Use minio/sha256-simd for accelerated SHA256 (#23052)

minio/sha256-simd provides additional acceleration for SHA256 using
AVX512, SHA Extensions for x86 and ARM64 for ARM.

It provides a drop-in replacement for crypto/sha256 and if the
extensions are not available it falls back to standard crypto/sha256.

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>

go.mod

@@ -76,6 +76,7 @@ require (
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.21
 	github.com/minio/minio-go/v7 v7.0.46
+	github.com/minio/sha256-simd v1.0.0
 	github.com/msteinert/pam v1.1.0
 	github.com/nektos/act v0.0.0
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
@@ -220,7 +221,6 @@ require (
 	github.com/mholt/acmez v1.0.4 // indirect
 	github.com/miekg/dns v1.1.50 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
-	github.com/minio/sha256-simd v1.0.0 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect

models/auth/oauth2.go

@@ -5,7 +5,6 @@ package auth
 
 import (
 	"context"
-	"crypto/sha256"
 	"encoding/base32"
 	"encoding/base64"
 	"fmt"
@@ -18,6 +17,7 @@ import (
 	"code.gitea.io/gitea/modules/util"
 
 	uuid "github.com/google/uuid"
+	"github.com/minio/sha256-simd"
 	"golang.org/x/crypto/bcrypt"
 	"xorm.io/builder"
 	"xorm.io/xorm"

models/auth/twofactor.go

@@ -5,7 +5,6 @@ package auth
 
 import (
 	"crypto/md5"
-	"crypto/sha256"
 	"crypto/subtle"
 	"encoding/base32"
 	"encoding/base64"
@@ -18,6 +17,7 @@ import (
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 
+	"github.com/minio/sha256-simd"
 	"github.com/pquerna/otp/totp"
 	"golang.org/x/crypto/pbkdf2"
 )

models/migrations/base/hash.go

@@ -4,9 +4,9 @@
 package base
 
 import (
-	"crypto/sha256"
 	"encoding/hex"
 
+	"github.com/minio/sha256-simd"
 	"golang.org/x/crypto/pbkdf2"
 )
 

models/migrations/v1_14/v166.go

@@ -4,9 +4,9 @@
 package v1_14 //nolint
 
 import (
-	"crypto/sha256"
 	"encoding/hex"
 
+	"github.com/minio/sha256-simd"
 	"golang.org/x/crypto/argon2"
 	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/crypto/pbkdf2"

modules/auth/password/hash/pbkdf2.go

@@ -4,12 +4,12 @@
 package hash
 
 import (
-	"crypto/sha256"
 	"encoding/hex"
 	"strings"
 
 	"code.gitea.io/gitea/modules/log"
 
+	"github.com/minio/sha256-simd"
 	"golang.org/x/crypto/pbkdf2"
 )
 

modules/avatar/hash.go

@@ -4,9 +4,10 @@
 package avatar
 
 import (
-	"crypto/sha256"
 	"encoding/hex"
 	"strconv"
+
+	"github.com/minio/sha256-simd"
 )
 
 // HashAvatar will generate a unique string, which ensures that when there's a

modules/avatar/identicon/identicon.go

@@ -7,10 +7,11 @@
 package identicon
 
 import (
-	"crypto/sha256"
 	"fmt"
 	"image"
 	"image/color"
+
+	"github.com/minio/sha256-simd"
 )
 
 const minImageSize = 16

modules/base/tool.go

@@ -6,7 +6,6 @@ package base
 import (
 	"crypto/md5"
 	"crypto/sha1"
-	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
@@ -26,6 +25,7 @@ import (
 	"code.gitea.io/gitea/modules/util"
 
 	"github.com/dustin/go-humanize"
+	"github.com/minio/sha256-simd"
 )
 
 // EncodeMD5 encodes string to md5 hex value.

modules/context/context.go

@@ -6,7 +6,6 @@ package context
 
 import (
 	"context"
-	"crypto/sha256"
 	"encoding/hex"
 	"errors"
 	"fmt"
@@ -40,6 +39,7 @@ import (
 	"gitea.com/go-chi/cache"
 	"gitea.com/go-chi/session"
 	chi "github.com/go-chi/chi/v5"
+	"github.com/minio/sha256-simd"
 	"github.com/unrolled/render"
 	"golang.org/x/crypto/pbkdf2"
 )

modules/git/last_commit_cache.go

@@ -4,11 +4,12 @@
 package git
 
 import (
-	"crypto/sha256"
 	"fmt"
 
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/minio/sha256-simd"
 )
 
 // Cache represents a caching interface

modules/lfs/content_store.go

@@ -4,7 +4,6 @@
 package lfs
 
 import (
-	"crypto/sha256"
 	"encoding/hex"
 	"errors"
 	"hash"
@@ -13,6 +12,8 @@ import (
 
