Arcfour status

2021-02-14 Thread Niels Möller 
I've had a report (from Matthew Kempe) about another problem with the
openssl benchmarking code. It fails on FreeBSD, because there (and
possible in other environments too) openssl has been configured without
RC4 (aka arcfour) support. I'm considering just deleting code to
benchmark openssl arcfour; I don't plan any improvements of Nettle's
arcfour performance, and I would be surprised if the openssl people do.

I do intend to keep arcfour support in Nettle for the foreseeable
future, to support old protocols and applications. But I'm thinking that
maybe the arcfour assembly code could be deleted?

Nettle currently includes arcfour assembly implementations for x86
(32-bit) and sparc (both 32-bit and 64-bit), which as far as I remember
gave a modest speedup when added. But the code hasn't been tuned or
benchmarked recently. And we have nothing for more relevant platforms.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.

___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs

Re: Arcfour status

2021-02-14 Thread Jeffrey Walton 
On Sun, Feb 14, 2021 at 5:36 AM Niels Möller  wrote:
>
> I've had a report (from Matthew Kempe) about another problem with the
> openssl benchmarking code. It fails on FreeBSD, because there (and
> possible in other environments too) openssl has been configured without
> RC4 (aka arcfour) support. I'm considering just deleting code to
> benchmark openssl arcfour; I don't plan any improvements of Nettle's
> arcfour performance, and I would be surprised if the openssl people do.

If you want to retain the support when OpenSSL makes it available...

I think you can pick up RC4 availability via opensslconf.h. If RC4 is
disabled, then OpenSSL will define OPENSSL_NO_RC4. For example, here's
the define from OpenSSL sources:

openssl$ grep -IR NO_RC4 ./*
./apps/rsa.c:#ifndef OPENSSL_NO_RC4
./apps/rsa.c:#ifndef OPENSSL_NO_RC4
./apps/speed.c:#ifndef OPENSSL_NO_RC4
...

And here's what an opensslconf.h looks like:

$ grep OPENSSL_NO /usr/include/openssl/opensslconf.h | head -n 4
#ifndef OPENSSL_NO_COMP
# define OPENSSL_NO_COMP
#ifndef OPENSSL_NO_MD2
# define OPENSSL_NO_MD2

Jeff
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs