Re: RFC: Crypto API User-interface

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Christoph Hellwig <hch@infradead.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Christoph Hellwig <hch@infradead.org>,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: RFC: Crypto API User-interface
Date: Tue, 7 Sep 2010 10:24:27 -0400	[thread overview]
Message-ID: <20100907142427.GA14207@infradead.org> (raw)
In-Reply-To: <20100907141112.GB6903@gondor.apana.org.au>

On Tue, Sep 07, 2010 at 10:11:12PM +0800, Herbert Xu wrote:
> FWIW I don't care about user-space using kernel software crypto at
> all.  It's the security people that do.

And since when did we care about their crack pipe dreams?

> The purpose of the user-space API is to export the hardware crypto
> devices to user-space.  This means PCI devices mostly, as things
> like aesni-intel can already be used without kernel help.

I don't think they matter in practice.  We have less than a handfull
of drivers for them, and with CPUs gaining proper instructions they
are even less useful.  In addition any sane PCI card should just
allow userspace mapping of their descriptors.

> Now as a side-effect if this means that we can shut the security
> people up about adding another interface then all the better.  But
> I will certainly not go out of the way to add more crap to the
> kernel for that purpose.

So what is the real use case for this?  In addition to kernel bloat
the real fear I have is that the security wankers will just configure
the userspace crypto libraries to always use the kernel interface
just in case, and once that happens we will have to deal with the whole
mess.  Especially for RHEL and Fedora where the inmantes now run the
asylum in that respect.

next prev parent reply	other threads:[~2010-09-07 14:24 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-07  8:42 RFC: Crypto API User-interface Herbert Xu
2010-09-07  9:18 ` Tomas Mraz
2010-09-07 14:06 ` Christoph Hellwig
2010-09-07 14:11   ` Herbert Xu
2010-09-07 14:24     ` Christoph Hellwig [this message]
2010-09-07 14:39       ` Herbert Xu
2010-09-07 14:49     ` Nikos Mavrogiannopoulos
2010-09-07 14:57   ` Nikos Mavrogiannopoulos
2010-09-07 14:59     ` Christoph Hellwig
2010-10-19 13:44 ` Herbert Xu
2010-10-20 10:24   ` Nikos Mavrogiannopoulos
2010-11-04 17:34   ` Herbert Xu
2010-11-04 17:36     ` [PATCH 2/4] crypto: af_alg - User-space interface for Crypto API Herbert Xu
2010-11-04 19:23       ` David Miller
2010-11-04 17:36     ` [PATCH 1/4] net - Add AF_ALG macros Herbert Xu
2010-11-04 19:22       ` David Miller
2010-11-04 17:36     ` [PATCH 3/4] crypto: algif_hash - User-space interface for hash operations Herbert Xu
2010-11-04 19:23       ` David Miller
2010-11-04 17:36     ` [PATCH 4/4] crypto: algif_skcipher - User-space interface for skcipher operations Herbert Xu
2010-11-04 19:23       ` David Miller
2010-10-19 13:46 ` [PATCH 1/4] net - Add AF_ALG macros Herbert Xu
2010-10-20  9:01   ` David Miller
2010-10-19 13:46 ` [PATCH 2/4] crypto: af_alg - User-space interface for Crypto API Herbert Xu
2010-10-19 13:46 ` [PATCH 4/4] crypto: algif_skcipher - User-space interface for skcipher operations Herbert Xu
2010-10-19 13:46 ` [PATCH 3/4] crypto: algif_hash - User-space interface for hash operations Herbert Xu
     [not found] <1590523029.1055831283858598965.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-09-07 11:27 ` RFC: Crypto API User-interface Miloslav Trmac
2010-09-07 14:07   ` Herbert Xu
     [not found] <1847066281.1081601283869883727.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-09-07 14:34 ` Miloslav Trmac
2010-09-07 14:41   ` Herbert Xu
2010-09-07 14:51   ` Christoph Hellwig
2010-09-07 14:54     ` Miloslav Trmac
     [not found] <834983542.1086561283871074929.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2010-09-07 14:52 ` Miloslav Trmac
2010-09-07 14:55   ` Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100907142427.GA14207@infradead.org \
    --to=hch@infradead.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).