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/storage"
+
+	"github.com/minio/sha256-simd"
 )
 
 var (

modules/lfs/pointer.go

@@ -4,7 +4,6 @@
 package lfs
 
 import (
-	"crypto/sha256"
 	"encoding/hex"
 	"errors"
 	"fmt"
@@ -15,6 +14,8 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/modules/log"
+
+	"github.com/minio/sha256-simd"
 )
 
 const (

modules/secret/secret.go

@@ -7,11 +7,12 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
-	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
 	"io"
+
+	"github.com/minio/sha256-simd"
 )
 
 // AesEncrypt encrypts text and given key with AES.

modules/util/keypair_test.go

@@ -7,12 +7,12 @@ import (
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
-	"crypto/sha256"
 	"crypto/x509"
 	"encoding/pem"
 	"regexp"
 	"testing"
 
+	"github.com/minio/sha256-simd"
 	"github.com/stretchr/testify/assert"
 )
 

routers/api/packages/chef/auth.go

@@ -7,7 +7,6 @@ import (
 	"crypto"
 	"crypto/rsa"
 	"crypto/sha1"
-	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
@@ -25,6 +24,8 @@ import (
 	chef_module "code.gitea.io/gitea/modules/packages/chef"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/services/auth"
+
+	"github.com/minio/sha256-simd"
 )
 
 const (

routers/api/packages/maven/maven.go

@@ -6,7 +6,6 @@ package maven
 import (
 	"crypto/md5"
 	"crypto/sha1"
-	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/hex"
 	"encoding/xml"
@@ -27,6 +26,8 @@ import (
 	maven_module "code.gitea.io/gitea/modules/packages/maven"
 	"code.gitea.io/gitea/routers/api/packages/helper"
 	packages_service "code.gitea.io/gitea/services/packages"
+
+	"github.com/minio/sha256-simd"
 )
 
 const (

services/auth/source/oauth2/jwtsigningkey.go

@@ -9,7 +9,6 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
-	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
@@ -25,6 +24,7 @@ import (
 	"code.gitea.io/gitea/modules/util"
 
 	"github.com/golang-jwt/jwt/v4"
+	"github.com/minio/sha256-simd"
 	ini "gopkg.in/ini.v1"
 )
 

services/lfs/server.go

@@ -5,7 +5,6 @@ package lfs
 
 import (
 	stdCtx "context"
-	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
@@ -32,6 +31,7 @@ import (
 	"code.gitea.io/gitea/modules/storage"
 
 	"github.com/golang-jwt/jwt/v4"
+	"github.com/minio/sha256-simd"
 )
 
 // requestContext contain variables from the HTTP request.

services/mailer/token/token.go

@@ -6,13 +6,14 @@ package token
 import (
 	"context"
 	crypto_hmac "crypto/hmac"
-	"crypto/sha256"
 	"encoding/base32"
 	"fmt"
 	"time"
 
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/util"
+
+	"github.com/minio/sha256-simd"
 )
 
 // A token is a verifiable container describing an action.

services/webhook/deliver.go

@@ -7,7 +7,6 @@ import (
 	"context"
 	"crypto/hmac"
 	"crypto/sha1"
-	"crypto/sha256"
 	"crypto/tls"
 	"encoding/hex"
 	"fmt"
@@ -29,6 +28,7 @@ import (
 	webhook_module "code.gitea.io/gitea/modules/webhook"
 
 	"github.com/gobwas/glob"
+	"github.com/minio/sha256-simd"
 )
 
 // Deliver deliver hook task

tests/integration/api_packages_chef_test.go

@@ -11,7 +11,6 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
-	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
@@ -34,6 +33,7 @@ import (
 	chef_router "code.gitea.io/gitea/routers/api/packages/chef"
 	"code.gitea.io/gitea/tests"
 
+	"github.com/minio/sha256-simd"
 	"github.com/stretchr/testify/assert"
 )
 

tests/integration/api_packages_container_test.go

@@ -5,7 +5,6 @@ package integration
 
 import (
 	"bytes"
-	"crypto/sha256"
 	"encoding/base64"
 	"fmt"
 	"net/http"
@@ -24,6 +23,7 @@ import (
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/tests"
 
+	"github.com/minio/sha256-simd"
 	oci "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/stretchr/testify/assert"
 )

tests/integration/api_packages_test.go

@@ -5,7 +5,6 @@ package integration
 
 import (
 	"bytes"
-	"crypto/sha256"
 	"fmt"
 	"net/http"
 	"strings"
@@ -24,6 +23,7 @@ import (
 	packages_cleanup_service "code.gitea.io/gitea/services/packages/cleanup"
 	"code.gitea.io/gitea/tests"
 
+	"github.com/minio/sha256-simd"
 	"github.com/stretchr/testify/assert"
 )