From: Paul Louvel <paul.louvel@bootlin.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Herve Codina <herve.codina@bootlin.com>
Subject: Re: Need some clarification about CRYPTO_AHASH_ALG_BLOCK_ONLY
Date: Thu, 26 Mar 2026 10:46:26 +0100 [thread overview]
Message-ID: <5a91d084-a1f6-4911-8592-a4f5dd3f3e13@bootlin.com> (raw)
In-Reply-To: <acTt7q5nXMBsDcxv@gondor.apana.org.au>
Hi,
> This flag is meant to be temporary in nature.
What does that mean ? The flag will be subject to changes in the near future ?
> Historically, crypto API hash drivers processed partial blocks at the
> end directly and the API played no role in it.
>
> This has resulted in complexities in the drivers and associated bugs.
I agree. I am currently working on the talitos crypto driver, which includes
code to handle partial blocks. The SEC1 (currently supported by the talitos
driver) is older hardware that only accepts data with a length that is a
multiple of the underlying hashing algorithm's block size. Would it make sense
for the crypto API to have a flag to handle such limitations automatically?
> The API is now able to handle partial blocks for the drivers and
> the flag is an indication of the driver's preference for it.
Understood.
> For a reference, see the aspeed driver which has been converted
> to the new way of handling partial block data.
Ok.
Thank you,
On 3/26/26 9:27 AM, Herbert Xu wrote:
>> On 3/20/26 10:42 AM, Paul Louvel wrote:
>>> Hello,
>>>
>>> I have stumbled across a flag defined in include/crypto/internal/hash.h
>>> : CRYPTO_AHASH_ALG_BLOCK_ONLY.
>>> To get more information about what exact behavior this flag do, I read
>>> the crypto_ahash_update function.
>>> From the looks of it, it seems that the API will call the tfm update if
>>> there is enough bytes (and by enough I mean at least a block size), from
>>> the internal buffer and the incoming ahash_request.
>>> In this case, I find the BLOCK_ONLY naming a bit of a misnomer, since it
>>> only guarantee you than req->nbytes will be at least a block size.
>>> I initially though that the API would only give a request that are a
>>> multiple of the block size.
>>>
>>> This flag, among others, are relatively recent.
>>> I think adding documentation about these flags would be a great idea.
> This flag is meant to be temporary in nature.
>
> Historically, crypto API hash drivers processed partial blocks at the
> end directly and the API played no role in it.
>
> This has resulted in complexities in the drivers and associated bugs.
>
> The API is now able to handle partial blocks for the drivers and
> the flag is an indication of the driver's preference for it.
>
> For a reference, see the aspeed driver which has been converted
> to the new way of handling partial block data.
>
> Cheers,
--
Paul Louvel, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2026-03-26 9:46 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-20 9:42 Need some clarification about CRYPTO_AHASH_ALG_BLOCK_ONLY Paul Louvel
2026-03-25 12:26 ` Paul Louvel
2026-03-26 8:27 ` Herbert Xu
2026-03-26 9:46 ` Paul Louvel [this message]
2026-03-27 3:39 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5a91d084-a1f6-4911-8592-a4f5dd3f3e13@bootlin.com \
--to=paul.louvel@bootlin.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=herve.codina@bootlin.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox