On Fri, May 15, 2020 at 12:26 AM Benson Leung <bleung@xxxxxxxxxx> wrote: > On Thu, May 14, 2020 at 06:18:47PM +0200, Ard Biesheuvel wrote: > > The CrOS EC codec driver uses SHA-256 explicitly, and not in a > > performance critical manner, so there is really no point in using > > the dynamic SHASH crypto API here. Let's switch to the library API > > instead. Pardon me if I don't understand it precisely. What is the difference between the two APIs? Suppose it should calculate the same SHA256 hash with the same binary blob after switching to library API? > > Looking at the code, I was wondering if the SHA-256 is really required > > here? It looks like it is using it as some kind of fingerprint to decide > > whether the provided file is identical to the one that has already been > > loaded. If this is the case, we should probably just use CRC32 instead. No, the binary blob carries data and possibly code. We are not only using the hash as a fingerprint but also an integrity check. > > Also, do we really need to wipe the context struct? Is there any security > > sensitive data in there? No, not necessary as far as I know.
