On Thu, 2018-06-28 at 23:50 +0300, Mikhail Kurinnoi wrote: > В Thu, 28 Jun 2018 15:14:38 -0400 > Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> пишет: > > > On Thu, 2018-06-28 at 18:39 +0200, Matthias Gerstner wrote: > > > Hi, > > > > > > > In this patch, I propose add an exception for > > > > "crypto-pkcs1pad(rsa,*)" module requests only in case of enabled > > > > integrity asymmetric keys support. > > > > > > I have tested the patch in my test setup and it looks good. No > > > deadlocks so far. > > > > I really wish we didn't have to do a string compare "crypto- > > pkcs1pad(rsa" each and every time. Is the check once per crypto > > algorithm? > > As I understood, it check once per crypto algorithm: > > "crypto_alloc_tfm() will first attempt to locate an already loaded > algorithm. > ... > If that fails it will send a query to any loaded crypto manager to > construct an algorithm on the fly. > A refcount is grabbed on the algorithm which is then associated with > the new transform." > > https://github.com/torvalds/linux/blob/a97d8efd9d350bd9c6cf13689c7cc09049b42acd/crypto/api.c#L515 After having loaded "all" the crypto algorithms, we wouldn't need to ever do the string compare again. As this isn't on a critical path, nor is it likely for all crypto algorithms to be loaded, it probably doesn't make sense to address it. Mimi
