[PATCH v2] crypto: add precalculated hash for zero message length

2015-10-20 Thread LABBE Corentin 
Hello

Some crypto drivers cannot process empty data message and so rely on
precalculated hash.
This patch series add precalculated hash in headers and
make the drivers use them.

Using those precalculated hash make some additionnal constify patch necessary.

Changes since v1:
- Added missing sha/md5 header in testmgr.h
- indented a block comment in CCP
- moved precalculated hash from header to .c files

Regards
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 5/8] crypto: akcipher: fix typos in include/crypto/akcipher.h

2015-10-20 Thread LABBE Corentin 
Fix numerous spelling error in include/crypto/akcipher.h

Signed-off-by: LABBE Corentin 
---
 include/crypto/akcipher.h | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 69d163e..0c9fa68 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -19,12 +19,12 @@
  *
  * @base:  Common attributes for async crypto requests
  * @src:   Pointer to memory containing the input parameters
- * The format of the parameter(s) is expeted to be Octet String
- * @dst:   Pointer to memory whare the result will be stored
+ * The format of the parameter(s) is expected to be Octet String
+ * @dst:   Pointer to memory where the result will be stored
  * @src_len:   Size of the input parameter
- * @dst_len:   Size of the output buffer. It needs to be at leaset
+ * @dst_len:   Size of the output buffer. It needs to be at least
  * as big as the expected result depending on the operation
- * After operation it will be updated with the acctual size of the
+ * After operation it will be updated with the actual size of the
  * result. In case of error, where the dst_len was insufficient,
  * it will be updated to the size required for the operation.
  * @__ctx: Start of private context data
@@ -59,7 +59,7 @@ struct crypto_akcipher {
  * algorithm. In case of error, where the dst_len was insufficient,
  * the req->dst_len will be updated to the size required for the
  * operation
- * @encrypt:   Function performs an encrytp operation as defined by public key
+ * @encrypt:   Function performs an encrypt operation as defined by public key
  * algorithm. In case of error, where the dst_len was insufficient,
  * the req->dst_len will be updated to the size required for the
  * operation
@@ -224,7 +224,7 @@ static inline void akcipher_request_set_callback(struct 
akcipher_request *req,
 }
 
 /**
- * akcipher_request_set_crypt() -- Sets reqest parameters
+ * akcipher_request_set_crypt() -- Sets request parameters
  *
  * Sets parameters required by crypto operation
  *
@@ -233,7 +233,7 @@ static inline void akcipher_request_set_callback(struct 
akcipher_request *req,
  * @dst:   ptr of output parameter
  * @src_len:   size of the input buffer
  * @dst_len:   size of the output buffer. It will be updated by the
- * implementation to reflect the acctual size of the result
+ * implementation to reflect the actual size of the result
  */
 static inline void akcipher_request_set_crypt(struct akcipher_request *req,
  void *src, void *dst,
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 5/8] crypto: akcipher: fix typos in include/crypto/akcipher.h

2015-10-20 Thread Stephan Mueller 
Am Dienstag, 20. Oktober 2015, 09:34:01 schrieb LABBE Corentin:

Hi LABBE,

>Fix numerous spelling error in include/crypto/akcipher.h
>
>Signed-off-by: LABBE Corentin 
>---
> include/crypto/akcipher.h | 14 +++---
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
>diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
>index 69d163e..0c9fa68 100644
>--- a/include/crypto/akcipher.h
>+++ b/include/crypto/akcipher.h
>@@ -19,12 +19,12 @@
>  *
>  * @base: Common attributes for async crypto requests
>  * @src:  Pointer to memory containing the input parameters
>- *The format of the parameter(s) is expeted to be Octet String
>- * @dst:  Pointer to memory whare the result will be stored
>+ *The format of the parameter(s) is expected to be Octet String
>+ * @dst:  Pointer to memory where the result will be stored
>  * @src_len:  Size of the input parameter
>- * @dst_len:  Size of the output buffer. It needs to be at leaset
>+ * @dst_len:  Size of the output buffer. It needs to be at least
>  *as big as the expected result depending on the operation
>- *After operation it will be updated with the acctual size of 
the
>+ *After operation it will be updated with the actual size of the
>  *result. In case of error, where the dst_len was insufficient,
>  *it will be updated to the size required for the operation.
>  * @__ctx:Start of private context data
>@@ -59,7 +59,7 @@ struct crypto_akcipher {
>  *algorithm. In case of error, where the dst_len was 
insufficient,
>  *the req->dst_len will be updated to the size required for the
>  *operation
>- * @encrypt:  Function performs an encrytp operation as defined by public 
key
>+ * @encrypt:  Function performs an encrypt operation as defined by public
>key *  algorithm. In case of error, where the dst_len was 
insufficient,
>*  the req->dst_len will be updated to the size required for the
>  *operation
>@@ -224,7 +224,7 @@ static inline void akcipher_request_set_callback(struct
>akcipher_request *req, }
>
> /**
>- * akcipher_request_set_crypt() -- Sets reqest parameters
>+ * akcipher_request_set_crypt() -- Sets request parameters

