On Thu, 15 Aug 2019 at 05:37, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Wed, Aug 14, 2019 at 07:37:43PM +0300, Ard Biesheuvel wrote:
> >
> > + /* Block cipher, e.g., "aes" */
> > + crypto_set_spawn(&ictx->essiv_cipher_spawn, inst);
> > + err = crypto_grab_spawn(&ictx->essiv_cipher_spawn, essiv_cipher_name,
> > + CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_MASK);
> > + if (err)
> > + goto out_drop_skcipher;
> > + essiv_cipher_alg = ictx->essiv_cipher_spawn.alg;
> > +
> > + /* Synchronous hash, e.g., "sha256" */
> > + _hash_alg = crypto_alg_mod_lookup(shash_name,
> > + CRYPTO_ALG_TYPE_SHASH,
> > + CRYPTO_ALG_TYPE_MASK);
> > + if (IS_ERR(_hash_alg)) {
> > + err = PTR_ERR(_hash_alg);
> > + goto out_drop_essiv_cipher;
> > + }
> > + hash_alg = __crypto_shash_alg(_hash_alg);
> > + err = crypto_init_shash_spawn(&ictx->hash_spawn, hash_alg, inst);
> > + if (err)
> > + goto out_put_hash;
>
> I wouldn't use spawns for these two algorithms. The point of
> spawns is mainly to serve as a notification channel so we can
> tear down the top-level instance when a better underlying spawn
> implementation is added to the system.
>
> For these two algorithms, we don't really care about their performance
> to do such a tear-down since they only operate on small pieces of
> data.
>
> Therefore just keep things simple and allocate them in the tfm
> init function.
>
So how do I ensure that the cipher and shash are actually loaded at
create() time, and that they are still loaded at TFM init time?
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
