crypto_unregister_all already disables new sessions and waits for
existing sessions to be destroyed before returning.
Details
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped - Build Status
Buildable 53274 Build 50165: arc lint + arc unit
Event Timeline
BTW, given that Wireguard doesn't use OCF for blake2, I wonder if we might not want to just axe this driver and associated code entirely? Maybe we could hook the SSE variants of blake2 that this driver uses up to the library interface that Wireguard actually uses, but it's still not clear to me that blake2 is used enough in wg(4) for that to be worth it.
Per the log from the original commit, the motivation for adding this driver was to simplify testing via userspace, with cryptocheck etc.. For that reason alone I'd be inclined to keep this.
The only thing is there is no other consumer besides /dev/crypto, and only if you set kern.crypto.allow_soft=1 (which is really only there for cryptocheck). None of GELI or IPsec, etc. use the Blake2 algorithms at all, only wg(4), and wg(4) doesn't use OCF for Blake2.
Right, but isn't it useful to be able to verify the backend using cryptocheck? This driver isn't exactly a lot of code to maintain.
I don't have any particular objection to removing this driver, I just don't think it's useless.