On Tue, Jul 05 2022, brian m. carlson wrote: Do any of those security issues in libcrypt have to do with the narrow "hash stuff" part of the API we're using? > Let's add another option that's compatible with the GPLv2, which is > Nettle. It also has recently gained support for Intel's SHA-NI > instructions, which compare very favorably to other implementations. > For example, using this implementation and SHA-1 DC on a machine with > SHA-NI, hashing a 2 GiB file with SHA-1 takes 7.582 seconds, while > hashing the same file with SHA-256 takes 2.278 seconds. Interesting, but as Jeff notes downthread we really should be comparing the different sha256 backends for speed, i.e. the interesting thing isn't sha1dc v.s. this sha256 ,but if this sha256 backend in particular offers performance benefits. > -#if defined(SHA256_GCRYPT) > +#if defined(SHA256_NETTLE) > +#include "sha256/nettle.h" > +#elif defined(SHA256_GCRYPT) > #define SHA256_NEEDS_CLONE_HELPER > #include "sha256/gcrypt.h" > #elif defined(SHA256_OPENSSL) > diff --git a/sha256/nettle.h b/sha256/nettle.h > new file mode 100644 > index 0000000000..9b2845babc > --- /dev/null > +++ b/sha256/nettle.h > @@ -0,0 +1,28 @@ > +#ifndef SHA256_GCRYPT_H > +#define SHA256_GCRYPT_H > + > +#include <nettle/sha2.h> > + > +typedef struct sha256_ctx nettle_SHA256_CTX; > + > +inline void nettle_SHA256_Init(nettle_SHA256_CTX *ctx) > +{ > + sha256_init(ctx); > +} > + > +inline void nettle_SHA256_Update(nettle_SHA256_CTX *ctx, const void *data, size_t len) Needs a line wrap; > +{ > + sha256_update(ctx, len, data); > +} > + > +inline void nettle_SHA256_Final(unsigned char *digest, nettle_SHA256_CTX *ctx) > +{ > + sha256_digest(ctx, SHA256_DIGEST_SIZE, digest); > +} > + > +#define platform_SHA256_CTX nettle_SHA256_CTX > +#define platform_SHA256_Init nettle_SHA256_Init > +#define platform_SHA256_Update nettle_SHA256_Update > +#define platform_SHA256_Final nettle_SHA256_Final > + > +#endif Would it be viable / at all sane to embed the part of the library we need in our sources, similar to what we do for sha1dc? Or perhaps it's not worth it at all...