diff options
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | blake2-impl.h | 17 | ||||
-rw-r--r-- | blake2b-ref.c | 11 | ||||
-rw-r--r-- | librsync.h | 65 | ||||
-rw-r--r-- | mksum.c | 4 | ||||
-rw-r--r-- | rdiff.c | 4 | ||||
-rw-r--r-- | whole.c | 5 |
8 files changed, 81 insertions, 33 deletions
@@ -1,4 +1,4 @@ -Changes in 1.0.0 (not yet released) +Changes in librsync 1.0.0 (2015-01-23) * SECURITY: CVE-2014-8242: librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically @@ -25,6 +25,8 @@ Changes in 1.0.0 (not yet released) Thanks to Michael Samuel <miknet.net> for reporting this and offering an initial patch. + * Various build fixes, thanks Timothy Gu. + * Improved rdiff man page from Debian. * Improved librsync.spec file for building RPMs. @@ -25,6 +25,10 @@ librsync is distributed under the GNU LGPL v2.1 (see COPYING), which basically means that you can dynamically link librsync into non-GPL programs, but you must redistribute the librsync source, with any modifications you have made. +librsync contains the BLAKE2 hash algorithm, written by Samuel Neves and +released under the CC0 public domain +dedication, <http://creativecommons.org/publicdomain/zero/1.0/>. + ## Contact librsync's home is diff --git a/blake2-impl.h b/blake2-impl.h index 83d2dcb..ceb6f1b 100644 --- a/blake2-impl.h +++ b/blake2-impl.h @@ -10,18 +10,27 @@ You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. */ + +/* This code, but not the algorithm, has been slightly modified for use in + * librsync. + */ + #pragma once #ifndef __BLAKE2_IMPL_H__ #define __BLAKE2_IMPL_H__ #include <stdint.h> +#ifndef WORDS_BIGENDIAN /* from librsync config.h */ +# define NATIVE_LITTLE_ENDIAN +#endif /* ndef WORDS_BIGENDIAN */ + static inline uint32_t load32( const void *src ) { #if defined(NATIVE_LITTLE_ENDIAN) - return *( uint32_t * )( src ); + return *( const uint32_t * )( src ); #else - const uint8_t *p = ( uint8_t * )src; + const uint8_t *p = ( const uint8_t * )src; uint32_t w = *p++; w |= ( uint32_t )( *p++ ) << 8; w |= ( uint32_t )( *p++ ) << 16; @@ -33,9 +42,9 @@ static inline uint32_t load32( const void *src ) static inline uint64_t load64( const void *src ) { #if defined(NATIVE_LITTLE_ENDIAN) - return *( uint64_t * )( src ); + return *( const uint64_t * )( src ); #else - const uint8_t *p = ( uint8_t * )src; + const uint8_t *p = ( const uint8_t * )src; uint64_t w = *p++; w |= ( uint64_t )( *p++ ) << 8; w |= ( uint64_t )( *p++ ) << 16; diff --git a/blake2b-ref.c b/blake2b-ref.c index bcf81da..a0a7887 100644 --- a/blake2b-ref.c +++ b/blake2b-ref.c @@ -11,6 +11,11 @@ this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. */ +/* This code, but not the algorithm, has been slightly modified for use in + * librsync. + */ + +#include <config.h> #include <stdint.h> #include <string.h> #include <stdio.h> @@ -149,10 +154,10 @@ static inline int blake2b_init0( blake2b_state *S ) /* init xors IV with input parameter block */ int blake2b_init_param( blake2b_state *S, const blake2b_param *P ) { - blake2b_init0( S ); - uint8_t *p = ( uint8_t * )( P ); + const uint8_t *p = ( const uint8_t * )( P ); size_t i; + blake2b_init0( S ); /* IV XOR ParamBlock */ for( i = 0; i < 8; ++i ) S->h[i] ^= load64( p + sizeof( S->h[i] ) * i ); @@ -356,7 +361,7 @@ int blake2b( uint8_t *out, const void *in, const void *key, const uint8_t outlen if( blake2b_init( S, outlen ) < 0 ) return -1; } - blake2b_update( S, ( uint8_t * )in, inlen ); + blake2b_update( S, ( const uint8_t * )in, inlen ); blake2b_final( S, out, outlen ); return 0; } @@ -1,20 +1,20 @@ /*= -*- c-basic-offset: 4; indent-tabs-mode: nil; -*- * * librsync -- library for network deltas - * - * Copyright 2000, 2001, 2014 by Martin Pool <mbp@sourcefrog.net> - * Copyright (C) 2003 by Donovan Baarda <abo@minkirri.apana.org.au> - * + * + * Copyright 2000, 2001, 2014, 2015 by Martin Pool <mbp@sourcefrog.net> + * Copyright (C) 2003 by Donovan Baarda <abo@minkirri.apana.org.au> + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by * the Free Software Foundation; either version 2.1 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. - * + * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. @@ -85,9 +85,25 @@ typedef enum { */ +/** + * A uint32 magic number, emitted in bigendian/network order at the start of + * librsync files. + **/ typedef enum { + /** A delta file. At present, there's only one delta format. **/ RS_DELTA_MAGIC = 0x72730236, /* r s \2 6 */ + + /** + * A signature file with MD4 signatures. Backward compatible with + * librsync < 1.0, but strongly