Re: [PATCH v2 3/5] crypto/net/tcp: Use crypto_pool for TCP-MD5

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jakub Kicinski <kuba@kernel.org>
To: Dmitry Safonov <dima@arista.com>
Cc: linux-kernel@vger.kernel.org, David Ahern <dsahern@kernel.org>,
	Eric Dumazet <edumazet@google.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Andy Lutomirski <luto@amacapital.net>,
	Bob Gilligan <gilligan@arista.com>,
	Dmitry Safonov <0x7f454c46@gmail.com>,
	Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
	Leonard Crestez <cdleonard@gmail.com>,
	Paolo Abeni <pabeni@redhat.com>,
	Salam Noureddine <noureddine@arista.com>,
	netdev@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH v2 3/5] crypto/net/tcp: Use crypto_pool for TCP-MD5
Date: Fri, 6 Jan 2023 18:05:26 -0800	[thread overview]
Message-ID: <20230106180526.6e65b54d@kernel.org> (raw)
In-Reply-To: <20230103184257.118069-4-dima@arista.com>

On Tue,  3 Jan 2023 18:42:55 +0000 Dmitry Safonov wrote:
> Use crypto_pool API that was designed with tcp_md5sig_pool in mind.
> The conversion to use crypto_pool will allow:
> - to reuse ahash_request(s) for different users
> - to allocate only one per-CPU scratch buffer rather than a new one for
>   each user
> - to have a common API for net/ users that need ahash on RX/TX fast path

>  config TCP_MD5SIG
>  	bool "TCP: MD5 Signature Option support (RFC2385)"
> -	select CRYPTO
> +	select CRYPTO_POOL

Are you sure we don't need to select CRYPTO any more?
select does not resolve dependencies.

>  	select CRYPTO_MD5
>  	help
>  	  RFC2385 specifies a method of giving MD5 protection to TCP sessions.

> @@ -749,29 +746,27 @@ static int tcp_v6_md5_hash_skb(char *md5_hash,
>  		daddr = &ip6h->daddr;
>  	}
>  
> -	hp = tcp_get_md5sig_pool();
> -	if (!hp)
> +	if (crypto_pool_get(tcp_md5_crypto_pool_id, (struct crypto_pool *)&hp))

&hp.base ? To avoid the cast

>  		goto clear_hash_noput;
> -	req = hp->md5_req;
>  
> -	if (crypto_ahash_init(req))
> +	if (crypto_ahash_init(hp.req))
>  		goto clear_hash;
>  
> -	if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
> +	if (tcp_v6_md5_hash_headers(&hp, daddr, saddr, th, skb->len))
>  		goto clear_hash;
> -	if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
> +	if (tcp_md5_hash_skb_data(&hp, skb, th->doff << 2))
>  		goto clear_hash;
> -	if (tcp_md5_hash_key(hp, key))
> +	if (tcp_md5_hash_key(&hp, key))
>  		goto clear_hash;
> -	ahash_request_set_crypt(req, NULL, md5_hash, 0);
> -	if (crypto_ahash_final(req))
> +	ahash_request_set_crypt(hp.req, NULL, md5_hash, 0);
> +	if (crypto_ahash_final(hp.req))
>  		goto clear_hash;
>  
> -	tcp_put_md5sig_pool();
> +	crypto_pool_put();
>  	return 0;
>  
>  clear_hash:
> -	tcp_put_md5sig_pool();
> +	crypto_pool_put();
>  clear_hash_noput:
>  	memset(md5_hash, 0, 16);
>  	return 1;

next prev parent reply	other threads:[~2023-01-07  2:05 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-03 18:42 [PATCH v2 0/5] net/crypto: Introduce crypto_pool Dmitry Safonov
2023-01-03 18:42 ` [PATCH v2 1/5] crypto: " Dmitry Safonov
2023-01-07  1:53   ` Jakub Kicinski
2023-01-09 20:59     ` Dmitry Safonov
2023-01-09 21:11       ` Dmitry Safonov
2023-01-03 18:42 ` [PATCH v2 2/5] crypto/pool: Add crypto_pool_reserve_scratch() Dmitry Safonov
2023-01-07  2:04   ` Jakub Kicinski
2023-01-09 21:08     ` Dmitry Safonov
2023-01-03 18:42 ` [PATCH v2 3/5] crypto/net/tcp: Use crypto_pool for TCP-MD5 Dmitry Safonov
2023-01-07  2:05   ` Jakub Kicinski [this message]
2023-01-09 21:16     ` Dmitry Safonov
2023-01-03 18:42 ` [PATCH v2 4/5] crypto/net/ipv6: sr: Switch to using crypto_pool Dmitry Safonov
2023-01-03 18:42 ` [PATCH v2 5/5] crypto/Documentation: Add crypto_pool kernel API Dmitry Safonov
2023-01-04 13:17   ` kernel test robot
2023-01-07  2:06   ` Jakub Kicinski
2023-01-09 21:23     ` Dmitry Safonov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230106180526.6e65b54d@kernel.org \
    --to=kuba@kernel.org \
    --cc=0x7f454c46@gmail.com \
    --cc=cdleonard@gmail.com \
    --cc=davem@davemloft.net \
    --cc=dima@arista.com \
    --cc=dsahern@kernel.org \
    --cc=edumazet@google.com \
    --cc=gilligan@arista.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=netdev@vger.kernel.org \
    --cc=noureddine@arista.com \
    --cc=pabeni@redhat.com \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.