diff options
| author | fanquake <fanquake@gmail.com> | 2024-04-06 20:37:10 +0100 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2024-04-06 20:45:19 +0100 |
| commit | 0f0e36de5f53f82d31416dc05a24d2885781ce57 (patch) | |
| tree | 1cbb015c57d3db8a3ddeb1c5a997a04c4f651737 /configure.ac | |
| parent | b5d21182e5a66110ce2796c2c99da39c8ebf0d72 (diff) | |
| parent | 2d1819455cb4c516f6cdf81c11e869a23dee3e6b (diff) | |
Merge bitcoin/bitcoin#29815: crypto: chacha20: always use our fallback timingsafe_bcmp rather than libc's
2d1819455cb4c516f6cdf81c11e869a23dee3e6b crypto: chacha20: always use our fallback timingsafe_bcmp rather than libc's (Cory Fields)
Pull request description:
Looking at libc sources, apple and openbsd implementations match our naive fallback. Only FreeBSD (and only x86_64) seems to [implement an optimized version](https://github.com/freebsd/freebsd-src/blob/main/lib/libc/amd64/string/timingsafe_bcmp.S).
It's not worth the hassle of using a platform-specific function for such little gain.
Additionally, as mentioned below, this is the only case outside of sha2 that requires an autoconf check, and I have upcoming PRs to remove the sha2 ones.
Apple's [impl is unoptimized](https://opensource.apple.com/source/Libc/Libc-1244.1.7/string/FreeBSD/timingsafe_bcmp.c.auto.html).
As-is [OpenBSD's impl](https://github.com/openbsd/src/blob/master/lib/libc/string/timingsafe_bcmp.c).
Relevant IRC conversation with sipa:
> \<cfields\> sipa: chacha20poly1305.cpp uses libc's timingsafe_bcmp when possible. But looking around at apple/freebsd/openbsd, I don't see any impl that doesn't use the naive implementation that matches our fallback...
> \<cfields\> is there any reason to belive there's an optimized impl somewhere that we're actually hitting?
> \<cfields\> asking because after cleaning up sha2, timingsafe_bcmp is the last autoconf check that remains in all of crypto. It'd make life easy if we could just always use our internal one.
> \<cfields\> *all of crypto/
> \<sipa\> cfields: let's get rid of the dependency then
> \<sipa\> it's a trivial function
> \<sipa\> and if we need it for some platforms, no real reason not to use it on all
After the above discusstion, I did end up finding the x86_64-optimized FreeBSD impl, but I don't think that's all that significant.
ACKs for top commit:
sipa:
utACK 2d1819455cb4c516f6cdf81c11e869a23dee3e6b
fanquake:
ACK 2d1819455cb4c516f6cdf81c11e869a23dee3e6b
TheCharlatan:
ACK 2d1819455cb4c516f6cdf81c11e869a23dee3e6b
theStack:
ACK 2d1819455cb4c516f6cdf81c11e869a23dee3e6b
Tree-SHA512: b9583e19ac2f77c5d572aa5b95bc4b53669d5717e5708babef930644980de7c5d06a9c7decd5c2b559d70b8597328ecfe513375e3d8c3ef523db80012dfe9266
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index ba7e0dea82..d8b7159e27 100644 --- a/configure.ac +++ b/configure.ac @@ -968,8 +968,6 @@ AC_CHECK_DECLS([setsid]) AC_CHECK_DECLS([pipe2]) -AC_CHECK_FUNCS([timingsafe_bcmp]) - AC_MSG_CHECKING([for __builtin_clzl]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]], [[ (void) __builtin_clzl(0); |