On Thu, May 26, 2022 at 11:20:26AM +0200, Jason A. Donenfeld wrote: > BLAKE2s has no use as an shash and no use is likely to ever come up. I'm not sure about that. Anyone who is already using shash (for supporting multiple algorithms) and wants to add blake2s support would need it. dm-verity, dm-integrity, fs-verity, UBIFS authentication, IMA, btrfs checksums, etc. A couple of these are already using blake2b, even. I guess you might as well remove blake2s until someone explicitly says they want it, but I can easily see it coming back later. > Just remove all of this unnecessary plumbing. Removing this shash was > something we talked about back when we were making BLAKE2s a built-in, > but I simply never got around to doing it. So this completes that > project. > > This also helps fix a bug in which the lib code depends on > crypto_simd_disabled_for_test, which is now unnecessary. > > Cc: gaochao <gaochao49@xxxxxxxxxx> > Cc: Eric Biggers <ebiggers@xxxxxxxxxx> > Cc: Ard Biesheuvel <ardb@xxxxxxxxxx> > Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx> More importantly, this is removing quite a bit of test coverage because the extra self-tests in crypto/testmgr.c are more comprehensive than what lib/crypto/blake2s-selftest.c does. For example they test the case where the input data is misaligned, as well as the case where the code is executed in a context where SIMD instructions are unavailable. In order for this to be acceptable, I think you'd need to update blake2s-selftest.c to be more comprehensive. - Eric