e81f4d4ec73… — Fossil SCM

M src/main.c

+3

		--- src/main.c
		+++ src/main.c
		@@ -935,10 +935,13 @@
935	935	#if defined(FOSSIL_ENABLE_MINIZ)
936	936	blob_appendf(pOut, "miniz %s, loaded %s\n", MZ_VERSION, mz_version());
937	937	#else
938	938	blob_appendf(pOut, "zlib %s, loaded %s\n", ZLIB_VERSION, zlibVersion());
939	939	#endif
	940	+#if FOSSIL_HARDENED_SHA1
	941	+ blob_appendf(pOut, "hardened-SHA1 by Marc Stevens and Dan Shumow\n");
	942	+#endif
940	943	#if defined(FOSSIL_ENABLE_SSL)
941	944	blob_appendf(pOut, "SSL (%s)\n", SSLeay_version(SSLEAY_VERSION));
942	945	#endif
943	946	#if defined(FOSSIL_HAVE_FUSEFS)
944	947	blob_appendf(pOut, "libfuse %s, loaded %s\n", fusefs_inc_version(),
945	948

	--- src/main.c
	+++ src/main.c
	@@ -935,10 +935,13 @@
935	#if defined(FOSSIL_ENABLE_MINIZ)
936	blob_appendf(pOut, "miniz %s, loaded %s\n", MZ_VERSION, mz_version());
937	#else
938	blob_appendf(pOut, "zlib %s, loaded %s\n", ZLIB_VERSION, zlibVersion());
939	#endif



940	#if defined(FOSSIL_ENABLE_SSL)
941	blob_appendf(pOut, "SSL (%s)\n", SSLeay_version(SSLEAY_VERSION));
942	#endif
943	#if defined(FOSSIL_HAVE_FUSEFS)
944	blob_appendf(pOut, "libfuse %s, loaded %s\n", fusefs_inc_version(),
945

	--- src/main.c
	+++ src/main.c
	@@ -935,10 +935,13 @@
935	#if defined(FOSSIL_ENABLE_MINIZ)
936	blob_appendf(pOut, "miniz %s, loaded %s\n", MZ_VERSION, mz_version());
937	#else
938	blob_appendf(pOut, "zlib %s, loaded %s\n", ZLIB_VERSION, zlibVersion());
939	#endif
940	#if FOSSIL_HARDENED_SHA1
941	blob_appendf(pOut, "hardened-SHA1 by Marc Stevens and Dan Shumow\n");
942	#endif
943	#if defined(FOSSIL_ENABLE_SSL)
944	blob_appendf(pOut, "SSL (%s)\n", SSLeay_version(SSLEAY_VERSION));
945	#endif
946	#if defined(FOSSIL_HAVE_FUSEFS)
947	blob_appendf(pOut, "libfuse %s, loaded %s\n", fusefs_inc_version(),
948

M src/sha1.c

+5 -4

		--- src/sha1.c
		+++ src/sha1.c
		@@ -22,11 +22,11 @@
22	22	#include <stdint.h>
23	23	#include "sha1.h"
24	24
25	25
26	26	/*
27		-** Implementation #1 is the hardened SHA1 implementation by
	27	+** SHA1 Implementation #1 is the hardened SHA1 implementation by
28	28	** Marc Stevens. Code obtained from GitHub
29	29	**
30	30	** https://github.com/cr-marcstevens/sha1collisiondetection
31	31	**
32	32	** Downloaded on 2017-03-01 then repackaged to work with Fossil
		@@ -63,11 +63,11 @@
63	63	#define SHA1Init SHA1DCInit
64	64	#define SHA1Update SHA1DCUpdate
65	65	#define SHA1Final SHA1DCFinal
66	66
67	67	/*
68		-** The second case: use the SHA1 algorithm built into SSL
	68	+** SHA1 Implemenatation #2: use the SHA1 algorithm built into SSL
69	69	*/
70	70	#elif defined(FOSSIL_ENABLE_SSL)
71	71
72	72	# include <openssl/sha.h>
73	73	# define SHA1Context SHA_CTX
		@@ -74,12 +74,13 @@
74	74	# define SHA1Init SHA1_Init
75	75	# define SHA1Update SHA1_Update
76	76	# define SHA1Final SHA1_Final
77	77
78	78	/*
79		-** If none of the previous two SHA1 algorithms work, there
80		-** is this built-in. The built-in below is the original.
	79	+** SHA1 Implemenatation #3: If none of the previous two SHA1
	80	+** algorithms work, there is this built-in. This built-in was the
	81	+** original implementation used by Fossil.
81	82	*/
82	83	#else
83	84	/*
84	85	** The SHA1 implementation below is adapted from:
85	86	**
86	87