Note, this patch will clash with my patch that I sent 2 days ago: I removed 
the double slashes from these lines here as they do not look good in a 
DocBook.
>  *
>  * Sets parameters required by crypto operation
>  *
>@@ -233,7 +233,7 @@ static inline void akcipher_request_set_callback(struct
>akcipher_request *req, * @dst: ptr of output parameter
>  * @src_len:  size of the input buffer
>  * @dst_len:  size of the output buffer. It will be updated by the
>- *implementation to reflect the acctual size of the result
>+ *implementation to reflect the actual size of the result
>  */
> static inline void akcipher_request_set_crypt(struct akcipher_request *req,
> void *src, void *dst,


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 4/8] crypto: ux500: Use precalculated hash from headers

2015-10-20 Thread LABBE Corentin 
Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin 
---
 drivers/crypto/ux500/hash/hash_core.c | 20 ++--
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/ux500/hash/hash_core.c 
b/drivers/crypto/ux500/hash/hash_core.c
index 8b9391f..0de5f59 100644
--- a/drivers/crypto/ux500/hash/hash_core.c
+++ b/drivers/crypto/ux500/hash/hash_core.c
@@ -41,22 +41,6 @@ static int hash_mode;
 module_param(hash_mode, int, 0);
 MODULE_PARM_DESC(hash_mode, "CPU or DMA mode. CPU = 0 (default), DMA = 1");
 
-/**
- * Pre-calculated empty message digests.
- */
-static const u8 zero_message_hash_sha1[SHA1_DIGEST_SIZE] = {
-   0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
-   0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
-   0xaf, 0xd8, 0x07, 0x09
-};
-
-static const u8 zero_message_hash_sha256[SHA256_DIGEST_SIZE] = {
-   0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
-   0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
-   0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
-   0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
-};
-
 /* HMAC-SHA1, no key */
 static const u8 zero_message_hmac_sha1[SHA1_DIGEST_SIZE] = {
0xfb, 0xdb, 0x1d, 0x1b, 0x18, 0xaa, 0x6c, 0x08,
@@ -242,13 +226,13 @@ static int get_empty_message_digest(
 
if (HASH_OPER_MODE_HASH == ctx->config.oper_mode) {
if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
-   memcpy(zero_hash, _message_hash_sha1[0],
+   memcpy(zero_hash, _zero_message_hash[0],
   SHA1_DIGEST_SIZE);
*zero_hash_size = SHA1_DIGEST_SIZE;
*zero_digest = true;
} else if (HASH_ALGO_SHA256 ==
ctx->config.algorithm) {
-   memcpy(zero_hash, _message_hash_sha256[0],
+   memcpy(zero_hash, _zero_message_hash[0],
   SHA256_DIGEST_SIZE);
*zero_hash_size = SHA256_DIGEST_SIZE;
*zero_digest = true;
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 7/8] crypto: testmgr: Constify tested key/iv/plaintext/digest

2015-10-20 Thread LABBE Corentin 
All key/iv/plaintext/digest in testmgr are constant data.
Furthermore the testmgr will never modify thoses data.
This patch set all members of xxx_testvec as pointer to const.

