From: Junio C Hamano <gitster@pobox.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: git@vger.kernel.org, "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Subject: Re: [PATCH] sha256: add support for Nettle
Date: Wed, 06 Jul 2022 10:49:29 -0700 [thread overview]
Message-ID: <xmqqedyyi11y.fsf@gitster.g> (raw)
In-Reply-To: <20220705230518.713218-1-sandals@crustytoothpaste.net> (brian m. carlson's message of "Tue, 5 Jul 2022 23:05:18 +0000")
"brian m. carlson" <sandals@crustytoothpaste.net> writes:
> diff --git a/hash.h b/hash.h
> index 5d40368f18..ea87ae9d92 100644
> --- a/hash.h
> +++ b/hash.h
> @@ -16,7 +16,9 @@
> #include "block-sha1/sha1.h"
> #endif
>
> -#if defined(SHA256_GCRYPT)
> +#if defined(SHA256_NETTLE)
> +#include "sha256/nettle.h"
> +#elif defined(SHA256_GCRYPT)
> #define SHA256_NEEDS_CLONE_HELPER
> #include "sha256/gcrypt.h"
> #elif defined(SHA256_OPENSSL)
When it does not make any semantic difference, it is preferrable to
add a new thing after existing things. But this sequence is meant
to list them in the order of preference when multiple choices are
availble, so it is OK to prepend nettle IF our intention is to favor
it over all others.
I am OK with that design choice, and I think the first paragraph of
the proposed log message adequately justifies why, but I'd prefer to
see it a bit more explicitly stated in the log message.
> For SHA-256, we currently have support for OpenSSL and libgcrypt because
> these two libraries contain optimized implementations that can take
> advantage of native processor instructions. However, OpenSSL is not
> suitable for linking against for Linux distros due to licensing
> incompatibilities with the GPLv2, and libgcrypt has been less favored
> by cryptographers due to some security-related implementation issues.
>
> Let's add another option that's compatible with the GPLv2, which is
> Nettle. It also has recently gained support for Intel's SHA-NI
> instructions, which compare very favorably to other implementations.
> For example, using this implementation and SHA-1 DC on a machine with
> SHA-NI, hashing a 2 GiB file with SHA-1 takes 7.582 seconds, while
> hashing the same file with SHA-256 takes 2.278 seconds.
Perhaps "Let's add another option ..., which is Nettle, and give it
preference over all others when multiple libraries are availalble"
or something along that line?
> diff --git a/sha256/nettle.h b/sha256/nettle.h
> new file mode 100644
> index 0000000000..9b2845babc
> --- /dev/null
> +++ b/sha256/nettle.h
> @@ -0,0 +1,28 @@
> +#ifndef SHA256_GCRYPT_H
> +#define SHA256_GCRYPT_H
Not really ;-)
> +
> +#include <nettle/sha2.h>
next prev parent reply other threads:[~2022-07-06 17:49 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-05 23:05 [PATCH] sha256: add support for Nettle brian m. carlson
2022-07-06 1:00 ` Ramsay Jones
2022-07-06 1:08 ` brian m. carlson
2022-07-06 8:23 ` Jeff King
2022-07-06 8:45 ` Ævar Arnfjörð Bjarmason
2022-07-06 9:23 ` Jeff King
2022-07-06 10:39 ` brian m. carlson
2022-07-06 17:49 ` Junio C Hamano [this message]
2022-07-06 23:05 ` Junio C Hamano
2022-07-07 6:43 ` Junio C Hamano
2022-07-07 16:18 ` Junio C Hamano
2022-07-10 13:29 ` [PATCH v2] " brian m. carlson
2022-07-10 14:41 ` Ævar Arnfjörð Bjarmason
2022-07-10 16:39 ` Junio C Hamano
2022-07-10 20:12 ` brian m. carlson
2022-07-10 20:37 ` Junio C Hamano
2022-08-31 5:34 ` Reza Mahdi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqedyyi11y.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).