On Tue, 11 Jun 2024 at 05:49, Eric Biggers <[email protected]> wrote: > > On many modern CPUs, it is possible to compute the SHA-256 hash of two > equal-length messages in about the same time as a single message, if all > the instructions are interleaved. This is because each SHA-256 (and > also most other cryptographic hash functions) is inherently serialized > and therefore can't always take advantage of the CPU's full throughput. > > An earlier attempt to support multibuffer hashing in Linux was based > around the ahash API. That approach had some major issues, as does the > alternative ahash-based approach proposed by Herbert (see my response at > https://lore.kernel.org/linux-crypto/[email protected]/). > This patchset instead takes a much simpler approach of just adding a > synchronous API for hashing equal-length messages. >
I share Eric's skepticism that shoehorning this into ahash for theoretical reasons is going to lead anywhere. So I would strongly prefer this approach. We can always revisit this if/when this generic multibuffer ahash materializes. So for this series Acked-by: Ard Biesheuvel <[email protected]>
