The rpcsec_gss code used for NFS currently does basically the following to create a checksum for each rpc: crypto_alloc_hash() crypto_hash_init() crypto_hash_update() ... crypto_hash_final() crypto_free_hash() The crypto_alloc_hash() poses a possible deadlock situation. (Although it hasn't been a problem so far in practice.) It would be preferable to allocate the transform once in a context (shared by multiple tasks). However, doing so seems to cause problems with bad checksums. We'd rather not have to add a spinlock to serialize its use. Is there a way to allocate state information on the stack (or elsewhere) such that the transform can be shared simultaneously? Herbert, Bruce Fields says you suggested a while back that an interface was already there, or was being planned? Can you give me any details? Could we possibly help? Another question: The current checksum code deals only with "md5". Support for newer Kerberos encryption types uses keyed hashes. In an extreme case, support for the rc4-hmac Kerberos encryption type requires a new hash key be derived for each rpc. Would this interface be able to deal with changing keys as well? In that same case, the "rc4" cipher key changes with each rpc as well. Thanks, K.C. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