deprecated because it creates a security + * vulnerability on files containing partly untrusted data. See + * <https://github.com/librsync/librsync/issues/5>. + **/ RS_MD4_SIG_MAGIC = 0x72730136, /* r s \1 6 */ + + /** + * A signature file using the BLAKE2 hash. Supported from librsync 1.0. + **/ RS_BLAKE2_SIG_MAGIC = 0x72730137 /* r s \1 7 */ } rs_magic_number; @@ -144,9 +160,9 @@ typedef enum { RS_RUNNING = 2, /**< Not yet finished or blocked. * This value should never be returned * to the caller. */ - + RS_TEST_SKIPPED = 77, /**< Test neither passed or failed. */ - + RS_IO_ERROR = 100, /**< Error in file or network IO. */ RS_SYNTAX_ERROR = 101, /**< Command line syntax error. */ RS_MEM_ERROR = 102, /**< Out of memory. */ @@ -185,7 +201,7 @@ typedef struct rs_stats { rs_long_t lit_bytes; /**< Number of literal bytes. */ rs_long_t lit_cmdbytes; /**< Number of bytes used in literal * command headers. */ - + rs_long_t copy_cmds, copy_bytes, copy_cmdbytes; rs_long_t sig_cmds, sig_bytes; int false_matches; @@ -209,11 +225,6 @@ typedef struct rs_stats { */ typedef struct rs_mdfour rs_mdfour_t; -/* Commenting this out deliberately - in case library users - * depend on this size - this could potentially overflow - * buffers now - * #define RS_MD4_LENGTH 16 - */ extern const int RS_MD4_SUM_LENGTH, RS_BLAKE2_SUM_LENGTH; #define RS_MAX_STRONG_SUM_LENGTH 32 @@ -221,7 +232,7 @@ extern const int RS_MD4_SUM_LENGTH, RS_BLAKE2_SUM_LENGTH; typedef unsigned int rs_weak_sum_t; typedef unsigned char rs_strong_sum_t[RS_MAX_STRONG_SUM_LENGTH]; -void rs_mdfour(unsigned char *out, void const *in, size_t); +void rs_mdfour(unsigned char *out, void const *in, size_t); void rs_mdfour_begin(/* @out@ */ rs_mdfour_t * md); void rs_mdfour_update(rs_mdfour_t * md, void const *, size_t n); @@ -341,8 +352,24 @@ rs_result rs_job_free(rs_job_t *); int rs_accum_value(rs_job_t *, char *sum, size_t sum_len); -rs_job_t *rs_sig_begin(size_t new_block_len, size_t strong_sum_len, - rs_long_t sig_magic); +/** + * \brief Start generating a signature. + * + * \return A new rs_job_t into which the old file data can be passed. + * + * \param sig_magic Indicates the version of signature file to generate, + * see rs_magic_number. + * + * \param new_block_len Size of checksum blocks. Larger values make the + * signature shorter, and the delta longer. + * + * \param strong_sum_len If non-zero, truncate the strong signatures to this + * many bytes, to make the signature shorter. It's recommended you leave this + * at zero to get the full strength. + **/ +rs_job_t *rs_sig_begin(size_t new_block_len, + size_t strong_sum_len, + rs_magic_number sig_magic); rs_job_t *rs_delta_begin(rs_signature_t *); @@ -391,8 +418,8 @@ void rs_mdfour_file(FILE *in_file, char *result); rs_result rs_sig_file(FILE *old_file, FILE *sig_file, size_t block_len, size_t strong_len, - rs_long_t sign_magic, - rs_stats_t *); + rs_magic_number sign_magic, + rs_stats_t *); rs_result rs_loadsig_file(FILE *, rs_signature_t **, rs_stats_t *); @@ -2,7 +2,7 @@ * * librsync -- library for network deltas * - * Copyright 1999-2001, 2014 by Martin Pool <mbp@sourcefrog.net> + * Copyright 1999-2001, 2014, 2015 by Martin Pool <mbp@sourcefrog.net> * Copyright (C) 1999 by Andrew Tridgell <tridge@samba.org> * * This program is free software; you can redistribute it and/or modify @@ -147,7 +147,7 @@ rs_sig_s_generate(rs_job_t *job) * \sa rs_sig_file() */ rs_job_t * rs_sig_begin(size_t new_block_len, size_t strong_sum_len, - rs_long_t sig_magic) + rs_magic_number sig_magic) { rs_job_t *job; int native_length; @@ -99,8 +99,8 @@ const struct poptOption opts[] = { { "sum-size", 'S', POPT_ARG_INT, &strong_len }, { "statistics", 's', POPT_ARG_NONE, &show_stats }, { "stats", 0, POPT_ARG_NONE, &show_stats }, - { "gzip", 0, POPT_ARG_NONE, 0, OPT_GZIP }, - { "bzip2", 0, POPT_ARG_NONE, 0, OPT_BZIP2 }, + { "gzip", 'z', POPT_ARG_NONE, 0, OPT_GZIP }, + { "bzip2", 'i', POPT_ARG_NONE, 0, OPT_BZIP2 }, { "paranoia", 0, POPT_ARG_NONE, &rs_roll_paranoia }, { 0 } }; @@ -2,7 +2,7 @@ * * librsync -- the library for network deltas * - * Copyright 2000, 2001, 2014 by Martin Pool <mbp@sourcefrog.net> + * Copyright 2000, 2001, 2014, 2015 by Martin Pool <mbp@sourcefrog.net> * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -106,7 +106,8 @@ rs_whole_run(rs_job_t *job, FILE *in_file, FILE *out_file) */ rs_result rs_sig_file(FILE *old_file, FILE *sig_file, size_t new_block_len, - size_t strong_len, rs_long_t sig_magic, + size_t strong_len, + rs_magic_number sig_magic, rs_stats_t *stats) { rs_job_t *job; |