git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Fri, 29 May 2020 22:00:50 +0000 (00:00 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Thu, 25 Jun 2020 13:01:45 +0000 (15:01 +0200)
commit	4ce534f4cd950cb22abacdfd4d967b41b890a706
tree	0da9f2465c5b18ce909919724f9a92a466b0d6c0	tree \| snapshot
parent	7851ec66349c7a2074e9f06ebad45669127710e2	commit \| diff

journal: use a different hash function for each journal file

This adds a new (incompatible) feature to journal files: if enabled the
hash function used for the hash tables is no longer jenkins hash with a
zero key, but siphash keyed by the file uuid that is included in the
file header anyway. This should make our hash tables more robust against
collision attacks, as long as the attacker has no read access to the
journal files. We switch from jenkins to siphash simply because it's
more well-known and we standardize for the rest of our codebase onto it.

This is hardening in order to make collision attacks harder for clients
that can forge log messages but have no read access to the logs. It has
no effect on clients that have read access.

src/journal/journal-def.h		diff \| blob \| blame \| history
src/journal/journal-file.c		diff \| blob \| blame \| history
src/journal/journal-file.h		diff \| blob \| blame \| history
src/journal/journal-internal.h		diff \| blob \| blame \| history
src/journal/journal-verify.c		diff \| blob \| blame \| history
src/journal/sd-journal.c		diff \| blob \| blame \| history
src/journal/test-journal-stream.c		diff \| blob \| blame \| history