Re: [PATCH] lib/crypto: powerpc/md5: Drop powerpc optimized MD5 code

[Eric Biggers <ebiggers@kernel.org>]

On Mon, May 04, 2026 at 03:28:24PM +0200, Christophe Leroy (CS GROUP) wrote:
> Hi Eric,
> 
> Le 04/05/2026 à 06:14, Eric Biggers a écrit :
> > Earlier the decision was made to keep this code for a while, despite no
> > other architectures having optimized MD5 code anymore, because of
> > someone using it via AF_ALG via libkcapi-hasher
> > (https://lore.kernel.org/r/f0d771d5-ed70-444c-957a-ad4c16f6c115@csgroup.eu/)
> > 
> > However, with AF_ALG itself now being on its way out due to its
> > continuous stream of security vulnerabilities
> > (https://lore.kernel.org/r/20260430011544.31823-1-ebiggers@kernel.org/),
> > it's time to be a bit more forceful with nudging people towards
> > userspace crypto code.  It's always been the better solution anyway, and
> > it's much more efficient if properly optimized code is used.
> 
> Ok, why not, but what do you propose as an alternative ? Let me explain the
> situation.
> 
> We have two versions of boards:
> - One with powerpc MPC885E, which embeds a SECURITY Engine called TALITOS
> for offloading crypto operations
> - One with powerpc MPC866, which doesn't have the security engine.
> 
> To use the security engine, our software use the AF_ALG interface (via
> libkcapi).
> 
> Our software has to run on both boards, we can't afford two different
> versions of the software and the software shall have no dead code. Therefore
> we rely on the capability of the kernel to do the hash by itself when the
> TALITOS in not available.
> 
> The kernel has always been the place where we do board specific stuff, not
> the application. I can't see why the application would have to ask the
> kernel when the Talitos is there and have to do the hashing by itself when
> the Talitos is not there.
> 
> I'm really concerned with the optimised MD5 going away now, and I'm also
> wondering what will be the way to splice a file into the kernel and get it's
> MD-5 hash from the TALITOS if AF_ALG goes away in medium-term.
> 
> What is the way forward ? I'm open to any suggestion as I really can't see
> where to go for now.
> 
> But please don't remove powerpc MD5 before we find an alternative solution.
> 
> Thanks
> Christophe

I think I gave the solution in the commit message already, no?  Take the
same MD5 code and run it in userspace.  It will be even faster than
invoking that code via AF_ALG.

Yes, the selection of software vs "security" engine (if you actually
still need the latter, which in reality you probably don't) would then
occur in userspace.  But selecting an implementation in userspace isn't
unusual.  It's no different from how different CPU features are handled
in userspace.

Anyway, please don't confuse this patch (which only affects performance)
with full removal of AF_ALG (which would be a hard break, and won't
occur until quite far in the future).  This patch is just a nudge in the
right direction, and a cleanup of the kernel's powerpc support to be
aligned with all the other architectures.  So I do believe we should
proceed with this patch.

- Eric