summaryrefslogtreecommitdiffstats
path: root/Modules/_hacl
Commit message (Collapse)AuthorAgeFilesLines
* gh-99108: Refresh HACL* (#104808)Jonathan Protzenko2023-05-2411-137/+211
| | | Refresh HACL* from upstream to improve SHA2 performance and fix a 32-bit issue in SHA3.
* gh-99108: Refresh HACL* from upstream (#104401)Jonathan Protzenko2023-05-112-2/+2
| | | Refresh HACL* from upstream and add a SHA3 test hashing over 4GiB of data.
* gh-99108: Replace SHA3 implementation HACL* version (#103597)Jonathan Protzenko2023-05-088-6/+1121
| | | | | | | | | | | Replaces our built-in SHA3 implementation with a verified one from the HACL* project. This implementation is used when OpenSSL does not provide SHA3 or is not present. 3.11 shiped with a very slow tiny sha3 implementation to get off of the <=3.10 reference implementation that wound up having serious bugs. This brings us back to a reasonably performing built-in implementation consistent with what we've just replaced our other guaranteed available standard hash algorithms with: code from the HACL* project. --------- Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-99108: Import MD5 and SHA1 from HACL* (#102089)Jonathan Protzenko2023-02-2214-142/+2425
| | | Replaces our fallback non-OpenSSL MD5 and SHA1 implementations with those from HACL* as we've already done with SHA2.
* gh-99108: Build the hashlib HACL* code as a static library. (#101917)Gregory P. Smith2023-02-141-0/+1
| | | | | | This builds HACL* as a library in one place. A followup to #101707 which broke some WASM builds. This fixes 2/4 of them, but the enscripten toolchain in the others don't deduplicate linker arguments and error out. A follow-on PR will address those.
* gh-99108: Import SHA2-384/512 from HACL* (#101707)Jonathan Protzenko2023-02-149-28/+1209
| | | | | | Replace the builtin hashlib implementations of SHA2-384 and SHA2-512 originally from LibTomCrypt with formally verified, side-channel resistant code from the [HACL*](https://github.com/hacl-star/hacl-star/) project. The builtins remain a fallback only used when OpenSSL does not provide them.
* gh-99108: Replace SHA2-224 & 256 with verified code from HACL* (#99109)Jonathan Protzenko2023-02-079-0/+1699
replacing hashlib primitives (for the non-OpenSSL case) with verified implementations from HACL*. This is the first PR in the series, and focuses specifically on SHA2-256 and SHA2-224. This PR imports Hacl_Streaming_SHA2 into the Python tree. This is the HACL* implementation of SHA2, which combines a core implementation of SHA2 along with a layer of buffer management that allows updating the digest with any number of bytes. This supersedes the previous implementation in the tree. @franziskuskiefer was kind enough to benchmark the changes: in addition to being verified (thus providing significant safety and security improvements), this implementation also provides a sizeable performance boost! ``` --------------------------------------------------------------- Benchmark Time CPU Iterations --------------------------------------------------------------- Sha2_256_Streaming 3163 ns 3160 ns 219353 // this PR LibTomCrypt_Sha2_256 5057 ns 5056 ns 136234 // library used by Python currently ``` The changes in this PR are as follows: - import the subset of HACL* that covers SHA2-256/224 into `Modules/_hacl` - rewire sha256module.c to use the HACL* implementation Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
generated by cgit v0.12 at 2024-11-22 23:40:54 (GMT)