| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251112040719.GB2832160@google.com> Date: Wed, 12 Nov 2025 04:07:19 +0000 From: Eric Biggers <ebiggers@...nel.org> To: Stephen Hemminger <stephen@...workplumber.org>, David Ahern <dsahern@...nel.org> Cc: linux-crypto@...r.kernel.org, Ard Biesheuvel <ardb@...nel.org>, netdev@...r.kernel.org, bpf@...r.kernel.org Subject: Re: [PATCH iproute2-next v2] lib/bpf_legacy: Use userspace SHA-1 code instead of AF_ALG [Adding David Ahern. I overlooked that iproute2 has separate maintainers for the main tree and the next tree.] On Mon, Sep 29, 2025 at 12:46:48PM -0700, Eric Biggers wrote: > Add a basic SHA-1 implementation to lib/, and make lib/bpf_legacy.c use > it to calculate SHA-1 digests instead of the previous AF_ALG-based code. > > This eliminates the dependency on AF_ALG, specifically the kernel config > options CONFIG_CRYPTO_USER_API_HASH and CONFIG_CRYPTO_SHA1. > > Over the years AF_ALG has been very problematic, and it is also not > supported on all kernels. Escalating to the kernel's privileged > execution context merely to calculate software algorithms, which can be > done in userspace instead, is not something that should have ever been > supported. Even on kernels that support it, the syscall overhead of > AF_ALG means that it is often slower than userspace code. > > Let's do the right thing here, and allow people to disable AF_ALG > support (or not enable it) on systems where iproute2 is the only user. > > Acked-by: Ard Biesheuvel <ardb@...nel.org> > Signed-off-by: Eric Biggers <ebiggers@...nel.org> Stephen and David, any interest in applying this patch? - Eric
Powered by blists - more mailing lists