Re: [PATCH] sha1: add gnutls as a sha1 provider

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Shawn,

Shawn Landden wrote:
I think this is preferrable to bringing the assembly routines into the git code-base, as a way of getting access to these high-performance routines to a git available in Debian, Ubuntu, or Fedora (which all use BLK_SHA1=1 due to GPLv2 + OpenSSL license considerations, see Debian Bug #879459).

While it seems like it could be useful to have the choice of using the fast SHA1 implementation without concern about licensing issues, there's a few details I thought were worth mentioning.

Fedora moved from OpenSSL SHA1 to BLK_SHA1 to reduce the size of the binaries and dependencies, not due to licensing issues (Fedora considers OpenSSL a system library and allows linking GPLv2 code).

Fedora now uses the default DC_SHA1 (the collision-detecting SHA1 implementation). DC_SHA1 is not, as far as I know, as fast as the OpenSSL/GnuTLS SHA1, but it's safer given the increasingly successful attacks against SHA1. I don't envision changing that to gain performance. (And, of course, the speed of SHA1 should become less of an issue once git moves to a new, stronger hash.)

It looks like the Debian packages use the default DC_SHA1 implementation as well. Regardless of the licensing concerns regarding OpenSSL in Debian, I suspect they'll want to use the default, collision-detecting SHA1 implementation. That doesn't mean a patch to add the option of GnuTLS isn't useful though.

Fedora does link with OpenSSL's libcrypto and libssl in Fedora for the remote-curl helpers and imap-send. I believe the remote-curl helpers just link with curl, which happens to use OpenSSL on Fedora and could use GnuTLS instead. The imap-send command might also use curl and whatever crypto library curl is built with too, but I'm not terribly familiar with imap-send. (I think those are the only uses of libcrypto or libssl in Fedora's packages, but I could be mistaken).

That's a lot of text without having anything to say about the actual patch. Hopefully it's at least mildly useful to you or others. :)

--
Todd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When we remember we are all mad, the mysteries of life disappear and
life stands explained.
   -- Mark Twain




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux