Add bpf_crypto_shash module that registers a hash type with the BPF
crypto infrastructure, enabling BPF programs to access kernel hash
algorithms through a unified interface.
Update the bpf_crypto_type interface with hash-specific callbacks:
- alloc_tfm: Allocates crypto_shash context with proper descriptor size
- free_tfm: Releases hash transform and context memory
- has_algo: Checks algorithm availability via crypto_has_shash()
- hash: Performs single-shot hashing via crypto_shash_digest()
- digestsize: Returns the output size for the hash algorithm
- get_flags: Exposes transform flags to BPF programs
Update bpf_shash_ctx to contain crypto_shash transform and shash_desc
descriptor to accommodate algorithm-specific descriptor requirements.
Signed-off-by: Daniel Hodges <git@danielhodges.dev>
---
crypto/Makefile | 3 ++
crypto/bpf_crypto_shash.c | 95 +++++++++++++++++++++++++++++++++++++++
2 files changed, 98 insertions(+)
create mode 100644 crypto/bpf_crypto_shash.c
diff --git a/crypto/Makefile b/crypto/Makefile
index 16a35649dd91..853dff375906 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -30,6 +30,9 @@ obj-$(CONFIG_CRYPTO_ECHAINIV) += echainiv.o
crypto_hash-y += ahash.o
crypto_hash-y += shash.o
obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o
+ifeq ($(CONFIG_BPF_SYSCALL),y)
+obj-$(CONFIG_CRYPTO_HASH2) += bpf_crypto_shash.o
+endif
obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o
obj-$(CONFIG_CRYPTO_SIG2) += sig.o
diff --git a/crypto/bpf_crypto_shash.c b/crypto/bpf_crypto_shash.c
new file mode 100644
index 000000000000..95c178ec0ce8
--- /dev/null
+++ b/crypto/bpf_crypto_shash.c
@@ -0,0 +1,95 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */
+#include <linux/types.h>
+#include <linux/module.h>
+#include <linux/bpf_crypto.h>
+#include <crypto/hash.h>
+
+struct bpf_shash_ctx {
+ struct crypto_shash *tfm;
+ struct shash_desc desc;
+};
+
+static void *bpf_crypto_shash_alloc_tfm(const char *algo)
+{
+ struct bpf_shash_ctx *ctx;
+ struct crypto_shash *tfm;
+
+ tfm = crypto_alloc_shash(algo, 0, 0);
+ if (IS_ERR(tfm))
+ return tfm;
+
+ ctx = kzalloc(sizeof(*ctx) + crypto_shash_descsize(tfm), GFP_KERNEL);
+ if (!ctx) {
+ crypto_free_shash(tfm);
+ return ERR_PTR(-ENOMEM);
+ }
+
+ ctx->tfm = tfm;
+ ctx->desc.tfm = tfm;
+
+ return ctx;
+}
+
+static void bpf_crypto_shash_free_tfm(void *tfm)
+{
+ struct bpf_shash_ctx *ctx = tfm;
+
+ crypto_free_shash(ctx->tfm);
+ kfree(ctx);
+}
+
+static int bpf_crypto_shash_has_algo(const char *algo)
+{
+ return crypto_has_shash(algo, 0, 0);
+}
+
+static int bpf_crypto_shash_hash(void *tfm, const u8 *data, u8 *out,
+ unsigned int len)
+{
+ struct bpf_shash_ctx *ctx = tfm;
+
+ return crypto_shash_digest(&ctx->desc, data, len, out);
+}
+
+static unsigned int bpf_crypto_shash_digestsize(void *tfm)
+{
+ struct bpf_shash_ctx *ctx = tfm;
+
+ return crypto_shash_digestsize(ctx->tfm);
+}
+
+static u32 bpf_crypto_shash_get_flags(void *tfm)
+{
+ struct bpf_shash_ctx *ctx = tfm;
+
+ return crypto_shash_get_flags(ctx->tfm);
+}
+
+static const struct bpf_crypto_type bpf_crypto_shash_type = {
+ .alloc_tfm = bpf_crypto_shash_alloc_tfm,
+ .free_tfm = bpf_crypto_shash_free_tfm,
+ .has_algo = bpf_crypto_shash_has_algo,
