Umm... What do I apply this patch to? In your modified public_key_verify_signature(): > - sg_init_one(&digest_sg, output, outlen); > - akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size, > + sg_init_one(&output_sg, output, outlen); > + akcipher_request_set_crypt(req, &sig_sg, &output_sg, sig->s_size, > outlen); Why is the output necessary? It was there for the decoded hash to be placed in prior to comparison - but now that's not necessary. > - ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait); > + ret = crypto_wait_req(crypto_akcipher_verify(req, sig->digest, > + sig->digest_size), &cwait); I see sig->digest is passed in here. Should it be passed in in place of output_sg above? > - inst->alg.verify = pkcs1pad_verify; > + inst->alg.verify_rsa = pkcs1pad_verify; Is there a reason that pkcs1pad_verify() can't do the comparison? > - .verify = rsa_verify, > + .verify_rsa = rsa_verify, Likewise verify_rsa()? Granted, this might involve pkcs1pad_verify() dressing up the signature in the appropriate wrappings and passing it along to verify_rsa() to do the actual comparison there (ie. what pkcs1pad_verify_complete() does). > - .verify = caam_rsa_enc, > + .verify_rsa = caam_rsa_enc, I presume this is the reason - because this reuses its encrypt operation directly. But could this instead perform the comparison upon completion, say in rsa_pub_done()? > - .verify = qat_rsa_enc, > + .verify_rsa = qat_rsa_enc, Again, this could do the comparison, say, in qat_rsa_cb(). David