Re: [RFC PATCH 4.10 0/6] Switch BPF's digest to SHA256

From: Herbert Xu
Date: Mon Dec 26 2016 - 03:21:23 EST

Next message: Hanjun Guo: "Re: Linux 4.10-rc1"
Previous message: kbuild test robot: "drivers/built-in.o:undefined reference to `sys_fillrect'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andy Lutomirski <luto@xxxxxxxxxx> wrote:
> Since there are plenty of uses for the new-in-4.10 BPF digest feature
> that would be problematic if malicious users could produce collisions,
> the BPF digest should be collision-resistant. SHA-1 is no longer
> considered collision-resistant, so switch it to SHA-256.
>
> The actual switchover is trivial. Most of this series consists of
> cleanups to the SHA256 code to make it usable as a standalone library
> (since BPF should not depend on crypto).
>
> The cleaned up library is much more user-friendly than the SHA-1 code,
> so this also significantly tidies up the BPF digest code.
>
> This is intended for 4.10. If this series misses 4.10 and nothing
> takes its place, then we'll have an unpleasant ABI stability
> situation.

Can you please explain why BPF needs to be able to use SHA directly
rather than through the crypto API?

Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Hanjun Guo: "Re: Linux 4.10-rc1"
Previous message: kbuild test robot: "drivers/built-in.o:undefined reference to `sys_fillrect'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]