New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: chacha20: always use our fallback timingsafe_bcmp rather than libc's #29815
Conversation
… libc's Looking at apple/freebsd/openbsd sources, their implementations match our naive fallback. It's not worth the hassle of using a platform-specific function for no gain.
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. |
Ping @sipa for a quick concept ACK. |
utACK 2d18194 |
Concept ACK |
Concept ACK. |
Concept ACK |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 2d18194
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 2d18194
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 2d18194
As a historical side-note, it seems like this function was first introduced for OpenSSH (managed in the OpenBSD tree) in 2010, with the name timing_safe_cmp
back then: openbsd/src@8488487#diff-1baa12ad01bad68b45e89594ef3309ad070f9848f764f976e08c435ade846ae5R833
Backport changes from bitcoin#29815.
074fa1c fixup! cmake: Build `bitcoin_crypto` library (Hennadii Stepanov) Pull request description: Backport changes from bitcoin#29815. ACKs for top commit: theuni: utACK 074fa1c Tree-SHA512: 975725ae45eafc666685c0d6ee67dc7600c8b75780d80f9c4e917bf19bc01507c3f9db51c1cd96edbe369c9a5429f66b04e1a9c5700a3e952bcdab332abcace8
Looking at libc sources, apple and openbsd implementations match our naive fallback. Only FreeBSD (and only x86_64) seems to implement an optimized version.
It's not worth the hassle of using a platform-specific function for such little gain.
Additionally, as mentioned below, this is the only case outside of sha2 that requires an autoconf check, and I have upcoming PRs to remove the sha2 ones.
Apple's impl is unoptimized.
As-is OpenBSD's impl.
Relevant IRC conversation with sipa:
After the above discusstion, I did end up finding the x86_64-optimized FreeBSD impl, but I don't think that's all that significant.