Merge pull request #5647 from ThomasWaldmann/blake2-from-py36

use blake2 from py36

docs/installation.rst

@@ -164,7 +164,6 @@ following dependencies first:
 
   - liblz4_ >= 1.7.0 (r129)
   - libzstd_ >= 1.3.0
-  - libb2_ >= 0.98.1 (older do not have pkg-config support)
 * pkg-config (cli tool) and pkgconfig python package (borg uses these to
   discover header and library location - if it can't import pkgconfig and
   is not pointed to header/library locations via env vars [see setup.py],
@@ -198,7 +197,7 @@ Install the dependencies with development headers::
 
     sudo apt-get install python3 python3-dev python3-pip python3-virtualenv \
     libacl1-dev libacl1 \
-    libssl-dev libb2-dev \
+    libssl-dev \
     liblz4-dev libzstd-dev \
     build-essential \
     pkg-config python3-pkgconfig
@@ -216,7 +215,7 @@ Install the dependencies with development headers::
 
     sudo dnf install python3 python3-devel python3-pip python3-virtualenv \
     libacl-devel libacl \
-    openssl-devel libb2-devel \
+    openssl-devel \
     lz4-devel libzstd-devel \
     pkgconf python3-pkgconfig
     sudo dnf install gcc gcc-c++ redhat-rpm-config

docs/internals/security.rst

@@ -265,15 +265,13 @@ on widely used libraries providing them:
   We think this is not an additional risk, since we don't ever
   use OpenSSL's networking, TLS or X.509 code, but only their
   primitives implemented in libcrypto.
-- SHA-256 and SHA-512 from Python's hashlib_ standard library module are used.
+- SHA-256, SHA-512 and BLAKE2b from Python's hashlib_ standard library module are used.
   Borg requires a Python built with OpenSSL support (due to PBKDF2), therefore
   these functions are delegated to OpenSSL by Python.
 - HMAC, PBKDF2 and a constant-time comparison from Python's hmac_ standard
   library module is used. While the HMAC implementation is written in Python,
   the PBKDF2 implementation is provided by OpenSSL. The constant-time comparison
   (``compare_digest``) is written in C and part of Python.
-- BLAKE2b is either provided by the system's libb2, an official implementation,
-  or a bundled copy of the BLAKE2 reference implementation (written in C).
 
 Implemented cryptographic constructions are:
 

setup.py

@@ -47,10 +47,6 @@
 # needed: openssl >=1.0.2 or >=1.1.0 (or compatible)
 system_prefix_openssl = os.environ.get('BORG_OPENSSL_PREFIX')
 
-# needed: blake2 (>= 0.98.1)
-prefer_system_libb2 = not bool(os.environ.get('BORG_USE_BUNDLED_B2'))
-system_prefix_libb2 = os.environ.get('BORG_LIBB2_PREFIX')
-
 # needed: lz4 (>= 1.7.0 / r129)
 prefer_system_liblz4 = not bool(os.environ.get('BORG_USE_BUNDLED_LZ4'))
 system_prefix_liblz4 = os.environ.get('BORG_LIBLZ4_PREFIX')
@@ -180,7 +176,6 @@ def members_appended(*ds):
     crypto_ext_kwargs = members_appended(
         dict(sources=[crypto_ll_source, crypto_helpers]),
         setup_crypto.crypto_ext_kwargs(pc, system_prefix_openssl),
-        setup_crypto.b2_ext_kwargs(pc, prefer_system_libb2, system_prefix_libb2),
     )
 
     compress_ext_kwargs = members_appended(

setup_crypto.py

@@ -30,36 +30,3 @@ def crypto_ext_kwargs(pc, system_prefix):
         return pc.parse('libcrypto')
 
     raise Exception('Could not find OpenSSL lib/headers, please set BORG_OPENSSL_PREFIX')
-
-
-# b2 files, structure as seen in BLAKE2 (reference implementation) project repository:
-
-# path relative (to this file) to the bundled library source code files
-b2_bundled_path = 'src/borg/algorithms/blake2'
-
-b2_sources = [
-    'ref/blake2b-ref.c',
-]
-
-b2_includes = [
-    'ref',
-]
-
-
-def b2_ext_kwargs(pc, prefer_system, system_prefix):
-    if prefer_system:
-        if system_prefix:
-            print('Detected and preferring libb2 [via BORG_LIBB2_PREFIX]')
-            return dict(include_dirs=[os.path.join(system_prefix, 'include')],
-                        library_dirs=[os.path.join(system_prefix, 'lib')],
-                        libraries=['b2'])
-
-        if pc and pc.installed('libb2', '>= 0.98.1'):
-            print('Detected and preferring libb2 [via pkg-config]')
-            return pc.parse('libb2')
-
-    print('Using bundled BLAKE2')
-    sources = multi_join(b2_sources, b2_bundled_path)
-    include_dirs = multi_join(b2_includes, b2_bundled_path)
-    define_macros = [('BORG_USE_BUNDLED_B2', 'YES')]
-    return dict(sources=sources, include_dirs=include_dirs, define_macros=define_macros)

src/borg/algorithms/__init__.py

@@ -5,7 +5,9 @@
 This package is intended for hash and checksum functions.
 
 Ideally these would be sourced from existing libraries,
-but are frequently not available yet (blake2), are
-available but in poor form (crc32) or don't really
-make sense as a library (xxHash).
+but:
+
+- are frequently not available yet (lz4, zstd),
+- are available but in poor form (crc32), or
+- don't really make sense as a library (xxHash).
 """