Re: [RFC PATCH 10/12] sha256: add an SHA-256 implementation using libgcrypt

2018-08-29 Thread brian m. carlson 
On Wed, Aug 29, 2018 at 10:53:01AM +0200, Ævar Arnfjörð Bjarmason wrote:
> 
> On Wed, Aug 29 2018, brian m. carlson wrote:
> 
> > Generally, one gets better performance out of cryptographic routines
> > written in assembly than C, and this is also true for SHA-256
> 
> It makes sense to have a libgcrypt implementation...
> 
> > In addition, most Linux distributions cannot distribute Git linked
> > against OpenSSL for licensing reasons.
> 
> ...but I'm curious to know what licensing reasons these are, e.g. Debian
> who's usually the most strict about these things distributes git linked
> to OpenSSL:

On my Debian system, that's linked to libgnutls.

The reason is section 3 of the GPLv2 (emphasis mine):

  3. You may copy and distribute the Program (or a work based on it,
  under Section 2) in object code or executable form **under the terms
  of Sections 1 and 2 above** provided that you also do one of the
  following:

  [provide source somehow]

  The source code for a work means the preferred form of the work for
  making modifications to it.  For an executable work, complete source
  code means all the source code for all modules it contains, plus any
  associated interface definition files, plus the scripts used to
  control compilation and installation of the executable.  **However, as
  a special exception, the source code distributed need not include
  anything that is normally distributed (in either source or binary
  form) with the major components (compiler, kernel, and so on) of the
  operating system on which the executable runs, unless that component
  itself accompanies the executable.**

Basically, you can only distribute binary versions of Git under the
terms of the GPLv2, and you have to distribute source for the entire
thing under those terms.  OpenSSL is licensed incompatibly with the
GPLv2, so you can't legally comply with that part, but if you use the
system OpenSSL and don't distribute that OpenSSL with Git, you're
exempt.  This is called the system library exception.

Debian (and Red Hat, and every other Linux distro) ships Git and OpenSSL
side by side on the same mirrors, and hence "that component [OpenSSL]
accompanies the executable."  Consequently, they can't take advantage of
the exception, and must link it to a GPLv2 compatible library.  Debian
uses GnuTLS for libcurl, and Red Hat uses NSS.

A more comprehensive explanation of the whole thing is here:
https://people.gnome.org/~markmc/openssl-and-the-gpl.html
-- 
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204


signature.asc
Description: PGP signature

Re: [RFC PATCH 10/12] sha256: add an SHA-256 implementation using libgcrypt

2018-08-29 Thread Ævar Arnfjörð Bjarmason 


On Wed, Aug 29 2018, brian m. carlson wrote:

> Generally, one gets better performance out of cryptographic routines
> written in assembly than C, and this is also true for SHA-256

It makes sense to have a libgcrypt implementation...

> In addition, most Linux distributions cannot distribute Git linked
> against OpenSSL for licensing reasons.

...but I'm curious to know what licensing reasons these are, e.g. Debian
who's usually the most strict about these things distributes git linked
to OpenSSL:

$ dpkg -S /usr/lib/git-core/git-imap-send; apt policy git 2>/dev/null|grep 
-F '***'; ldd -r /usr/lib/git-core/git-imap-send|grep ssl; uname -m
git: /usr/lib/git-core/git-imap-send
 *** 1:2.19.0~rc1+next.20180828-1 1001
libssl.so.1.0.2 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2 
(0x7fd3cc8bb000)
x86_64
$ dpkg -S /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2
libssl1.0.2:amd64: /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2
$ apt show libssl1.0.2 2>&1 |grep ssl
Package: libssl1.0.2
Source: openssl1.0
Maintainer: Debian OpenSSL Team 
Homepage: https://www.openssl.org

[RFC PATCH 10/12] sha256: add an SHA-256 implementation using libgcrypt

2018-08-28 Thread brian m. carlson 
Generally, one gets better performance out of cryptographic routines
written in assembly than C, and this is also true for SHA-256.  In
addition, most Linux distributions cannot distribute Git linked against
OpenSSL for licensing reasons.