	--- src/sha1.c
	+++ src/sha1.c
	@@ -22,11 +22,11 @@
22	#include <stdint.h>
23	#include "sha1.h"
24
25
26	/*
27	** Implementation #1 is the hardened SHA1 implementation by
28	** Marc Stevens. Code obtained from GitHub
29	**
30	** https://github.com/cr-marcstevens/sha1collisiondetection
31	**
32	** Downloaded on 2017-03-01 then repackaged to work with Fossil
	@@ -63,11 +63,11 @@
63	#define SHA1Init SHA1DCInit
64	#define SHA1Update SHA1DCUpdate
65	#define SHA1Final SHA1DCFinal
66
67	/*
68	** The second case: use the SHA1 algorithm built into SSL
69	*/
70	#elif defined(FOSSIL_ENABLE_SSL)
71
72	# include <openssl/sha.h>
73	# define SHA1Context SHA_CTX
	@@ -74,12 +74,13 @@
74	# define SHA1Init SHA1_Init
75	# define SHA1Update SHA1_Update
76	# define SHA1Final SHA1_Final
77
78	/*
79	** If none of the previous two SHA1 algorithms work, there
80	** is this built-in. The built-in below is the original.

81	*/
82	#else
83	/*
84	** The SHA1 implementation below is adapted from:
85	**
86

	--- src/sha1.c
	+++ src/sha1.c
	@@ -22,11 +22,11 @@
22	#include <stdint.h>
23	#include "sha1.h"
24
25
26	/*
27	** SHA1 Implementation #1 is the hardened SHA1 implementation by
28	** Marc Stevens. Code obtained from GitHub
29	**
30	** https://github.com/cr-marcstevens/sha1collisiondetection
31	**
32	** Downloaded on 2017-03-01 then repackaged to work with Fossil
	@@ -63,11 +63,11 @@
63	#define SHA1Init SHA1DCInit
64	#define SHA1Update SHA1DCUpdate
65	#define SHA1Final SHA1DCFinal
66
67	/*
68	** SHA1 Implemenatation #2: use the SHA1 algorithm built into SSL
69	*/
70	#elif defined(FOSSIL_ENABLE_SSL)
71
72	# include <openssl/sha.h>
73	# define SHA1Context SHA_CTX
	@@ -74,12 +74,13 @@
74	# define SHA1Init SHA1_Init
75	# define SHA1Update SHA1_Update
76	# define SHA1Final SHA1_Final
77
78	/*
79	** SHA1 Implemenatation #3: If none of the previous two SHA1
80	** algorithms work, there is this built-in. This built-in was the
81	** original implementation used by Fossil.
82	*/
83	#else
84	/*
85	** The SHA1 implementation below is adapted from:
86	**
87

M src/sha1hard.c

+11 -2

		--- src/sha1hard.c
		+++ src/sha1hard.c
		@@ -1,12 +1,21 @@
1	1	/*
2		-** The code in this file was copied out of
	2	+** The code in this file is the concatination of several files
	3	+** copied out of
3	4	**
4	5	** https://github.com/cr-marcstevens/sha1collisiondetection
5	6	**
6		-** On 2017-03-01, with minor changings in formatting. All
	7	+** The copy was made on 2017-03-01. Some minor formatting changes
	8	+** were made but otherwise the code is unchanged. All
7	9	** original copyright claims are preserved.
	10	+**
	11	+** The code here implements a version of the SHA1 hash function that
	12	+** is not vulnerable to crypto-analysis based attacks. If an input
	13	+** is detected that looks like it might have been the result of a
	14	+** crypto-analysis attack, then the hash is perturbed to generate a
	15	+** completely different hash. The authors claim that the chance of
	16	+** a false-positive is vanishingly small.
8	17	*/
9	18	/MAKEHEADERS-STOP/
10	19	#include "config.h"
11	20	#if FOSSIL_HARDENED_SHA1 /* Only do this code if requested */
12	21	/************* File: lib/sha1.c **************/
13	22

	--- src/sha1hard.c
	+++ src/sha1hard.c
	@@ -1,12 +1,21 @@
1	/*
2	** The code in this file was copied out of

3	**
4	** https://github.com/cr-marcstevens/sha1collisiondetection
5	**
6	** On 2017-03-01, with minor changings in formatting. All

7	** original copyright claims are preserved.







8	*/
9	/MAKEHEADERS-STOP/
10	#include "config.h"
11	#if FOSSIL_HARDENED_SHA1 /* Only do this code if requested */
12	/************* File: lib/sha1.c **************/
13

	--- src/sha1hard.c
	+++ src/sha1hard.c
	@@ -1,12 +1,21 @@
1	/*
2	** The code in this file is the concatination of several files
3	** copied out of
4	**
5	** https://github.com/cr-marcstevens/sha1collisiondetection
6	**
7	** The copy was made on 2017-03-01. Some minor formatting changes
8	** were made but otherwise the code is unchanged. All
9	** original copyright claims are preserved.
10	**
11	** The code here implements a version of the SHA1 hash function that
12	** is not vulnerable to crypto-analysis based attacks. If an input
13	** is detected that looks like it might have been the result of a
14	** crypto-analysis attack, then the hash is perturbed to generate a
15	** completely different hash. The authors claim that the chance of
16	** a false-positive is vanishingly small.
17	*/
18	/MAKEHEADERS-STOP/
19	#include "config.h"
20	#if FOSSIL_HARDENED_SHA1 /* Only do this code if requested */
21	/************* File: lib/sha1.c **************/
22

Fossil SCM