Page MenuHomeFreeBSD
Differential D41581

blake2: Remove dieing flag and rw lock
ClosedPublic
Actions

Authored by jhb on Aug 24 2023, 4:23 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Sep 24, 2:57 AM
Unknown Object (File)
Tue, Sep 24, 2:57 AM
Unknown Object (File)
Tue, Sep 24, 2:57 AM
Unknown Object (File)
Mon, Sep 23, 4:34 AM
Unknown Object (File)
Thu, Sep 19, 11:58 PM
Unknown Object (File)
Thu, Sep 19, 9:22 PM
Unknown Object (File)
Sat, Sep 14, 5:06 AM
Unknown Object (File)
Sat, Sep 14, 3:14 AM
View All 40 Files
Subscribers
imp

Details

Reviewers
markj
Commits
rG13d39efedb32: blake2: Remove dieing flag and rw lock
rG79aeecc89f5c: blake2: Remove dieing flag and rw lock
Summary

crypto_unregister_all already disables new sessions and waits for
existing sessions to be destroyed before returning.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Aug 24 2023, 4:23 PM
Herald added a subscriber: imp. · View Herald TranscriptAug 24 2023, 4:23 PM
jhb requested review of this revision.Aug 24 2023, 4:23 PM
Harbormaster completed remote builds in B53274: Diff 126475.Aug 24 2023, 4:23 PM
jhb added a parent revision: D41580: blake2: Switch to using FPU_KERN_NOCTX.Aug 24 2023, 4:23 PM
jhb added a child revision: D41582: padlock: Switch to using FPU_KERN_NOCTX.
jhb added a comment.Aug 24 2023, 4:25 PM

BTW, given that Wireguard doesn't use OCF for blake2, I wonder if we might not want to just axe this driver and associated code entirely? Maybe we could hook the SSE variants of blake2 that this driver uses up to the library interface that Wireguard actually uses, but it's still not clear to me that blake2 is used enough in wg(4) for that to be worth it.

markj accepted this revision.Aug 24 2023, 4:41 PM
This revision is now accepted and ready to land.Aug 24 2023, 4:41 PM
markj added a comment.Aug 24 2023, 4:43 PM
In D41581#947582, @jhb wrote:

BTW, given that Wireguard doesn't use OCF for blake2, I wonder if we might not want to just axe this driver and associated code entirely? Maybe we could hook the SSE variants of blake2 that this driver uses up to the library interface that Wireguard actually uses, but it's still not clear to me that blake2 is used enough in wg(4) for that to be worth it.

Per the log from the original commit, the motivation for adding this driver was to simplify testing via userspace, with cryptocheck etc.. For that reason alone I'd be inclined to keep this.

jhb added a comment.Aug 24 2023, 8:02 PM
In D41581#947602, @markj wrote:
In D41581#947582, @jhb wrote:

BTW, given that Wireguard doesn't use OCF for blake2, I wonder if we might not want to just axe this driver and associated code entirely? Maybe we could hook the SSE variants of blake2 that this driver uses up to the library interface that Wireguard actually uses, but it's still not clear to me that blake2 is used enough in wg(4) for that to be worth it.

Per the log from the original commit, the motivation for adding this driver was to simplify testing via userspace, with cryptocheck etc.. For that reason alone I'd be inclined to keep this.

The only thing is there is no other consumer besides /dev/crypto, and only if you set kern.crypto.allow_soft=1 (which is really only there for cryptocheck). None of GELI or IPsec, etc. use the Blake2 algorithms at all, only wg(4), and wg(4) doesn't use OCF for Blake2.

markj added a comment.Aug 28 2023, 1:53 PM
In D41581#947709, @jhb wrote:
In D41581#947602, @markj wrote:
In D41581#947582, @jhb wrote:

BTW, given that Wireguard doesn't use OCF for blake2, I wonder if we might not want to just axe this driver and associated code entirely? Maybe we could hook the SSE variants of blake2 that this driver uses up to the library interface that Wireguard actually uses, but it's still not clear to me that blake2 is used enough in wg(4) for that to be worth it.

Per the log from the original commit, the motivation for adding this driver was to simplify testing via userspace, with cryptocheck etc.. For that reason alone I'd be inclined to keep this.

The only thing is there is no other consumer besides /dev/crypto, and only if you set kern.crypto.allow_soft=1 (which is really only there for cryptocheck). None of GELI or IPsec, etc. use the Blake2 algorithms at all, only wg(4), and wg(4) doesn't use OCF for Blake2.

Right, but isn't it useful to be able to verify the backend using cryptocheck? This driver isn't exactly a lot of code to maintain.

I don't have any particular objection to removing this driver, I just don't think it's useless.

Closed by commit rG79aeecc89f5c: blake2: Remove dieing flag and rw lock (authored by jhb). · Explain WhyAug 28 2023, 11:25 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rG79aeecc89f5c: blake2: Remove dieing flag and rw lock.
jhb added a commit: rG13d39efedb32: blake2: Remove dieing flag and rw lock.Dec 29 2023, 11:11 PM

Revision Contents
Changeset List

PathSize
sys/
crypto/
blake2/
22 lines

Diff 126619

View Options

sys/crypto/blake2/blake2_cryptodev.c

Loading...