On Tue, Feb 03, 2026 at 10:44:05AM -0800, Alexei Starovoitov wrote: > On Mon, Feb 2, 2026 at 6:48 AM Daniel Hodges <[email protected]> wrote: > > > > Add a bpf_crypto_sig module that registers signature verification > > algorithms with the BPF crypto type system. This enables signature > > operations (like ECDSA) to use the unified bpf_crypto_ctx structure. > > > > The module provides: > > - alloc_tfm/free_tfm for crypto_sig transform lifecycle > > - has_algo to check algorithm availability > > - setkey for public key configuration > > - verify for signature verification > > - get_flags for crypto API flags > > > > Introduce bpf_sig_verify, bpf_sig_keysize, bpf_sig_digestsize, > > and bpf_sig_maxsize kfuncs enabling BPF programs to verify digital > > signatures using the kernel's crypto infrastructure. > > > > Add enum bpf_crypto_type_id for runtime type checking to ensure > > operations are performed on the correct crypto context type. The enum > > values are assigned to all crypto type modules (skcipher, hash, sig). > > > > The verify kfunc takes a crypto context (initialized with the sig > > type and appropriate algorithm like "ecdsa-nist-p256"), a message > > digest, and a signature. These kfuncs support any signature algorithm > > registered with the crypto subsystem (e.g., ECDSA, RSA). > > > > Signed-off-by: Daniel Hodges <[email protected]> > > --- > > MAINTAINERS | 1 + > > crypto/Makefile | 3 + > > crypto/bpf_crypto_sig.c | 89 ++++++++++++++++++++++++++++ > > include/linux/bpf_crypto.h | 4 ++ > > kernel/bpf/crypto.c | 117 +++++++++++++++++++++++++++++++++++++ > > 5 files changed, 214 insertions(+) > > create mode 100644 crypto/bpf_crypto_sig.c > > Other than the issue spotted by AI the patches look fine, > but we need Ack from crypto maintainers.
Sounds good, I'll wait to hear from them before sending anything else.
