From: Beat Bolli <dev+git@drbeat.li>
To: "brian m. carlson" <sandals@crustytoothpaste.net>,
Feiyang Xue <hi@fxue.dev>,
git@vger.kernel.org
Subject: Re: [PATCH] Add x64 SHA-NI implementation to sha1 and sha256 in git ?
Date: Sun, 15 Oct 2023 18:37:11 +0200 [thread overview]
Message-ID: <fd59abd6-49a5-4f6a-8d6c-c608cd3350f7@drbeat.li> (raw)
In-Reply-To: <ZSmxFopwJyBGmZY-@tapette.crustytoothpaste.net>
Hi
On 13.10.23 23:05, brian m. carlson wrote:
> On 2023-10-12 at 20:04:47, Feiyang Xue wrote:
>> Looking for comments on if this is a good idea to add SHA-NI option to git,
>> And if so, what'd be a good implementation.
>>
>> The attached patch is more of a proof of concept, using a sha-ni example
>> found on internet and have it tapped into git's "hash-ll.h" when it sees make
>> flags "SHA1_SHANI=1" and/or "SHA256_SHANI=1" for sha1/sha256 respectively.
>>
>> "git hash-object" is about 3-ish times faster for me
>
> You almost certainly don't want to use SHA-1 using native instructions
> because it doesn't detect collisions, unlike the default implementation
> (SHA-1-DC). Since SHA-1 collisions are relatively cheap (less than USD
> 45,000) to make, not detecting collisions would be a security issue
> worthy of a CVE.
>
> It's fine for SHA-256, but see below.
>
>> There are few topics that i'm uncertain about.
>>
>> 1. Is it good idea to have machine-specific asm codes in git. I read there was
>> commit fd1ec82547 which removed assembly implementation for PPC_SHA1. Does that
>> imply maintainers doesn't want machine-specific assembly in source?
>
> I'd prefer we didn't.
>
> Nettle has SHA-NI extensions on systems that support it, and so does
> OpenSSL. OpenSSL can't be used by distros for licensing reasons, but
> Nettle can, and both of those libraries automatically detect the best
> code to use based on the chip. One of those libraries is almost always
> going to be linked into Git at some point because of libcurl anyway.
>
> If we ship the code, then someone has to maintain it, and I don't know
> if we have any assembly experts. We might also have a bug that produced
> incorrect results, which would be pretty disastrous for the affected
> users. It's much better for maintainability if we push that off onto
> the cryptographic library maintainers who are much more competent in
> that regard than I am (I will not speak for others) and let distro
> maintainers simply link the appropriate library, which, as I said above,
> they're already effectively doing.
In addition to all the valid points brian makes, the patch uses a
non-standard assembler (yasm, see http://yasm.tortall.net/) that's not
part of the default GNU toolchain.
Cheers, Beat
next prev parent reply other threads:[~2023-10-15 16:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-12 20:04 [PATCH] Add x64 SHA-NI implementation to sha1 and sha256 in git ? Feiyang Xue
2023-10-13 21:05 ` brian m. carlson
2023-10-14 0:29 ` Junio C Hamano
2023-10-15 16:37 ` Beat Bolli [this message]
2023-10-15 17:30 ` rsbecker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fd59abd6-49a5-4f6a-8d6c-c608cd3350f7@drbeat.li \
--to=dev+git@drbeat.li \
--cc=git@vger.kernel.org \
--cc=hi@fxue.dev \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).