Commit 21d751df authored by Ondřej Surý's avatar Ondřej Surý

Remove OpenSSL based SipHash 2-4 implementation

Creation of EVP_MD_CTX and EVP_PKEY is quite expensive, so until we fix the code
to reuse the OpenSSL contexts and keys we'll use our own implementation of
siphash instead of trying to integrate with OpenSSL.
parent e24bc324
......@@ -650,19 +650,6 @@ AC_COMPILE_IFELSE(
AC_MSG_RESULT([yes])],
[AC_MSG_RESULT([no])])
AC_MSG_CHECKING([for SipHash support])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM([[#include <openssl/evp.h>
#include <openssl/opensslv.h>]],
[[#if OPENSSL_VERSION_NUMBER < 0x10101010L
#error OpenSSL >= 1.1.1a required for working SipHash initialization
#endif
EVP_PKEY *key = EVP_PKEY_new_raw_private_key(
EVP_PKEY_SIPHASH, NULL, NULL, 0);]])],
[AC_DEFINE([HAVE_OPENSSL_SIPHASH], [1], [define if OpenSSL supports SipHash])
AC_MSG_RESULT([yes])],
[AC_MSG_RESULT([no])])
#
# Check for OpenSSL SHA-1 support
#
......
......@@ -17,44 +17,6 @@
#include <isc/siphash.h>
#include <isc/util.h>
/*
* Creation of EVP_MD_CTX and EVP_PKEY is quite expensive, until
* we fix the code to reuse the context and key we'll use our own
* implementation of siphash.
*/
#if 0 /* HAVE_OPENSSL_SIPHASH */
#include <openssl/evp.h>
void
isc_siphash24(const uint8_t*k,const uint8_t*in,const size_t inlen,uint8_t*out)
{
REQUIRE(k != NULL);
REQUIRE(out != NULL);
size_t outlen = 8;
EVP_PKEY_CTX*pctx = NULL;
EVP_MD_CTX*mctx = EVP_MD_CTX_new();
EVP_PKEY*key = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH,NULL,
k,16);
RUNTIME_CHECK(mctx != NULL);
RUNTIME_CHECK(key != NULL);
RUNTIME_CHECK(EVP_DigestSignInit(mctx,&pctx,NULL,NULL,key) == 1);
RUNTIME_CHECK(EVP_PKEY_CTX_ctrl(pctx,EVP_PKEY_SIPHASH,
EVP_PKEY_OP_SIGNCTX,
EVP_PKEY_CTRL_SET_DIGEST_SIZE,outlen,
NULL) == 1);
RUNTIME_CHECK(EVP_DigestSignUpdate(mctx,in,inlen) == 1);
RUNTIME_CHECK(EVP_DigestSignFinal(mctx,out,&outlen) == 1);
ENSURE(outlen == 8);
EVP_PKEY_free(key);
EVP_MD_CTX_free(mctx);
}
#else /* HAVE_OPENSSL_SIPHASH */
/*
* The implementation is based on SipHash reference C implementation by
*
......@@ -185,4 +147,3 @@ isc_siphash24(const uint8_t *k, const uint8_t *in, const size_t inlen,
U64TO8_LE(out, b);
}
#endif /* HAVE_OPENSSL_SIPHASH */
......@@ -22,32 +22,7 @@
#include <isc/siphash.h>
void
native_isc_siphash24(const uint8_t *, const uint8_t *, const size_t, uint8_t *);
#if HAVE_OPENSSL_SIPHASH
void
openssl_isc_siphash24(const uint8_t *, const uint8_t *, const size_t,
uint8_t *);
#undef HAVE_OPENSSL_SIPHASH
#define isc_siphash24 native_isc_siphash24
#include "../siphash.c"
#undef isc_siphash24
#define HAVE_OPENSSL_SIPHASH 1
#define isc_siphash24 openssl_isc_siphash24
#include "../siphash.c"
#undef isc_siphash24
#else /* if HAVE_OPENSSL_SIPHASH */
#define isc_siphash24 native_isc_siphash24
#include "../siphash.c"
#undef isc_siphash24
#endif /* if HAVE_OPENSSL_SIPHASH */
const uint8_t vectors[64][8] = {
{
......@@ -692,36 +667,18 @@ const uint8_t vectors[64][8] = {
},
};
#if HAVE_OPENSSL_SIPHASH
static void
openssl_isc_siphash24_test(void **state) {
UNUSED(state);
uint8_t in[64], out[8], key[16];
for (int i = 0; i < 16; i++) {
key[i] = i;
}
for (int i = 0; i < 64; i++) {
in[i] = i;
openssl_isc_siphash24(key, in, i, out);
assert_memory_equal(out, vectors[i], 8);
}
}
#endif /* if HAVE_OPENSSL_SIPHASH */
static void
native_isc_siphash24_test(void **state) {
isc_siphash24_test(void **state) {
UNUSED(state);
uint8_t in[64], out[8], key[16];
for (int i = 0; i < 16; i++) {
for (size_t i = 0; i < ARRAY_SIZE(key); i++) {
key[i] = i;
}
for (int i = 0; i < 64; i++) {
for (size_t i = 0; i < ARRAY_SIZE(in); i++) {
in[i] = i;
native_isc_siphash24(key, in, i, out);
isc_siphash24(key, in, i, out);
assert_memory_equal(out, vectors[i], 8);
}
}
......@@ -729,10 +686,7 @@ native_isc_siphash24_test(void **state) {
int
main(void) {
const struct CMUnitTest tests[] = {
#if HAVE_OPENSSL_SIPHASH
cmocka_unit_test(openssl_isc_siphash24_test),
#endif /* if HAVE_OPENSSL_SIPHASH */
cmocka_unit_test(native_isc_siphash24_test),
cmocka_unit_test(isc_siphash24_test),
};
return (cmocka_run_group_tests(tests, NULL, NULL));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment