On Mon, 19 Aug 2019 at 09:32, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Thu, Aug 15, 2019 at 10:28:55PM +0300, Ard Biesheuvel wrote: > > > > + /* Synchronous hash, e.g., "sha256" */ > > + ictx->hash = crypto_alloc_shash(shash_name, 0, 0); > > + if (IS_ERR(ictx->hash)) { > > + err = PTR_ERR(ictx->hash); > > + goto out_drop_skcipher; > > + } > > Holding a reference to this algorithm for the life-time of the > instance is not nice. How about just doing a lookup as you were > doing before with crypto_alg_mod_lookup and getting the cra_name > from that? > OK, but it should be the cra_driver_name not the cra_name. Otherwise, allocating essiv(cbc(aes),sha256-generic) may end up using a different implementation of sha256, which would be bad.