+ .hash = bpf_crypto_shash_hash,
+ .digestsize = bpf_crypto_shash_digestsize,
+ .get_flags = bpf_crypto_shash_get_flags,
+ .owner = THIS_MODULE,
+ .name = "hash",
+};
+
+static int __init bpf_crypto_shash_init(void)
+{
+ return bpf_crypto_register_type(&bpf_crypto_shash_type);
+}
+
+static void __exit bpf_crypto_shash_exit(void)
+{
+ int err = bpf_crypto_unregister_type(&bpf_crypto_shash_type);
+
+ WARN_ON_ONCE(err);
+}
+
+module_init(bpf_crypto_shash_init);
+module_exit(bpf_crypto_shash_exit);
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Hash algorithm support for BPF");
--
2.51.0On Sun, Dec 7, 2025 at 7:01 PM Daniel Hodges <git@danielhodges.dev> wrote:
>
> Add bpf_crypto_shash module that registers a hash type with the BPF
> crypto infrastructure, enabling BPF programs to access kernel hash
> algorithms through a unified interface.
>
> Update the bpf_crypto_type interface with hash-specific callbacks:
> - alloc_tfm: Allocates crypto_shash context with proper descriptor size
> - free_tfm: Releases hash transform and context memory
> - has_algo: Checks algorithm availability via crypto_has_shash()
> - hash: Performs single-shot hashing via crypto_shash_digest()
> - digestsize: Returns the output size for the hash algorithm
> - get_flags: Exposes transform flags to BPF programs
>
> Update bpf_shash_ctx to contain crypto_shash transform and shash_desc
> descriptor to accommodate algorithm-specific descriptor requirements.
>
> Signed-off-by: Daniel Hodges <git@danielhodges.dev>
> ---
> crypto/Makefile | 3 ++
> crypto/bpf_crypto_shash.c | 95 +++++++++++++++++++++++++++++++++++++++
> 2 files changed, 98 insertions(+)
> create mode 100644 crypto/bpf_crypto_shash.c
>
> diff --git a/crypto/Makefile b/crypto/Makefile
> index 16a35649dd91..853dff375906 100644
> --- a/crypto/Makefile
> +++ b/crypto/Makefile
> @@ -30,6 +30,9 @@ obj-$(CONFIG_CRYPTO_ECHAINIV) += echainiv.o
> crypto_hash-y += ahash.o
> crypto_hash-y += shash.o
> obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o
> +ifeq ($(CONFIG_BPF_SYSCALL),y)
> +obj-$(CONFIG_CRYPTO_HASH2) += bpf_crypto_shash.o
> +endif
>
> obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o
> obj-$(CONFIG_CRYPTO_SIG2) += sig.o
> diff --git a/crypto/bpf_crypto_shash.c b/crypto/bpf_crypto_shash.c
> new file mode 100644
> index 000000000000..95c178ec0ce8
> --- /dev/null
> +++ b/crypto/bpf_crypto_shash.c
> @@ -0,0 +1,95 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */
> +#include <linux/types.h>
> +#include <linux/module.h>
> +#include <linux/bpf_crypto.h>
> +#include <crypto/hash.h>
> +
> +struct bpf_shash_ctx {
> + struct crypto_shash *tfm;
> + struct shash_desc desc;
> +};
> +
> +static void *bpf_crypto_shash_alloc_tfm(const char *algo)
> +{
> + struct bpf_shash_ctx *ctx;
> + struct crypto_shash *tfm;
> +
> + tfm = crypto_alloc_shash(algo, 0, 0);
> + if (IS_ERR(tfm))
> + return tfm;
> +
> + ctx = kzalloc(sizeof(*ctx) + crypto_shash_descsize(tfm), GFP_KERNEL);
> + if (!ctx) {
> + crypto_free_shash(tfm);
> + return ERR_PTR(-ENOMEM);
> + }
> +
> + ctx->tfm = tfm;
> + ctx->desc.tfm = tfm;
> +
> + return ctx;
> +}
What if we let bpf_crypto_shash_alloc_tfm() return a "struct shash_desc"?
