Port Ganeti.Hash to cryptonite #1405
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apoikos
force-pushed
the
feature/cryptonite
branch
2 times, most recently
from
31da7cf
to
eac268e
Compare
|
@iliastsi kindly pointed out that this is actually due to Crypto assuming accumArray to be lazy. Consensus is that it's rather unlikely to be fixed in Crypto. |
|
Apollon, thank you for pushing the ball forward on ganeti maintenance. |
|
@dannyman you're welcome :) |
apoikos
force-pushed
the
feature/cryptonite
branch
from
eac268e
to
cf94398
Compare
There's a bug exposed by the combination of Crypto and GHC 8.6 that results in an endless loop[1], caused by GHC 8.6 changing accumArray from lazy to strict. The endless loop can be reproduced as follows: Prelude> :m +Data.HMAC Prelude Data.HMAC> hmac_sha1 [] [] Unfortunately Crypto was last updated in 2012 and seems to be largely unmaintained, so at this point it's probably a good idea to switch our HMAC implementation over to cryptonite, which is the de facto standard for crypto in Haskell these days. [1] https://gitlab.haskell.org/ghc/ghc/issues/16406 Signed-off-by: Apollon Oikonomopoulos <apoikos@dmesg.gr>
apoikos
force-pushed
the
feature/cryptonite
branch
from
cf94398
to
6d9c9e1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Crypto has not been updated since 2012, and it currently seems to bebroken with GHC 8.6;
hmac_sha1 [] []gets caught in an endless loop accumulating over an array. Rather than try to fix it, I think it's a good idea to port the HMAC implementation to cryptonite, which is thede-facto standard for crypto in Haskell these days.Re-implement computeMac using cryptonite, while keeping the high-levelAPI intact.