Date: | drh 2017-03-01 21:39:53.636 |
Context
|
2017-03-01
| ||
| 21:42 | Use the hardened SHA1 implemenation by Marc Stevens and Dan Shumow. ... (check-in: 7c29bffcad user: drh tags: trunk) | |
| 21:39 | Indicate the use of hardened-SHA1 in the "fossil version -v" output. ... (Closed-Leaf check-in: e81f4d4ec7 user: drh tags: hardened-sha1) | |
| 21:24 | Make it possible to turn off SHA1 hardening, falling back to the legacy implementations. ... (check-in: 2f87dcf5df user: drh tags: hardened-sha1) | |
Changes
Changes to src/main.c.
| ︙ | ︙ | |||
933 934 935 936 937 938 939 940 941 942 943 944 945 946 |
__DATE__, __TIME__, COMPILER_NAME, sizeof(void*)*8);
blob_appendf(pOut, "Schema version %s\n", AUX_SCHEMA_MAX);
#if defined(FOSSIL_ENABLE_MINIZ)
blob_appendf(pOut, "miniz %s, loaded %s\n", MZ_VERSION, mz_version());
#else
blob_appendf(pOut, "zlib %s, loaded %s\n", ZLIB_VERSION, zlibVersion());
#endif
#if defined(FOSSIL_ENABLE_SSL)
blob_appendf(pOut, "SSL (%s)\n", SSLeay_version(SSLEAY_VERSION));
#endif
#if defined(FOSSIL_HAVE_FUSEFS)
blob_appendf(pOut, "libfuse %s, loaded %s\n", fusefs_inc_version(),
fusefs_lib_version());
#endif
| > > > | 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 |
__DATE__, __TIME__, COMPILER_NAME, sizeof(void*)*8);
blob_appendf(pOut, "Schema version %s\n", AUX_SCHEMA_MAX);
#if defined(FOSSIL_ENABLE_MINIZ)
blob_appendf(pOut, "miniz %s, loaded %s\n", MZ_VERSION, mz_version());
#else
blob_appendf(pOut, "zlib %s, loaded %s\n", ZLIB_VERSION, zlibVersion());
#endif
#if FOSSIL_HARDENED_SHA1
blob_appendf(pOut, "hardened-SHA1 by Marc Stevens and Dan Shumow\n");
#endif
#if defined(FOSSIL_ENABLE_SSL)
blob_appendf(pOut, "SSL (%s)\n", SSLeay_version(SSLEAY_VERSION));
#endif
#if defined(FOSSIL_HAVE_FUSEFS)
blob_appendf(pOut, "libfuse %s, loaded %s\n", fusefs_inc_version(),
fusefs_lib_version());
#endif
|
| ︙ | ︙ |
Changes to src/sha1.c.
| ︙ | ︙ | |||
20 21 22 23 24 25 26 | #include "config.h" #include <sys/types.h> #include <stdint.h> #include "sha1.h" /* | | | 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | #include "config.h" #include <sys/types.h> #include <stdint.h> #include "sha1.h" /* ** SHA1 Implementation #1 is the hardened SHA1 implementation by ** Marc Stevens. Code obtained from GitHub ** ** https://github.com/cr-marcstevens/sha1collisiondetection ** ** Downloaded on 2017-03-01 then repackaged to work with Fossil ** and makeheaders. */ |
| ︙ | ︙ | |||
61 62 63 64 65 66 67 | #define SHA1Context SHA1_CTX #define SHA1Init SHA1DCInit #define SHA1Update SHA1DCUpdate #define SHA1Final SHA1DCFinal /* | | | | > | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 | #define SHA1Context SHA1_CTX #define SHA1Init SHA1DCInit #define SHA1Update SHA1DCUpdate #define SHA1Final SHA1DCFinal /* ** SHA1 Implemenatation #2: use the SHA1 algorithm built into SSL */ #elif defined(FOSSIL_ENABLE_SSL) # include <openssl/sha.h> # define SHA1Context SHA_CTX # define SHA1Init SHA1_Init # define SHA1Update SHA1_Update # define SHA1Final SHA1_Final /* ** SHA1 Implemenatation #3: If none of the previous two SHA1 ** algorithms work, there is this built-in. This built-in was the ** original implementation used by Fossil. */ #else /* ** The SHA1 implementation below is adapted from: ** ** $NetBSD: sha1.c,v 1.6 2009/11/06 20:31:18 joerg Exp $ ** $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ |
| ︙ | ︙ |
Changes to src/sha1hard.c.
1 | /* | | > | > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | /* ** The code in this file is the concatination of several files ** copied out of ** ** https://github.com/cr-marcstevens/sha1collisiondetection ** ** The copy was made on 2017-03-01. Some minor formatting changes ** were made but otherwise the code is unchanged. All ** original copyright claims are preserved. ** ** The code here implements a version of the SHA1 hash function that ** is not vulnerable to crypto-analysis based attacks. If an input ** is detected that looks like it might have been the result of a ** crypto-analysis attack, then the hash is perturbed to generate a ** completely different hash. The authors claim that the chance of ** a false-positive is vanishingly small. */ /*MAKEHEADERS-STOP*/ #include "config.h" #if FOSSIL_HARDENED_SHA1 /* Only do this code if requested */ /*************** File: lib/sha1.c ****************/ /*** * Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com) |
| ︙ | ︙ |