Skip to content

Commit c4bc97a

Browse files
miss-islingtonmsprotz
miss-islington
and
msprotz
authored
[3.12] gh-99108: Refresh HACL* (GH-104808) (#104893)
gh-99108: Refresh HACL* (GH-104808) Refresh HACL* from upstream to improve SHA2 performance and fix a 32-bit issue in SHA3. (cherry picked from commit 160321e) Co-authored-by: Jonathan Protzenko <[email protected]>
1 parent b670214 commit c4bc97a

18 files changed

+225
-149
lines changed

Makefile.pre.in

+7-7
Original file line numberDiff line numberDiff line change
@@ -208,7 +208,7 @@ ENSUREPIP= @ENSUREPIP@
208208
# Internal static libraries
209209
LIBMPDEC_A= Modules/_decimal/libmpdec/libmpdec.a
210210
LIBEXPAT_A= Modules/expat/libexpat.a
211-
LIBHACL_SHA2_A= Modules/_hacl/libHacl_Streaming_SHA2.a
211+
LIBHACL_SHA2_A= Modules/_hacl/libHacl_Hash_SHA2.a
212212

213213
# Module state, compiler flags and linker flags
214214
# Empty CFLAGS and LDFLAGS are omitted.
@@ -583,7 +583,7 @@ LIBEXPAT_HEADERS= \
583583
# hashlib's HACL* library
584584

585585
LIBHACL_SHA2_OBJS= \
586-
Modules/_hacl/Hacl_Streaming_SHA2.o
586+
Modules/_hacl/Hacl_Hash_SHA2.o
587587

588588
LIBHACL_HEADERS= \
589589
Modules/_hacl/include/krml/FStar_UInt128_Verified.h \
@@ -596,8 +596,8 @@ LIBHACL_HEADERS= \
596596
Modules/_hacl/python_hacl_namespaces.h
597597

598598
LIBHACL_SHA2_HEADERS= \
599-
Modules/_hacl/Hacl_Streaming_SHA2.h \
600-
Modules/_hacl/internal/Hacl_SHA2_Generic.h \
599+
Modules/_hacl/Hacl_Hash_SHA2.h \
600+
Modules/_hacl/internal/Hacl_Hash_SHA2.h \
601601
$(LIBHACL_HEADERS)
602602

603603
#########################################################################
@@ -964,11 +964,11 @@ $(LIBEXPAT_A): $(LIBEXPAT_OBJS)
964964
$(AR) $(ARFLAGS) $@ $(LIBEXPAT_OBJS)
965965

966966
##########################################################################
967-
# Build HACL* static libraries for hashlib: libHacl_Streaming_SHA2.a
967+
# Build HACL* static libraries for hashlib: libHacl_Hash_SHA2.a
968968
LIBHACL_CFLAGS=-I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)
969969

970-
Modules/_hacl/Hacl_Streaming_SHA2.o: $(srcdir)/Modules/_hacl/Hacl_Streaming_SHA2.c $(LIBHACL_SHA2_HEADERS)
971-
$(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Streaming_SHA2.c
970+
Modules/_hacl/Hacl_Hash_SHA2.o: $(srcdir)/Modules/_hacl/Hacl_Hash_SHA2.c $(LIBHACL_SHA2_HEADERS)
971+
$(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_SHA2.c
972972

973973
$(LIBHACL_SHA2_A): $(LIBHACL_SHA2_OBJS)
974974
-rm -f $@

Misc/NEWS.d/next/Security/2023-05-24-09-29-08.gh-issue-99108.hwS2cr.rst

+2
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
Refresh our new HACL* built-in :mod:`hashlib` code from upstream. Built-in
2+
SHA2 should be faster and an issue with SHA3 on 32-bit platforms is fixed.