Most systems with GnuPG will also have libgcrypt, since it is a
dependency of GnuPG.  libgcrypt is also faster than the SHA1DC
implementation for messages of a few KiB and larger. It is licensed
under the LGPL 2.1, which is compatible with the GPL.

Add an implementation of SHA-256 that uses libgcrypt.

Signed-off-by: brian m. carlson 
---
 Makefile| 13 +++--
 hash.h  |  4 
 sha256/gcrypt.h | 30 ++
 3 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 sha256/gcrypt.h

diff --git a/Makefile b/Makefile
index 624d852e79..86867af083 100644
--- a/Makefile
+++ b/Makefile
@@ -179,6 +179,10 @@ all::
 # in one call to the platform's SHA1_Update(). e.g. APPLE_COMMON_CRYPTO
 # wants 'SHA1_MAX_BLOCK_SIZE=1024L*1024L*1024L' defined.
 #
+# Define BLK_SHA256 to use the built-in SHA-256 routines.
+#
+# Define GCRYPT_SHA256 to use the SHA-256 routines in libgcrypt.
+#
 # Define NEEDS_CRYPTO_WITH_SSL if you need -lcrypto when using -lssl (Darwin).
 #
 # Define NEEDS_SSL_WITH_CRYPTO if you need -lssl when using -lcrypto (Darwin).
@@ -1624,8 +1628,13 @@ endif
 endif
 endif
 
-LIB_OBJS += sha256/block/sha256.o
-BASIC_CFLAGS += -DSHA256_BLK
+ifdef GCRYPT_SHA256
+   BASIC_CFLAGS += -DSHA256_GCRYPT
+   EXTLIBS += -lgcrypt
+else
+   LIB_OBJS += sha256/block/sha256.o
+   BASIC_CFLAGS += -DSHA256_BLK
+endif
 
 ifdef SHA1_MAX_BLOCK_SIZE
LIB_OBJS += compat/sha1-chunked.o
diff --git a/hash.h b/hash.h
index 88d18896d7..9df562f2f6 100644
--- a/hash.h
+++ b/hash.h
@@ -15,7 +15,11 @@
 #include "block-sha1/sha1.h"
 #endif
 
+#if defined(SHA256_GCRYPT)
+#include "sha256/gcrypt.h"
+#else
 #include "sha256/block/sha256.h"
+#endif
 
 #ifndef platform_SHA_CTX
 /*
diff --git a/sha256/gcrypt.h b/sha256/gcrypt.h
new file mode 100644
index 00..09bd8bb200
--- /dev/null
+++ b/sha256/gcrypt.h
@@ -0,0 +1,30 @@
+#ifndef SHA256_GCRYPT_H
+#define SHA256_GCRYPT_H
+
+#include 
+
+#define SHA256_DIGEST_SIZE 32
+
+typedef gcry_md_hd_t gcrypt_SHA256_CTX;
+
+inline void gcrypt_SHA256_Init(gcrypt_SHA256_CTX *ctx)
+{
+   gcry_md_open(ctx, GCRY_MD_SHA256, 0);
+}
+
+inline void gcrypt_SHA256_Update(gcrypt_SHA256_CTX *ctx, const void *data, 
size_t len)
+{
+   gcry_md_write(*ctx, data, len);
+}
+
+inline void gcrypt_SHA256_Final(unsigned char *digest, gcrypt_SHA256_CTX *ctx)
+{
+   memcpy(digest, gcry_md_read(*ctx, GCRY_MD_SHA256), SHA256_DIGEST_SIZE);
+}
+
+#define platform_SHA256_CTX gcrypt_SHA256_CTX
+#define platform_SHA256_Init gcrypt_SHA256_Init
+#define platform_SHA256_Update gcrypt_SHA256_Update
+#define platform_SHA256_Final gcrypt_SHA256_Final
+
+#endif