Signed-off-by: LABBE Corentin 
---
 crypto/testmgr.h | 34 +-
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 64b8a80..03b2f19 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -37,9 +37,9 @@
 
 struct hash_testvec {
/* only used with keyed hash algorithms */
-   char *key;
-   char *plaintext;
-   char *digest;
+   const char *key;
+   const char *plaintext;
+   const char *digest;
unsigned char tap[MAX_TAP];
unsigned short psize;
unsigned char np;
@@ -65,10 +65,10 @@ struct hash_testvec {
  */
 
 struct cipher_testvec {
-   char *key;
-   char *iv;
-   char *input;
-   char *result;
+   const char *key;
+   const char *iv;
+   const char *input;
+   const char *result;
unsigned short tap[MAX_TAP];
int np;
unsigned char also_non_np;
@@ -80,11 +80,11 @@ struct cipher_testvec {
 };
 
 struct aead_testvec {
-   char *key;
-   char *iv;
-   char *input;
-   char *assoc;
-   char *result;
+   const char *key;
+   const char *iv;
+   const char *input;
+   const char *assoc;
+   const char *result;
unsigned char tap[MAX_TAP];
unsigned char atap[MAX_TAP];
int np;
@@ -99,10 +99,10 @@ struct aead_testvec {
 };
 
 struct cprng_testvec {
-   char *key;
-   char *dt;
-   char *v;
-   char *result;
+   const char *key;
+   const char *dt;
+   const char *v;
+   const char *result;
unsigned char klen;
unsigned short dtlen;
unsigned short vlen;
@@ -126,7 +126,7 @@ struct drbg_testvec {
 };
 
 struct akcipher_testvec {
-   unsigned char *key;
+   const unsigned char *key;
unsigned char *m;
unsigned char *c;
unsigned int key_len;
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/8] crypto: niagara: Use precalculated hash from headers

2015-10-20 Thread LABBE Corentin 
Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin 
---
 drivers/crypto/n2_core.c | 33 ++---
 1 file changed, 6 insertions(+), 27 deletions(-)

diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
index 2e8dab9..8ea6c32 100644
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -241,7 +241,7 @@ static inline bool n2_should_run_async(struct spu_queue 
*qp, int this_len)
 
 struct n2_ahash_alg {
struct list_headentry;
-   const char  *hash_zero;
+   const u8*hash_zero;
const u32   *hash_init;
u8  hw_op_hashsz;
u8  digest_size;
@@ -1267,7 +1267,7 @@ static LIST_HEAD(cipher_algs);
 
 struct n2_hash_tmpl {
const char  *name;
-   const char  *hash_zero;
+   const u8*hash_zero;
const u32   *hash_init;
u8  hw_op_hashsz;
u8  digest_size;
@@ -1276,40 +1276,19 @@ struct n2_hash_tmpl {
u8  hmac_type;
 };
 
-static const char md5_zero[MD5_DIGEST_SIZE] = {
-   0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
-   0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
-};
 static const u32 md5_init[MD5_HASH_WORDS] = {
cpu_to_le32(MD5_H0),
cpu_to_le32(MD5_H1),
cpu_to_le32(MD5_H2),
cpu_to_le32(MD5_H3),
 };
-static const char sha1_zero[SHA1_DIGEST_SIZE] = {
-   0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32,
-   0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8,
-   0x07, 0x09
-};
 static const u32 sha1_init[SHA1_DIGEST_SIZE / 4] = {
SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
 };
-static const char sha256_zero[SHA256_DIGEST_SIZE] = {
-   0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a,
-   0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae,
-   0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99,
-   0x1b, 0x78, 0x52, 0xb8, 0x55
-};
 static const u32 sha256_init[SHA256_DIGEST_SIZE / 4] = {
SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
 };
-static const char sha224_zero[SHA224_DIGEST_SIZE] = {
-   0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
-   0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
-   0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
-   0x2f
-};
 static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {
SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
@@ -1317,7 +1296,7 @@ static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {
 
 static const struct n2_hash_tmpl hash_tmpls[] = {
{ .name = "md5",
- .hash_zero= md5_zero,
+ .hash_zero= md5_zero_message_hash,
  .hash_init= md5_init,
  .auth_type= AUTH_TYPE_MD5,
  .hmac_type= AUTH_TYPE_HMAC_MD5,
@@ -1325,7 +1304,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
  .digest_size  = MD5_DIGEST_SIZE,
  .block_size   = MD5_HMAC_BLOCK_SIZE },
{ .name = "sha1",
- .hash_zero= sha1_zero,
+ .hash_zero= sha1_zero_message_hash,
  .hash_init= sha1_init,
  .auth_type= AUTH_TYPE_SHA1,
  .hmac_type= AUTH_TYPE_HMAC_SHA1,
@@ -1333,7 +1312,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
  .digest_size  = SHA1_DIGEST_SIZE,
  .block_size   = SHA1_BLOCK_SIZE },
{ .name = "sha256",
- .hash_zero= sha256_zero,
+ .hash_zero= sha256_zero_message_hash,
  .hash_init= sha256_init,
  .auth_type= AUTH_TYPE_SHA256,
  .hmac_type= AUTH_TYPE_HMAC_SHA256,
@@ -1341,7 +1320,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
  .digest_size  = SHA256_DIGEST_SIZE,
  .block_size   = SHA256_BLOCK_SIZE },
{ .name = "sha224",
- .hash_zero= sha224_zero,
+ .hash_zero= sha224_zero_message_hash,
  .hash_init= sha224_init,
  .auth_type= AUTH_TYPE_SHA256,
  .hmac_type= AUTH_TYPE_RESERVED,
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

