On Wed, Jan 05, 2022 at 11:01:04PM +0100, Ard Biesheuvel wrote: > On Wed, 5 Jan 2022 at 22:53, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > > > > On Tue, Jan 04, 2022 at 06:02:52PM +0100, Ard Biesheuvel wrote: > > > The only downside here is that the ARM/x86 accelerated shashes and the > > > generic shash now use the same core transform, right? > > > > I don't see how this is the case, given that crypto/blake2s_generic.c still uses > > blake2s_compress_generic(), not blake2s_compress(). > > > > Ah ok, I stand corrected then. > > So what are your thoughts on this? Should we keep the shashes while > they have no users? I don't know. Removing unused stuff is good per se, but I wouldn't have expected this to be something that is being considered here. It's not like this is a "controversial" algorithm, blake2b is already supported, and there could be users of it already (dm-integrity, dm-verity, AF_ALG, etc.). If this is going to happen, then the acceptance criteria for new algorithms need to get *much* stricter, so that algorithms aren't constantly being added and removed. - Eric
