[PATCH v3] erofs-utils: prefer using OpenSSL for SHA256

Gao Xiang hsiangkao at linux.alibaba.com
Mon Aug 18 18:54:26 AEST 2025 

Since some architectures support hardware or SIMD acceleration.

Signed-off-by: Gao Xiang <hsiangkao at linux.alibaba.com>
---
v3:
 - fix erofsfuse compile error.

 configure.ac     |  1 +
 dump/Makefile.am |  2 +-
 fsck/Makefile.am |  4 ++--
 fuse/Makefile.am |  2 +-
 lib/sha256.c     | 41 +++++++++++++++++++++++++++++++++++++++++
 lib/sha256.h     |  8 ++++++++
 6 files changed, 54 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 7769ac9..6f2421d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -641,6 +641,7 @@ AS_IF([test "x$with_openssl" != "xno"], [
 #include <openssl/hmac.h>
       ]])
     ])
+    AC_CHECK_HEADERS([openssl/evp.h],[],[])
     LIBS="${saved_LIBS}"
     CPPFLAGS="${saved_CPPFLAGS}"], [
     AS_IF([test "x$with_openssl" = "xyes"], [
diff --git a/dump/Makefile.am b/dump/Makefile.am
index 2cf7fe8..c56e19f 100644
--- a/dump/Makefile.am
+++ b/dump/Makefile.am
@@ -8,4 +8,4 @@ dump_erofs_SOURCES = main.c
 dump_erofs_CFLAGS = -Wall -I$(top_srcdir)/include
 dump_erofs_LDADD = $(top_builddir)/lib/liberofs.la ${libselinux_LIBS} \
 	${liblz4_LIBS} ${liblzma_LIBS} ${zlib_LIBS} ${libdeflate_LIBS} \
-	${libzstd_LIBS} ${libqpl_LIBS} ${libxxhash_LIBS}
+	${libzstd_LIBS} ${libqpl_LIBS} ${libxxhash_LIBS} ${openssl_LIBS}
diff --git a/fsck/Makefile.am b/fsck/Makefile.am
index 3b7b591..a1b4623 100644
--- a/fsck/Makefile.am
+++ b/fsck/Makefile.am
@@ -8,7 +8,7 @@ fsck_erofs_SOURCES = main.c
 fsck_erofs_CFLAGS = -Wall -I$(top_srcdir)/include
 fsck_erofs_LDADD = $(top_builddir)/lib/liberofs.la ${libselinux_LIBS} \
 	${liblz4_LIBS} ${liblzma_LIBS} ${zlib_LIBS} ${libdeflate_LIBS} \
-	${libzstd_LIBS} ${libqpl_LIBS} ${libxxhash_LIBS}
+	${libzstd_LIBS} ${libqpl_LIBS} ${libxxhash_LIBS} ${openssl_LIBS}
 
 if ENABLE_FUZZING
 noinst_PROGRAMS   = fuzz_erofsfsck
@@ -17,5 +17,5 @@ fuzz_erofsfsck_CFLAGS = -Wall -I$(top_srcdir)/include -DFUZZING
 fuzz_erofsfsck_LDFLAGS = -fsanitize=address,fuzzer
 fuzz_erofsfsck_LDADD = $(top_builddir)/lib/liberofs.la ${libselinux_LIBS} \
 	${liblz4_LIBS} ${liblzma_LIBS} ${zlib_LIBS} ${libdeflate_LIBS} \
-	${libzstd_LIBS} ${libqpl_LIBS} ${libxxhash_LIBS}
+	${libzstd_LIBS} ${libqpl_LIBS} ${libxxhash_LIBS} ${openssl_LIBS}
 endif
diff --git a/fuse/Makefile.am b/fuse/Makefile.am
index 55fb61f..cddfc7a 100644
--- a/fuse/Makefile.am
+++ b/fuse/Makefile.am
@@ -8,7 +8,7 @@ erofsfuse_CFLAGS = -Wall -I$(top_srcdir)/include
 erofsfuse_CFLAGS += ${libfuse2_CFLAGS} ${libfuse3_CFLAGS} ${libselinux_CFLAGS}
 erofsfuse_LDADD = $(top_builddir)/lib/liberofs.la ${libfuse2_LIBS} ${libfuse3_LIBS} ${liblz4_LIBS} \
 	${libselinux_LIBS} ${liblzma_LIBS} ${zlib_LIBS} ${libdeflate_LIBS} ${libzstd_LIBS} \
-	${libqpl_LIBS} ${libxxhash_LIBS}
+	${libqpl_LIBS} ${libxxhash_LIBS} ${openssl_LIBS}
 
