From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] sha256: add support for Nettle
Date: Wed, 06 Jul 2022 10:45:06 +0200 [thread overview]
Message-ID: <220706.86fsjeaalo.gmgdl@evledraar.gmail.com> (raw)
In-Reply-To: <20220705230518.713218-1-sandals@crustytoothpaste.net>
On Tue, Jul 05 2022, brian m. carlson wrote:
Do any of those security issues in libcrypt have to do with the narrow
"hash stuff" part of the API we're using?
> Let's add another option that's compatible with the GPLv2, which is
> Nettle. It also has recently gained support for Intel's SHA-NI
> instructions, which compare very favorably to other implementations.
> For example, using this implementation and SHA-1 DC on a machine with
> SHA-NI, hashing a 2 GiB file with SHA-1 takes 7.582 seconds, while
> hashing the same file with SHA-256 takes 2.278 seconds.
Interesting, but as Jeff notes downthread we really should be comparing
the different sha256 backends for speed, i.e. the interesting thing
isn't sha1dc v.s. this sha256 ,but if this sha256 backend in particular
offers performance benefits.
> -#if defined(SHA256_GCRYPT)
> +#if defined(SHA256_NETTLE)
> +#include "sha256/nettle.h"
> +#elif defined(SHA256_GCRYPT)
> #define SHA256_NEEDS_CLONE_HELPER
> #include "sha256/gcrypt.h"
> #elif defined(SHA256_OPENSSL)
> diff --git a/sha256/nettle.h b/sha256/nettle.h
> new file mode 100644
> index 0000000000..9b2845babc
> --- /dev/null
> +++ b/sha256/nettle.h
> @@ -0,0 +1,28 @@
> +#ifndef SHA256_GCRYPT_H
> +#define SHA256_GCRYPT_H
> +
> +#include <nettle/sha2.h>
> +
> +typedef struct sha256_ctx nettle_SHA256_CTX;
> +
> +inline void nettle_SHA256_Init(nettle_SHA256_CTX *ctx)
> +{
> + sha256_init(ctx);
> +}
> +
> +inline void nettle_SHA256_Update(nettle_SHA256_CTX *ctx, const void *data, size_t len)
Needs a line wrap;
> +{
> + sha256_update(ctx, len, data);
> +}
> +
> +inline void nettle_SHA256_Final(unsigned char *digest, nettle_SHA256_CTX *ctx)
> +{
> + sha256_digest(ctx, SHA256_DIGEST_SIZE, digest);
> +}
> +
> +#define platform_SHA256_CTX nettle_SHA256_CTX
> +#define platform_SHA256_Init nettle_SHA256_Init
> +#define platform_SHA256_Update nettle_SHA256_Update
> +#define platform_SHA256_Final nettle_SHA256_Final
> +
> +#endif
Would it be viable / at all sane to embed the part of the library we
need in our sources, similar to what we do for sha1dc? Or perhaps it's
not worth it at all...
next prev parent reply other threads:[~2022-07-06 8:50 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-05 23:05 [PATCH] sha256: add support for Nettle brian m. carlson
2022-07-06 1:00 ` Ramsay Jones
2022-07-06 1:08 ` brian m. carlson
2022-07-06 8:23 ` Jeff King
2022-07-06 8:45 ` Ævar Arnfjörð Bjarmason [this message]
2022-07-06 9:23 ` Jeff King
2022-07-06 10:39 ` brian m. carlson
2022-07-06 17:49 ` Junio C Hamano
2022-07-06 23:05 ` Junio C Hamano
2022-07-07 6:43 ` Junio C Hamano
2022-07-07 16:18 ` Junio C Hamano
2022-07-10 13:29 ` [PATCH v2] " brian m. carlson
2022-07-10 14:41 ` Ævar Arnfjörð Bjarmason
2022-07-10 16:39 ` Junio C Hamano
2022-07-10 20:12 ` brian m. carlson
2022-07-10 20:37 ` Junio C Hamano
2022-08-31 5:34 ` Reza Mahdi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=220706.86fsjeaalo.gmgdl@evledraar.gmail.com \
--to=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).