On Tue, 11 Jun 2024 at 05:49, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > > On many modern CPUs, it is possible to compute the SHA-256 hash of two > equal-length messages in about the same time as a single message, if all > the instructions are interleaved. This is because each SHA-256 (and > also most other cryptographic hash functions) is inherently serialized > and therefore can't always take advantage of the CPU's full throughput. > > An earlier attempt to support multibuffer hashing in Linux was based > around the ahash API. That approach had some major issues, as does the > alternative ahash-based approach proposed by Herbert (see my response at > https://lore.kernel.org/linux-crypto/20240610164258.GA3269@sol.localdomain/). > This patchset instead takes a much simpler approach of just adding a > synchronous API for hashing equal-length messages. > I share Eric's skepticism that shoehorning this into ahash for theoretical reasons is going to lead anywhere. So I would strongly prefer this approach. We can always revisit this if/when this generic multibuffer ahash materializes. So for this series Acked-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