Modules/Setup

+1-1
Original file line numberDiff line numberDiff line change
@@ -165,7 +165,7 @@ PYTHONPATH=$(COREPYTHONPATH)
165165
#_blake2 _blake2/blake2module.c _blake2/blake2b_impl.c _blake2/blake2s_impl.c
166166
#_md5 md5module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_MD5.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
167167
#_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA1.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
168-
#_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Streaming_SHA2.a
168+
#_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a
169169
#_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA3.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
170170

171171
# text encodings and unicode

Modules/Setup.stdlib.in

+1-1
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@
7878
# hashing builtins, can be disabled with --without-builtin-hashlib-hashes
7979
@MODULE__MD5_TRUE@_md5 md5module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_MD5.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
8080
@MODULE__SHA1_TRUE@_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA1.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
81-
@MODULE__SHA2_TRUE@_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Streaming_SHA2.a
81+
@MODULE__SHA2_TRUE@_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a
8282
@MODULE__SHA3_TRUE@_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA3.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
8383
@MODULE__BLAKE2_TRUE@_blake2 _blake2/blake2module.c _blake2/blake2b_impl.c _blake2/blake2s_impl.c
8484

Modules/_hacl/Hacl_Hash_MD5.c

+3-3
Original file line numberDiff line numberDiff line change
@@ -1227,14 +1227,14 @@ void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s)
12271227
/**
12281228
0 = success, 1 = max length exceeded
12291229
*/
1230-
uint32_t
1230+
Hacl_Streaming_Types_error_code
12311231
Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
12321232
{
12331233
Hacl_Streaming_MD_state_32 s = *p;
12341234
uint64_t total_len = s.total_len;
12351235
if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
12361236
{
1237-
return (uint32_t)1U;
1237+
return Hacl_Streaming_Types_MaximumLengthExceeded;
12381238
}
12391239
uint32_t sz;
12401240
if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
@@ -1399,7 +1399,7 @@ Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, u
13991399
}
14001400
);
14011401
}
1402-
return (uint32_t)0U;
1402+
return Hacl_Streaming_Types_Success;
14031403
}
14041404

14051405
void Hacl_Streaming_MD5_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)

Modules/_hacl/Hacl_Hash_MD5.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ void Hacl_Streaming_MD5_legacy_init(Hacl_Streaming_MD_state_32 *s);
4646
/**
4747
0 = success, 1 = max length exceeded
4848
*/
49-
uint32_t
49+
Hacl_Streaming_Types_error_code
5050
Hacl_Streaming_MD5_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len);
5151

5252
void Hacl_Streaming_MD5_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);

Modules/_hacl/Hacl_Hash_SHA1.c

+3-3
Original file line numberDiff line numberDiff line change
@@ -263,14 +263,14 @@ void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s)
263263
/**
264264
0 = success, 1 = max length exceeded
265265
*/
266-
uint32_t
266+
Hacl_Streaming_Types_error_code
267267
Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len)
268268
{
269269
Hacl_Streaming_MD_state_32 s = *p;
270270
uint64_t total_len = s.total_len;
271271
if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len)
272272
{
273-
return (uint32_t)1U;
273+
return Hacl_Streaming_Types_MaximumLengthExceeded;
274274
}
275275
uint32_t sz;
276276
if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && total_len > (uint64_t)0U)
@@ -435,7 +435,7 @@ Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data,
435435
}
436436
);
437437
}
438-
return (uint32_t)0U;
438+
return Hacl_Streaming_Types_Success;
439439
}
440440

441441
void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst)

Modules/_hacl/Hacl_Hash_SHA1.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ void Hacl_Streaming_SHA1_legacy_init(Hacl_Streaming_MD_state_32 *s);
4646
/**
4747
0 = success, 1 = max length exceeded
4848
*/
49-
uint32_t
49+
Hacl_Streaming_Types_error_code
5050
Hacl_Streaming_SHA1_legacy_update(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len);
5151

5252
void Hacl_Streaming_SHA1_legacy_finish(Hacl_Streaming_MD_state_32 *p, uint8_t *dst);

0 commit comments

Comments
 (0)