2015-10-20 Thread LABBE Corentin 
Since md5/shaxxx headers have hash for zero message length, just use them.

Signed-off-by: LABBE Corentin 
---
 crypto/testmgr.h | 18 ++
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 03b2f19..7a8f51e 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -28,6 +28,8 @@
 #include 
 
 #include 
+#include 
+#include 
 
 #define MAX_DIGEST_SIZE64
 #define MAX_TAP8
@@ -367,8 +369,7 @@ static struct hash_testvec md4_tv_template [] = {
 
 static struct hash_testvec md5_tv_template[] = {
{
-   .digest = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
- "\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+   .digest = md5_zero_message_hash,
}, {
.plaintext = "a",
.psize  = 1,
@@ -713,8 +714,7 @@ static struct hash_testvec sha1_tv_template[] = {
{
.plaintext = "",
.psize  = 0,
-   .digest = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55"
- "\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09",
+   .digest = sha1_zero_message_hash,
}, {
.plaintext = "abc",
.psize  = 3,
@@ -905,10 +905,7 @@ static struct hash_testvec sha224_tv_template[] = {
{
.plaintext = "",
.psize  = 0,
-   .digest = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
- "\x47\x61\x02\xbb\x28\x82\x34\xc4"
- "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
- "\xc5\xb3\xe4\x2f",
+   .digest = sha224_zero_message_hash,
}, {
.plaintext = "abc",
.psize  = 3,
@@ -1079,10 +1076,7 @@ static struct hash_testvec sha256_tv_template[] = {
{
.plaintext = "",
.psize  = 0,
-   .digest = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
- "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
- "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
- "\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+   .digest = sha256_zero_message_hash,
}, {
.plaintext = "abc",
.psize  = 3,
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/2] crypto/x509: Fix unaligned access in x509_get_sig_params()

2015-10-20 Thread David Howells 
Sowmini Varadhan  wrote:

> x509_get_sig_params() has the same code pattern as the one in
> pkcs7_verify() that is fixed by commit 62f57d05e287 ("crypto: pkcs7 - Fix
> unaligned access in pkcs7_verify()") so apply a similar fix here: make
> sure that desc is pointing at an algined value past the digest_size,
> and take alignment values into consideration when doing kzalloc()
> 
> Signed-off-by: Sowmini Varadhan 

Acked-by: David Howells 
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

2015-10-20 Thread LABBE Corentin 
Some crypto drivers cannot process empty data message and return a
precalculated hash for md5/sha1/sha224/sha256.

This patch add thoses precalculated hash in include/crypto.

Signed-off-by: LABBE Corentin 
---
 crypto/md5.c|  6 ++
 crypto/sha1_generic.c   |  7 +++
 crypto/sha256_generic.c | 16 
 include/crypto/md5.h|  2 ++
 include/crypto/sha.h|  6 ++
 5 files changed, 37 insertions(+)

diff --git a/crypto/md5.c b/crypto/md5.c
index 33d17e9..2355a7c 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -24,6 +24,12 @@
 #include 
 #include 
 
+const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
+   0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+   0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
+};
+EXPORT_SYMBOL_GPL(md5_zero_message_hash);
+
 /* XXX: this stuff can be optimized */
 static inline void le32_to_cpu_array(u32 *buf, unsigned int words)
 {
diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
index 39e3acc..6877cbb 100644
--- a/crypto/sha1_generic.c
+++ b/crypto/sha1_generic.c
@@ -26,6 +26,13 @@
 #include 
 #include 
 
