From c3df6fcca47e75767da0b9e5322c46646cdca319 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sun, 24 Jan 2021 22:42:15 +0100 Subject: [PATCH] fix docs about blake2 requirements / origin --- docs/installation.rst | 5 ++--- docs/internals/security.rst | 4 +--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/docs/installation.rst b/docs/installation.rst index 5b5d3dfb22..92f1a15ce6 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -164,7 +164,6 @@ following dependencies first: - liblz4_ >= 1.7.0 (r129) - libzstd_ >= 1.3.0 - - libb2_ >= 0.98.1 (older do not have pkg-config support) * pkg-config (cli tool) and pkgconfig python package (borg uses these to discover header and library location - if it can't import pkgconfig and is not pointed to header/library locations via env vars [see setup.py], @@ -198,7 +197,7 @@ Install the dependencies with development headers:: sudo apt-get install python3 python3-dev python3-pip python3-virtualenv \ libacl1-dev libacl1 \ - libssl-dev libb2-dev \ + libssl-dev \ liblz4-dev libzstd-dev \ build-essential \ pkg-config python3-pkgconfig @@ -216,7 +215,7 @@ Install the dependencies with development headers:: sudo dnf install python3 python3-devel python3-pip python3-virtualenv \ libacl-devel libacl \ - openssl-devel libb2-devel \ + openssl-devel \ lz4-devel libzstd-devel \ pkgconf python3-pkgconfig sudo dnf install gcc gcc-c++ redhat-rpm-config diff --git a/docs/internals/security.rst b/docs/internals/security.rst index d0c5bd1e35..3f79e66bd7 100644 --- a/docs/internals/security.rst +++ b/docs/internals/security.rst @@ -265,15 +265,13 @@ on widely used libraries providing them: We think this is not an additional risk, since we don't ever use OpenSSL's networking, TLS or X.509 code, but only their primitives implemented in libcrypto. -- SHA-256 and SHA-512 from Python's hashlib_ standard library module are used. +- SHA-256, SHA-512 and BLAKE2b from Python's hashlib_ standard library module are used. Borg requires a Python built with OpenSSL support (due to PBKDF2), therefore these functions are delegated to OpenSSL by Python. - HMAC, PBKDF2 and a constant-time comparison from Python's hmac_ standard library module is used. While the HMAC implementation is written in Python, the PBKDF2 implementation is provided by OpenSSL. The constant-time comparison (``compare_digest``) is written in C and part of Python. -- BLAKE2b is either provided by the system's libb2, an official implementation, - or a bundled copy of the BLAKE2 reference implementation (written in C). Implemented cryptographic constructions are: