On Wed, 2016-10-19 at 11:31 +0800, Herbert Xu wrote: > On Mon, Oct 17, 2016 at 06:21:14PM +0100, Ard Biesheuvel wrote: > > > > > > Annoyingly, all this complication with scatterlists etc is for > > doing > > asynchronous crypto via DMA capable crypto accelerators, and the > > networking code (ipsec as well as mac80211, afaik) only allow > > synchronous in the first place, given that they execute in softirq > > context. > > I'm still thinking about the issue (in particular, whether we > should continue to rely on the request context being SG-capable > or allow it to be on the stack for AEAD).
:) > But IPsec definitely supports async crypto. In fact it was the > very first user of async crypto. Yeah. > mac80211 on the other hand is currently sync-only. We could probably make mac80211 do that too, but can we guarantee in- order processing? Anyway, it's pretty low priority, maybe never happening, since hardly anyone really uses "software" crypto, the wifi devices mostly have it built in anyway. (One problem is that the skb->cb is already completely full, so we can't stash away the AAD there) johannes