+const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE] = {
+   0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+   0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+   0xaf, 0xd8, 0x07, 0x09
+};
+EXPORT_SYMBOL_GPL(sha1_zero_message_hash);
+
 static void sha1_generic_block_fn(struct sha1_state *sst, u8 const *src,
  int blocks)
 {
diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
index 7843116..8f9c47e 100644
--- a/crypto/sha256_generic.c
+++ b/crypto/sha256_generic.c
@@ -27,6 +27,22 @@
 #include 
 #include 
 
+const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = {
+   0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
+   0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
+   0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
+   0x2f
+};
+EXPORT_SYMBOL_GPL(sha224_zero_message_hash);
+
+const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = {
+   0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+   0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+   0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+   0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
+};
+EXPORT_SYMBOL_GPL(sha256_zero_message_hash);
+
 static inline u32 Ch(u32 x, u32 y, u32 z)
 {
return z ^ (x & (y ^ z));
diff --git a/include/crypto/md5.h b/include/crypto/md5.h
index 146af82..327deac 100644
--- a/include/crypto/md5.h
+++ b/include/crypto/md5.h
@@ -13,6 +13,8 @@
 #define MD5_H2 0x98badcfeUL
 #define MD5_H3 0x10325476UL
 
+extern const u8 md5_zero_message_hash[MD5_DIGEST_SIZE];
+
 struct md5_state {
u32 hash[MD5_HASH_WORDS];
u32 block[MD5_BLOCK_WORDS];
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index dd7905a..c94d3eb 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -64,6 +64,12 @@
 #define SHA512_H6  0x1f83d9abfb41bd6bULL
 #define SHA512_H7  0x5be0cd19137e2179ULL
 
+extern const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE];
+
+extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE];
+
+extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE];
+
 struct sha1_state {
u32 state[SHA1_DIGEST_SIZE / 4];
u64 count;
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/8] crypto: ccp: Use precalculated hash from headers

2015-10-20 Thread LABBE Corentin 
Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin 
---
 drivers/crypto/ccp/ccp-ops.c | 39 ---
 1 file changed, 8 insertions(+), 31 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
index d09c6c4..64fac2b 100644
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / 
sizeof(__be32)] = {
cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
 };
 
-/* The CCP cannot perform zero-length sha operations so the caller
- * is required to buffer data for the final operation.  However, a
- * sha operation for a message with a total length of zero is valid
- * so known values are required to supply the result.
- */
-static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
-   0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
-   0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
-   0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
-   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
-   0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
-   0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
-   0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
-   0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
-   0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
-   0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
-   0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
-   0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
-};
-
 static u32 ccp_addr_lo(struct ccp_dma_info *info)
 {
return lower_32_bits(info->address + info->offset);
@@ -1388,18 +1362,21 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, 
struct ccp_cmd *cmd)
if (sha->msg_bits)
return -EINVAL;
 
-   /* A sha operation for a message with a total length of zero,
-* return known result.
+   /* The CCP cannot perform zero-length sha operations so the
+* caller is required to buffer data for the final operation.
+* However, a sha operation for a message with a total length
+* of zero is valid so known values are required to supply
+* the result.
 */
switch (sha->type) {
case CCP_SHA_TYPE_1:
-   sha_zero = ccp_sha1_zero;
+   sha_zero = sha1_zero_message_hash;
break;
case CCP_SHA_TYPE_224:
-   sha_zero = ccp_sha224_zero;
+   sha_zero = sha224_zero_message_hash;
break;
case CCP_SHA_TYPE_256:
-   sha_zero = ccp_sha256_zero;
+   sha_zero = sha256_zero_message_hash;
break;
default:
return -EINVAL;
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] lib/mpi: clean unused SHA1_DIGEST_LENGTH

2015-10-20 Thread Herbert Xu 
On Thu, Oct 15, 2015 at 08:34:53PM +0200, LABBE Corentin wrote:
> The define SHA1_DIGEST_LENGTH is not used anywhere, so remove it.
> 
> Signed-off-by: LABBE Corentin 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] hwrng: exynos - Fix unbalanced PM runtime get/puts

2015-10-20 Thread Herbert Xu 
On Fri, Oct 16, 2015 at 05:01:51PM +0100, Daniel Thompson wrote:
> Currently this driver calls pm_runtime_get_sync() rampantly
> but never puts anything back. This makes it impossible for the
> device to autosuspend properly; it will remain fully active
> after the first use.
> 
> Fix in the obvious way.
> 
> Signed-off-by: Daniel Thompson 
> Cc: Kukjin Kim 
> Cc: Krzysztof Kozlowski 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] akcipher: Don't #include crypto/public_key.h as the contents aren't used

