Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 30 Jun 2012 11:13:50 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: SHA2 added to bleeding

I have added sha2.c and sha2.h and modified a lot of formats, to remove the
oSSL version dependency for SHA224/256/384/512 from JtR.

 

The code has been sent to magnum, it may be a little bit before it is
committed.  It changes a bunch of file names (to get them into the _plug
type formats).  I sent him a patch without the file renames, and a script to
do the renames. That way, he can properly patch git with the existing names,
then make the rename change, and have git 'rename' the file properly within
its repository, and not lose any history.

 

Here are the formats which are not plugins:

 

cryptsha256_fmt_plug.c

cryptsha512_fmt_plug.c

dragonfly3_fmt_plug.c

dragonfly4_fmt_plug.c

drupal7_fmt_plug.c

episerver_fmt_plug.c

hmacSHA224_fmt_plug.c

hmacSHA256_fmt_plug.c

hmacSHA384_fmt_plug.c

hmacSHA512_fmt_plug.c

hmailserver_fmt_plug.c

keepass_fmt_plug.c

pwsafe_fmt_plug.c

rawSHA224_fmt_plug.c

rawSHA256_fmt_plug.c

rawSHA384_fmt_plug.c

rawSHA512_fmt_plug.c

SybaseASE_fmt_plug.c

XSHA512_fmt_plug.c

 

All of these now simply do:   #include "sha2.h"  which includes the sha2.h
file from within JtR's source tree. That header will determine proper
version.  If the oSSL version is large enough, it will use the oSSL files
(or the Crypt files on mac).  If the version is older, then it will define
data structures and functions (and set appropriate #defines to make them
compatible with oSSL names), for the internal sha2 data/functions.

 

The implementation is not ideal yet.  It is about 2 to 10% slower than oSSL
for the 32 bit crypts (224/256) and 50% to 75% slower for the 64 bit crypts
(384/512), on a 32 bit machine.  The dismal speed on the 64 bit crypts on
the 32 bit build is almost certainly due to ROR64.   When I build with VC, I
get about 65% speed, when I build with older gcc, I get about 25-30%.
However, this code will likely be pretty comparable to oSSL when built on a
64 bit system.

 

Anyway, this code (right now), will only be loaded if the oSSL version is
older.

 

Jim.

 

 


Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.