Andy Lutomirski <luto@xxxxxxxxxx> wrote: > Since there are plenty of uses for the new-in-4.10 BPF digest feature > that would be problematic if malicious users could produce collisions, > the BPF digest should be collision-resistant. SHA-1 is no longer > considered collision-resistant, so switch it to SHA-256. > > The actual switchover is trivial. Most of this series consists of > cleanups to the SHA256 code to make it usable as a standalone library > (since BPF should not depend on crypto). > > The cleaned up library is much more user-friendly than the SHA-1 code, > so this also significantly tidies up the BPF digest code. > > This is intended for 4.10. If this series misses 4.10 and nothing > takes its place, then we'll have an unpleasant ABI stability > situation. Can you please explain why BPF needs to be able to use SHA directly rather than through the crypto API? Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html