2015-10-20 Thread Herbert Xu 
On Mon, Oct 19, 2015 at 12:19:45PM +0100, David Howells wrote:
> Don't #include crypto/public_key.h in akcipher as the contents of the
> header aren't used and changes in a future patch cause it to fail to
> compile if CONFIG_KEYS=n.
> 
> Signed-off-by: David Howells 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2 0/6] Fix CAAM hash driver

2015-10-20 Thread Herbert Xu 
On Sun, Oct 18, 2015 at 05:50:47PM +0100, Russell King - ARM Linux wrote:
> The following series fixes the CAAM hash driver, allowing it to work
> with the previously merged "crypto: ahash - ensure statesize is non-
> zero" patch.
> 
> This is non-trivial, because CAAM exports a huge 1600 bytes of data,
> which, if we set .statesize to this, still results in the core code
> rejecting the driver.  So, we need to shrink the amount of state
> exported.
> 
> The first, most obvious one to get rid of is the export of the
> caam_hash_ctx structure, which is shared between the socket being
> exported from and imported to - copying it away and back again was
> a complete no-op.
> 
> The second is that we don't need to export both pending-bytes buffers.
> Only one will be in use at any time.
> 
> A problem was encountered while testing, where the size of the pending
> bytes buffer was not added to the scatterlist with the correct length.
> This is also fixed in this series, by patch 3.  This bug was introduced
> by a prior commit trying to fix a tcrypt error.  However, the change is
> wrong, but I have to question whether the test was correct or not - the
> backtrace contains a function "test_ahash_pnum" which doesn't seem to
> exist in mainline, nor does it seem to exist in any previous mainline
> kernel.
> 
> Version 2 of this series addresses a mismerge in patch 5 of the
> original series, and adds further information to patch 3.
> 
> Further testing with tcrypt showed up a problem identified by the
> DMA API debugging (different to the original one referred to in
> patch 3) where we leak DMA mappings.

Patches 1-5 applied.  Patch 6 failed to apply because the cryptodev
tree already has a patch that converts caam to use dma_map_sg instead
of the caam-specific dma_map_sg_chained.  If your patch is still
needed could you please rebase it on top of cryptodev?

commit 13fb8fd7a81923f7a64b4e688fe0bdaf1ea26adf
Author: LABBE Corentin 
Date:   Wed Sep 23 13:55:27 2015 +0200

crypto: caam - dma_map_sg can handle chained SG

Thanks,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/2] crypto/x509: Fix unaligned access in x509_get_sig_params()

2015-10-20 Thread Herbert Xu 
On Mon, Oct 19, 2015 at 05:23:28PM -0400, Sowmini Varadhan wrote:
> x509_get_sig_params() has the same code pattern as the one in
> pkcs7_verify() that is fixed by commit 62f57d05e287 ("crypto: pkcs7 - Fix
> unaligned access in pkcs7_verify()") so apply a similar fix here: make
> sure that desc is pointing at an algined value past the digest_size,
> and take alignment values into consideration when doing kzalloc()
> 
> Signed-off-by: Sowmini Varadhan 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2 1/5] MPI: fix off by one in mpi_read_raw_from_sgl

2015-10-20 Thread Herbert Xu 
On Sun, Oct 18, 2015 at 12:45:18PM +0200, Stephan Mueller wrote:
> The patch fixes the analysis of the input data which contains an off
> by one.
> 
> The issue is visible when the SGL contains one byte per SG entry.
> The code for checking for zero bytes does not operate on the data byte.
> 
> Signed-off-by: Stephan Mueller 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] crypto: qat - fix crypto_get_instance_node function

2015-10-20 Thread Herbert Xu 
On Fri, Oct 16, 2015 at 11:40:56AM -0700, Tadeusz Struk wrote:
> qat_crypto_get_instance_node function needs to handle situation when the
> first dev in the list is not started.
> 
> Signed-off-by: Tadeusz Struk 

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 00/18] crypto: further fixes for Marvell CESA hash

