On Tue, 3 Jan 2023 18:42:55 +0000 Dmitry Safonov wrote: > Use crypto_pool API that was designed with tcp_md5sig_pool in mind. > The conversion to use crypto_pool will allow: > - to reuse ahash_request(s) for different users > - to allocate only one per-CPU scratch buffer rather than a new one for > each user > - to have a common API for net/ users that need ahash on RX/TX fast path > config TCP_MD5SIG > bool "TCP: MD5 Signature Option support (RFC2385)" > - select CRYPTO > + select CRYPTO_POOL Are you sure we don't need to select CRYPTO any more? select does not resolve dependencies. > select CRYPTO_MD5 > help > RFC2385 specifies a method of giving MD5 protection to TCP sessions. > @@ -749,29 +746,27 @@ static int tcp_v6_md5_hash_skb(char *md5_hash, > daddr = &ip6h->daddr; > } > > - hp = tcp_get_md5sig_pool(); > - if (!hp) > + if (crypto_pool_get(tcp_md5_crypto_pool_id, (struct crypto_pool *)&hp)) &hp.base ? To avoid the cast > goto clear_hash_noput; > - req = hp->md5_req; > > - if (crypto_ahash_init(req)) > + if (crypto_ahash_init(hp.req)) > goto clear_hash; > > - if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len)) > + if (tcp_v6_md5_hash_headers(&hp, daddr, saddr, th, skb->len)) > goto clear_hash; > - if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) > + if (tcp_md5_hash_skb_data(&hp, skb, th->doff << 2)) > goto clear_hash; > - if (tcp_md5_hash_key(hp, key)) > + if (tcp_md5_hash_key(&hp, key)) > goto clear_hash; > - ahash_request_set_crypt(req, NULL, md5_hash, 0); > - if (crypto_ahash_final(req)) > + ahash_request_set_crypt(hp.req, NULL, md5_hash, 0); > + if (crypto_ahash_final(hp.req)) > goto clear_hash; > > - tcp_put_md5sig_pool(); > + crypto_pool_put(); > return 0; > > clear_hash: > - tcp_put_md5sig_pool(); > + crypto_pool_put(); > clear_hash_noput: > memset(md5_hash, 0, 16); > return 1;
