tools/zip/patches/012-make-encrypted-archives-reproducible.patch

   1 From db9165814823401d57383a8f9e82642129cf4223 Mon Sep 17 00:00:00 2001
   2 From: Sungbo Eo <mans0n@gorani.run>
   3 Date: Sat, 12 Feb 2022 16:42:14 +0900
   4 Subject: [PATCH] make encrypted archives reproducible
   5
   6 Zip always try to generate new encryption header depending on execution
   7 time and process id, which is far from being reproducible. This commit
   8 changes the zip srand() seed to a predictable value to generate
   9 reproducible random bytes for the encryption header. This will compromise
  10 the goal of secure archive encryption, but it would not be a big problem
  11 for our purpose.
  12
  13 Signed-off-by: Sungbo Eo <mans0n@gorani.run>
  14 ---
  15  crypt.c   | 8 ++++++--
  16  globals.c | 1 +
  17  zip.h     | 1 +
  18  zipup.c   | 2 +-
  19  4 files changed, 9 insertions(+), 3 deletions(-)
  20
  21 --- a/crypt.c
  22 +++ b/crypt.c
  23 @@ -29,7 +29,6 @@
  24    version without encryption capabilities).
  25   */
  26
  27 -#define ZCRYPT_INTERNAL
  28  #include "zip.h"
  29  #include "crypt.h"
  30  #include "ttyio.h"
  31 @@ -219,7 +218,12 @@ void crypthead(passwd, crc)
  32       * often poorly implemented.
  33       */
  34      if (++calls == 1) {
  35 -        srand((unsigned)time(NULL) ^ ZCR_SEED2);
  36 +        unsigned zcr_seed1 = (unsigned)time(NULL);
  37 +#ifndef ZCRYPT_INTERNAL
  38 +        if (epoch > 0)
  39 +            zcr_seed1 = (unsigned)epoch;
  40 +#endif
  41 +        srand(zcr_seed1 ^ ZCR_SEED2);
  42      }
  43      init_keys(passwd);
  44      for (n = 0; n < RAND_HEAD_LEN-2; n++) {
  45 --- a/globals.c
  46 +++ b/globals.c
  47 @@ -206,6 +206,7 @@ int read_split_archive = 0;       /* 1=s
  48  int split_method = 0;             /* 0=no splits, 1=seekable, 2=data desc, -1=no */
  49  uzoff_t split_size = 0;           /* how big each split should be */
  50  int split_bell = 0;               /* when pause for next split ring bell */
  51 +time_t epoch = 0;                 /* timestamp from SOURCE_DATE_EPOCH */
  52  uzoff_t bytes_prev_splits = 0;    /* total bytes written to all splits before this */
  53  uzoff_t bytes_this_entry = 0;     /* bytes written for this entry across all splits */
  54  int noisy_splits = 0;             /* note when splits are being created */
  55 --- a/zip.h
  56 +++ b/zip.h
  57 @@ -502,6 +502,7 @@ extern uzoff_t bytes_this_split; /* byte
  58  extern int read_split_archive;   /* 1=scanzipf_reg detected spanning signature */
  59  extern int split_method;         /* 0=no splits, 1=seekable, 2=data descs, -1=no */
  60  extern uzoff_t split_size;       /* how big each split should be */
  61 +extern time_t epoch;             /* timestamp from SOURCE_DATE_EPOCH */
  62  extern int split_bell;           /* when pause for next split ring bell */
  63  extern uzoff_t bytes_prev_splits; /* total bytes written to all splits before this */
  64  extern uzoff_t bytes_this_entry; /* bytes written for this entry across all splits */
  65 --- a/zipup.c
  66 +++ b/zipup.c
  67 @@ -676,7 +676,7 @@ struct zlist far *z;    /* zip entry to
  68    } /* strcmp(z->name, "-") == 0 */
  69
  70    if (extra_fields == 0 && (source_date_epoch = getenv("SOURCE_DATE_EPOCH")) != NULL) {
  71 -     time_t epoch = strtoull(source_date_epoch, NULL, 10);
  72 +     epoch = strtoull(source_date_epoch, NULL, 10);
  73       if (epoch > 0) {
  74         ulg epochtim = unix2dostime(&epoch);
  75         if (z->tim > epochtim) z->tim = epochtim;