2015-10-20 Thread Herbert Xu 
On Sun, Oct 18, 2015 at 05:16:49PM +0100, Russell King - ARM Linux wrote:
> Following on from the previous series, this series addresses further
> problems with the Marvell CESA hash driver found while testing it my
> openssl/ssh scenarios.
> 
> The first patch improves one from the previous series: we can get the
> transform more directly using req->base.tfm rather than going round
> the houses.
> 
> The next few patches rework the algorithm endianness conversions.
> There are two things which depend on the algorithm endianness - the
> format of the result, and the format of the bit length in the last
> block.  We introduce a flag to convey this information, and keep
> the creq->state format in CPU endian mode for consistency.
> 
> Some of the inconsistent hash results are down to the template
> operation not being properly initialised - so we zero initialise all
> template operations.
> 
> The following patches (from "factor out first fragment decisions to
> helper") rework the digest handling to ensure that we always provide
> the hardware with a complete block of data to hash, otherwise it can
> be left mid-calculation, which then causes state to leak to
> subsequent operations.  This requires a re-structure of the way we
> put together the DMA entries, so it's done in relatively small steps.
> 
> This results in the CESA driver passing all tests I can throw at it
> via the AF_ALG openssl plugin with the exception of asking for the
> hash of /dev/null.  This returns an all zero result, rather than the
> correct hash value.  This bug is pending further diagnosis, but it
> is believed not to be a driver specific bug as iMX6 CAAM also behaves
> the same.
> 
> Unfortunately, this is a large series, but the driver unfortunately
> needs this level of bug fixing to work properly.

All applied.  Thanks Russell!
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 0/4] hwrng: exynos - Add Device Tree support

2015-10-20 Thread Herbert Xu 
On Mon, Oct 19, 2015 at 01:37:38PM +0900, Krzysztof Kozlowski wrote:
> Hi,
> 
> The patchset fixes known issues in Exynos hardware random number
> generator and adds Device Tree support for it.
> 
> The device was tested on Trats2 board (Exynos4412). It should work
> on other Exynos4 and Exynos5 as well... altough it seems that
> on some of Exynos542x boards the SSS module is secured.

All applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 0/6] Sparse related fixes

2015-10-20 Thread Herbert Xu 
On Sun, Oct 18, 2015 at 06:30:39PM +0100, Russell King - ARM Linux wrote:
> Continuing on from the previous set of 18 patches, I also fixed a
> number of sparse problems and other cleanups.  I don't deem these
> suitable for -rc merging, especially now that we're basically at
> -rc6.
> 
> The first patch switches the driver over to appropriately using
> the relaxed IO accessors - this avoids calling out to the heavy
> barrier on every read and write operation, but only calling out on
> those which really matter.
> 
> We switch to using dma_addr_t for DMA addresses which are not accessed
> by hardware, and using gfp_t for the get_free_page flags.  String-based
> MMIO accesses are used instead of plain memcpy()/memset() which prevents
> us potentially stumbling over GCC optimisations that it thinks it may
> make with these functions.
> 
> We convert as much of the hardware state to __le32 endian markings,
> and use cpu_to_le32() as appropriate.  A number of places are left
> unfixed, as we temporarily store CPU native endian values at these
> locations; these warnings should not be fixed (basically, only
> appropriate sparse warnings should be fixed without penalising code.)

All applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] crypto: sun4i-ss: add missing statesize

2015-10-20 Thread LABBE Corentin 
sun4i-ss implementaton of md5/sha1 is via ahash algorithms.
A recent change make impossible to load them without giving statesize.
This patch specifiy statesize for sha1 and md5.

Signed-off-by: LABBE Corentin 
---
 drivers/crypto/sunxi-ss/sun4i-ss-core.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-core.c 
b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
index eab6fe2..107cd2a 100644
--- a/drivers/crypto/sunxi-ss/sun4i-ss-core.c
+++ b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
@@ -39,6 +39,7 @@ static struct sun4i_ss_alg_template ss_algs[] = {
.import = sun4i_hash_import_md5,
.halg = {
.digestsize = MD5_DIGEST_SIZE,
+   .statesize = sizeof(struct md5_state),
.base = {
.cra_name = "md5",
.cra_driver_name = "md5-sun4i-ss",
@@ -66,6 +67,7 @@ static struct sun4i_ss_alg_template ss_algs[] = {
.import = sun4i_hash_import_sha1,
.halg = {
.digestsize = SHA1_DIGEST_SIZE,
+   .statesize = sizeof(struct sha1_state),
.base = {
.cra_name = "sha1",
.cra_driver_name = "sha1-sun4i-ss",
-- 
2.4.10