shash_desc->tfm is already struct crypto_shash. This way, we don't need
bpf_shash_ctx any more. Would this work?
Thanks,
Song
On Wed, Dec 17, 2025 at 06:45:14AM +0900, Song Liu wrote:
> On Sun, Dec 7, 2025 at 7:01 PM Daniel Hodges <git@danielhodges.dev> wrote:
> >
> > Add bpf_crypto_shash module that registers a hash type with the BPF
> > crypto infrastructure, enabling BPF programs to access kernel hash
> > algorithms through a unified interface.
> >
> > Update the bpf_crypto_type interface with hash-specific callbacks:
> > - alloc_tfm: Allocates crypto_shash context with proper descriptor size
> > - free_tfm: Releases hash transform and context memory
> > - has_algo: Checks algorithm availability via crypto_has_shash()
> > - hash: Performs single-shot hashing via crypto_shash_digest()
> > - digestsize: Returns the output size for the hash algorithm
> > - get_flags: Exposes transform flags to BPF programs
> >
> > Update bpf_shash_ctx to contain crypto_shash transform and shash_desc
> > descriptor to accommodate algorithm-specific descriptor requirements.
> >
> > Signed-off-by: Daniel Hodges <git@danielhodges.dev>
> > ---
> > crypto/Makefile | 3 ++
> > crypto/bpf_crypto_shash.c | 95 +++++++++++++++++++++++++++++++++++++++
> > 2 files changed, 98 insertions(+)
> > create mode 100644 crypto/bpf_crypto_shash.c
> >
> > diff --git a/crypto/Makefile b/crypto/Makefile
> > index 16a35649dd91..853dff375906 100644
> > --- a/crypto/Makefile
> > +++ b/crypto/Makefile
> > @@ -30,6 +30,9 @@ obj-$(CONFIG_CRYPTO_ECHAINIV) += echainiv.o
> > crypto_hash-y += ahash.o
> > crypto_hash-y += shash.o
> > obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o
> > +ifeq ($(CONFIG_BPF_SYSCALL),y)
> > +obj-$(CONFIG_CRYPTO_HASH2) += bpf_crypto_shash.o
> > +endif
> >
> > obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o
> > obj-$(CONFIG_CRYPTO_SIG2) += sig.o
> > diff --git a/crypto/bpf_crypto_shash.c b/crypto/bpf_crypto_shash.c
> > new file mode 100644
> > index 000000000000..95c178ec0ce8
> > --- /dev/null
> > +++ b/crypto/bpf_crypto_shash.c
> > @@ -0,0 +1,95 @@
> > +// SPDX-License-Identifier: GPL-2.0-only
> > +/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */
> > +#include <linux/types.h>
> > +#include <linux/module.h>
> > +#include <linux/bpf_crypto.h>
> > +#include <crypto/hash.h>
> > +
> > +struct bpf_shash_ctx {
> > + struct crypto_shash *tfm;
> > + struct shash_desc desc;
> > +};
> > +
> > +static void *bpf_crypto_shash_alloc_tfm(const char *algo)
> > +{
> > + struct bpf_shash_ctx *ctx;
> > + struct crypto_shash *tfm;
> > +
> > + tfm = crypto_alloc_shash(algo, 0, 0);
> > + if (IS_ERR(tfm))
> > + return tfm;
> > +
> > + ctx = kzalloc(sizeof(*ctx) + crypto_shash_descsize(tfm), GFP_KERNEL);
> > + if (!ctx) {
> > + crypto_free_shash(tfm);
> > + return ERR_PTR(-ENOMEM);
> > + }
> > +
> > + ctx->tfm = tfm;
> > + ctx->desc.tfm = tfm;
> > +
> > + return ctx;
> > +}
>
> What if we let bpf_crypto_shash_alloc_tfm() return a "struct shash_desc"?