 if ENABLE_STATIC_FUSE
 lib_LTLIBRARIES = liberofsfuse.la
diff --git a/lib/sha256.c b/lib/sha256.c
index 9bb7fbb..1ae5a15 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -7,6 +7,43 @@
 #include "sha256.h"
 #include <string.h>
 
+#ifdef __USE_OPENSSL_SHA256
+void erofs_sha256_init(struct sha256_state *md)
+{
+	int ret;
+
+	md->ctx = EVP_MD_CTX_new();
+	if (!md->ctx)
+		return;
+	ret = EVP_DigestInit(md->ctx, EVP_sha256());
+	DBG_BUGON(ret != 1);
+}
+
+int erofs_sha256_process(struct sha256_state *md,
+		const unsigned char *in, unsigned long inlen)
+{
+	int ret;
+
+	if (!md->ctx)
+		return -1;
+	ret = EVP_DigestUpdate(md->ctx, in, inlen);
+	return (ret == 1) - 1;
+}
+
+int erofs_sha256_done(struct sha256_state *md, unsigned char *out)
+{
+	int ret;
+	unsigned int mdsize;
+
+	if (!md->ctx)
+		return -1;
+	ret = EVP_DigestFinal_ex(md->ctx, out, &mdsize);
+	if (ret != 1)
+		return -1;
+	EVP_MD_CTX_free(md->ctx);
+	return 0;
+}
+#else
 /* This is based on SHA256 implementation in LibTomCrypt that was released into
  * public domain by Tom St Denis. */
 /* the K array */
@@ -186,6 +223,7 @@ int erofs_sha256_done(struct sha256_state *md, unsigned char *out)
 		STORE32H(md->state[i], out + (4 * i));
 	return 0;
 }
+#endif
 
 void erofs_sha256(const unsigned char *in, unsigned long in_size,
 		  unsigned char out[32])
@@ -193,6 +231,9 @@ void erofs_sha256(const unsigned char *in, unsigned long in_size,
 	struct sha256_state md;
 
 	erofs_sha256_init(&md);
+#ifdef __USE_OPENSSL_SHA256
+	EVP_MD_CTX_set_flags(md.ctx, EVP_MD_CTX_FLAG_ONESHOT);
+#endif
 	erofs_sha256_process(&md, in, in_size);
 	erofs_sha256_done(&md, out);
 }
diff --git a/lib/sha256.h b/lib/sha256.h
index dd39970..851b80c 100644
--- a/lib/sha256.h
+++ b/lib/sha256.h
@@ -4,11 +4,19 @@
 
 #include "erofs/defs.h"
 
+#if defined(HAVE_OPENSSL) && defined(HAVE_OPENSSL_EVP_H)
+#include <openssl/evp.h>
+struct sha256_state {
+	EVP_MD_CTX *ctx;
+};
+#define __USE_OPENSSL_SHA256
+#else
 struct sha256_state {
 	u64 length;
 	u32 state[8], curlen;
 	u8 buf[64];
 };
+#endif
 
 void erofs_sha256_init(struct sha256_state *md);
 int erofs_sha256_process(struct sha256_state *md,
-- 
2.43.5

More information about the Linux-erofs mailing list