From: Andy Lutomirski Subject: Re: [RFC PATCH 4.10 1/6] crypto/sha256: Refactor the API so it can be used without shash Date: Mon, 26 Dec 2016 10:08:48 -0800 Message-ID: References: <942b91f25a63b22ec4946378a1fffe78d655cf18.1482545792.git.luto@kernel.org> <20161226075757.GA8916@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: Herbert Xu , Andy Lutomirski , Daniel Borkmann , Netdev , LKML , Linux Crypto Mailing List , "Jason A. Donenfeld" , Hannes Frederic Sowa , Alexei Starovoitov , Eric Dumazet , Eric Biggers , Tom Herbert , "David S. Miller" To: Ard Biesheuvel Return-path: In-Reply-To: Sender: netdev-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On Mon, Dec 26, 2016 at 9:51 AM, Ard Biesheuvel wrote: > On 26 December 2016 at 07:57, Herbert Xu wrote: >> On Sat, Dec 24, 2016 at 09:57:53AM -0800, Andy Lutomirski wrote: >>> >>> I actually do use incremental hashing later on. BPF currently >>> vmallocs() a big temporary buffer just so it can fill it and hash it. >>> I change it to hash as it goes. >> >> How much data is this supposed to hash on average? If it's a large >> amount then perhaps using the existing crypto API would be a better >> option than adding this. >> > > This is a good point actually: you didn't explain *why* BPF shouldn't > depend on the crypto API. According to Daniel, the networking folks want to let embedded systems include BPF without requiring the crypto core. At some point, I'd also like to use modern hash functions for module verification. If doing so would require the crypto core to be available when modules are loaded, then the crypto core couldn't be modular. (Although it occurs to me that my patches get that wrong -- if this change happens, I need to split the code so that the library functions can be built in even if CRYPTO=m.) Daniel, would you be okay with BPF selecting CRYPTO and CRYPTO_HASH? Also, as a bikeshed thought: I could call the functions sha256_init_direct(), etc. Then there wouldn't be namespace collisions and the fact that they bypass accelerated drivers would be more obvious. --Andy