> shash_desc->tfm is already struct crypto_shash. This way, we don't need
> bpf_shash_ctx any more. Would this work?
>
> Thanks,
> Song
Yeah, that's much cleaner than the void * return.
-Daniel
> diff --git a/crypto/bpf_crypto_shash.c b/crypto/bpf_crypto_shash.c
> new file mode 100644
> index 000000000000..95c178ec0ce8
> --- /dev/null
> +++ b/crypto/bpf_crypto_shash.c
> @@ -0,0 +1,95 @@
[ ... ]
> +
> +static const struct bpf_crypto_type bpf_crypto_shash_type = {
> + .alloc_tfm = bpf_crypto_shash_alloc_tfm,
> + .free_tfm = bpf_crypto_shash_free_tfm,
> + .has_algo = bpf_crypto_shash_has_algo,
> + .hash = bpf_crypto_shash_hash,
> + .digestsize = bpf_crypto_shash_digestsize,
> + .get_flags = bpf_crypto_shash_get_flags,
> + .owner = THIS_MODULE,
> + .name = "hash",
> +};
The bpf_crypto_type implementation leaves several function pointers as
NULL (setkey, setauthsize, encrypt, decrypt, ivsize, statesize), which is
appropriate for plain hash algorithms. However, this creates an interface
contract mismatch with bpf_crypto_ctx_create() in kernel/bpf/crypto.c.
Looking at the caller bpf_crypto_ctx_create():
Line 174-177:
if (!params->key_len || params->key_len > sizeof(params->key)) {
*err = -EINVAL;
goto err_module_put;
}
Can hash contexts be created? This check requires key_len to be non-zero,
but plain hash algorithms like SHA256 don't use keys. This prevents
creating hash contexts entirely.
Line 186-189:
ctx->tfm = type->alloc_tfm(params->algo);
if (IS_ERR(ctx->tfm)) {
*err = PTR_ERR(ctx->tfm);
goto err_free_tfm;
Can bpf_crypto_shash_free_tfm handle ERR_PTR? When alloc_tfm fails and
returns ERR_PTR, the code stores it in ctx->tfm then jumps to err_free_tfm
which calls type->free_tfm(ctx->tfm). In bpf_crypto_shash_free_tfm(), the
code dereferences ctx->tfm without checking for ERR_PTR, which will crash:
static void bpf_crypto_shash_free_tfm(void *tfm)
{
struct bpf_shash_ctx *ctx = tfm;
crypto_free_shash(ctx->tfm); /* dereferences ctx */
kfree(ctx);
}
Line 198:
*err = type->setkey(ctx->tfm, params->key, params->key_len);
Does this dereference NULL? The hash implementation doesn't provide setkey
(it's NULL in bpf_crypto_shash_type), but this line calls it
unconditionally.
Line 207:
ctx->siv_len = type->ivsize(ctx->tfm) + type->statesize(ctx->tfm);
Do these dereference NULL? The hash implementation doesn't provide ivsize
or statesize (both NULL), but this line calls them unconditionally.
Note: These issues are fixed in commit 14cc32f873e0 ("bpf: Add SHA hash
kfunc for cryptographic hashing") which makes the setkey, ivsize, and
statesize calls conditional, and fixes the ERR_PTR handling by changing
the error path from "goto err_free_tfm" to "goto err_free_ctx".
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/20015426139
© 2016 - 2026 Red Hat, Inc.