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2 0/6] Fix CAAM hash driver

2015-10-20 Thread Victoria Milhoan 
On Sun, 18 Oct 2015 17:50:47 +0100
Russell King - ARM Linux  wrote:

> The following series fixes the CAAM hash driver, allowing it to work
> with the previously merged "crypto: ahash - ensure statesize is non-
> zero" patch.
> 
> This is non-trivial, because CAAM exports a huge 1600 bytes of data,
> which, if we set .statesize to this, still results in the core code
> rejecting the driver.  So, we need to shrink the amount of state
> exported.
> 
> The first, most obvious one to get rid of is the export of the
> caam_hash_ctx structure, which is shared between the socket being
> exported from and imported to - copying it away and back again was
> a complete no-op.
> 
> The second is that we don't need to export both pending-bytes buffers.
> Only one will be in use at any time.
> 
> A problem was encountered while testing, where the size of the pending
> bytes buffer was not added to the scatterlist with the correct length.
> This is also fixed in this series, by patch 3.  This bug was introduced
> by a prior commit trying to fix a tcrypt error.  However, the change is
> wrong, but I have to question whether the test was correct or not - the
> backtrace contains a function "test_ahash_pnum" which doesn't seem to
> exist in mainline, nor does it seem to exist in any previous mainline
> kernel.
> 
> Version 2 of this series addresses a mismerge in patch 5 of the
> original series, and adds further information to patch 3.
> 
> Further testing with tcrypt showed up a problem identified by the
> DMA API debugging (different to the original one referred to in
> patch 3) where we leak DMA mappings.
> 
>  drivers/crypto/caam/caamhash.c | 101 
> +
>  1 file changed, 71 insertions(+), 30 deletions(-)
> 
> -- 
> FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
> according to speedtest.net.

Russell,

Thanks for putting these patches together. I tested the contents
successfully with OpenSSL/AF_ALG and i.MX6.

Tested-by: Victoria Milhoan 

-- 
Victoria Milhoan 

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] crypto: qat - when stopping all devices make fure VF are stopped first

2015-10-20 Thread Tadeusz Struk 
When stopping all devices make sure VFs are stopped before the
corresponding PF.
VFs will always be after PF so just need to loop back.

Signed-off-by: Tadeusz Struk 
---
 drivers/crypto/qat/qat_common/adf_ctl_drv.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/qat/qat_common/adf_ctl_drv.c 
b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
index 03856ad..bd8dfa1 100644
--- a/drivers/crypto/qat/qat_common/adf_ctl_drv.c
+++ b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
@@ -278,7 +278,7 @@ static int adf_ctl_stop_devices(uint32_t id)
struct list_head *itr, *head = adf_devmgr_get_head();
int ret = 0;
 
-   list_for_each(itr, head) {
+   list_for_each_prev(itr, head) {
struct adf_accel_dev *accel_dev =
list_entry(itr, struct adf_accel_dev, list);
if (id == accel_dev->accel_id || id == ADF_CFG_ALL_DEVICES) {

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/8] crypto: ux500: Use precalculated hash from headers

2015-10-20 Thread kbuild test robot 
Hi LABBE,

[auto build test ERROR on crypto/master -- if it's inappropriate base, please 
suggest rules for selecting the more suitable base]

url:
https://github.com/0day-ci/linux/commits/LABBE-Corentin/crypto-hash-add-zero-length-message-hash-for-shax-and-md5/20151020-154222
config: arm-u8500_defconfig (attached as .config)
reproduce:
wget 
https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross
 -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=arm 

All errors (new ones prefixed by >>):

   drivers/built-in.o: In function `get_empty_message_digest':
>> drivers/crypto/ux500/hash/hash_core.c:229: undefined reference to 
>> `sha1_zero_message_hash'
>> drivers/crypto/ux500/hash/hash_core.c:229: undefined reference to 
>> `sha1_zero_message_hash'

vim +229 drivers/crypto/ux500/hash/hash_core.c

   223  /**
   224   * Caller responsible for ctx != NULL.
   225   */
   226  
   227  if (HASH_OPER_MODE_HASH == ctx->config.oper_mode) {
   228  if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
 > 229  memcpy(zero_hash, _zero_message_hash[0],
   230 SHA1_DIGEST_SIZE);
   231  *zero_hash_size = SHA1_DIGEST_SIZE;
   232  *zero_digest = true;

---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all   Intel Corporation


.config.gz
Description: Binary data