From: kernel test robot <lkp@intel.com>
To: Li Tian <litian@redhat.com>
Cc: llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev
Subject: Re: [PATCH RFC] crypto/hkdf: Fix salt length short issue in FIPS mode
Date: Sat, 29 Nov 2025 07:15:56 +0800 [thread overview]
Message-ID: <202511290734.V82ilOWk-lkp@intel.com> (raw)
In-Reply-To: <20251126134222.22083-1-litian@redhat.com>
Hi Li,
[This is a private test report for your RFC patch.]
kernel test robot noticed the following build errors:
[auto build test ERROR on herbert-cryptodev-2.6/master]
[also build test ERROR on herbert-crypto-2.6/master linus/master v6.18-rc7 next-20251128]
[cannot apply to brauner-vfs/vfs.all]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Li-Tian/crypto-hkdf-Fix-salt-length-short-issue-in-FIPS-mode/20251126-214458
base: https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
patch link: https://lore.kernel.org/r/20251126134222.22083-1-litian%40redhat.com
patch subject: [PATCH RFC] crypto/hkdf: Fix salt length short issue in FIPS mode
config: arm-randconfig-001-20251129 (https://download.01.org/0day-ci/archive/20251129/202511290734.V82ilOWk-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251129/202511290734.V82ilOWk-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511290734.V82ilOWk-lkp@intel.com/
All errors (new ones prefixed by >>):
>> fs/crypto/hkdf.c:40:31: error: use of undeclared identifier 'HKDF_HASHLEN'
40 | static const u8 default_salt[HKDF_HASHLEN];
| ^
fs/crypto/hkdf.c:41:9: error: use of undeclared identifier 'HKDF_HASHLEN'
41 | u8 prk[HKDF_HASHLEN];
| ^
fs/crypto/hkdf.c:65:9: error: use of undeclared identifier 'HKDF_HASHLEN'
65 | u8 tmp[HKDF_HASHLEN];
| ^
fs/crypto/hkdf.c:67:30: error: use of undeclared identifier 'HKDF_HASHLEN'
67 | WARN_ON_ONCE(okmlen > 255 * HKDF_HASHLEN);
| ^
fs/crypto/hkdf.c:69:44: error: use of undeclared identifier 'HKDF_HASHLEN'
69 | for (unsigned int i = 0; i < okmlen; i += HKDF_HASHLEN) {
| ^
fs/crypto/hkdf.c:72:38: error: use of undeclared identifier 'HKDF_HASHLEN'
72 | hmac_sha512_update(&ctx, &okm[i - HKDF_HASHLEN],
| ^
fs/crypto/hkdf.c:73:9: error: use of undeclared identifier 'HKDF_HASHLEN'
73 | HKDF_HASHLEN);
| ^
fs/crypto/hkdf.c:78:20: error: use of undeclared identifier 'HKDF_HASHLEN'
78 | if (okmlen - i < HKDF_HASHLEN) {
| ^
8 errors generated.
vim +/HKDF_HASHLEN +40 fs/crypto/hkdf.c
c1144c9b8ad94d8 Eric Biggers 2019-08-04 15
c1144c9b8ad94d8 Eric Biggers 2019-08-04 16 /*
c1144c9b8ad94d8 Eric Biggers 2019-08-04 17 * HKDF consists of two steps:
c1144c9b8ad94d8 Eric Biggers 2019-08-04 18 *
c1144c9b8ad94d8 Eric Biggers 2019-08-04 19 * 1. HKDF-Extract: extract a pseudorandom key of length HKDF_HASHLEN bytes from
c1144c9b8ad94d8 Eric Biggers 2019-08-04 20 * the input keying material and optional salt.
c1144c9b8ad94d8 Eric Biggers 2019-08-04 21 * 2. HKDF-Expand: expand the pseudorandom key into output keying material of
c1144c9b8ad94d8 Eric Biggers 2019-08-04 22 * any length, parameterized by an application-specific info string.
c1144c9b8ad94d8 Eric Biggers 2019-08-04 23 *
c1144c9b8ad94d8 Eric Biggers 2019-08-04 24 * HKDF-Extract can be skipped if the input is already a pseudorandom key of
c1144c9b8ad94d8 Eric Biggers 2019-08-04 25 * length HKDF_HASHLEN bytes. However, cipher modes other than AES-256-XTS take
c1144c9b8ad94d8 Eric Biggers 2019-08-04 26 * shorter keys, and we don't want to force users of those modes to provide
c1144c9b8ad94d8 Eric Biggers 2019-08-04 27 * unnecessarily long master keys. Thus fscrypt still does HKDF-Extract. No
c1144c9b8ad94d8 Eric Biggers 2019-08-04 28 * salt is used, since fscrypt master keys should already be pseudorandom and
c1144c9b8ad94d8 Eric Biggers 2019-08-04 29 * there's no way to persist a random salt per master key from kernel mode.
c1144c9b8ad94d8 Eric Biggers 2019-08-04 30 */
c1144c9b8ad94d8 Eric Biggers 2019-08-04 31
c1144c9b8ad94d8 Eric Biggers 2019-08-04 32 /*
19591f7e781fd1e Eric Biggers 2025-09-05 33 * Compute HKDF-Extract using 'master_key' as the input keying material, and
19591f7e781fd1e Eric Biggers 2025-09-05 34 * prepare the resulting HMAC key in 'hkdf'. Afterwards, 'hkdf' can be used for
19591f7e781fd1e Eric Biggers 2025-09-05 35 * HKDF-Expand many times without having to recompute HKDF-Extract each time.
c1144c9b8ad94d8 Eric Biggers 2019-08-04 36 */
19591f7e781fd1e Eric Biggers 2025-09-05 37 void fscrypt_init_hkdf(struct hmac_sha512_key *hkdf, const u8 *master_key,
c1144c9b8ad94d8 Eric Biggers 2019-08-04 38 unsigned int master_key_size)
c1144c9b8ad94d8 Eric Biggers 2019-08-04 39 {
3241cd0c6c17919 Hannes Reinecke 2025-02-24 @40 static const u8 default_salt[HKDF_HASHLEN];
c1144c9b8ad94d8 Eric Biggers 2019-08-04 41 u8 prk[HKDF_HASHLEN];
c1144c9b8ad94d8 Eric Biggers 2019-08-04 42
19591f7e781fd1e Eric Biggers 2025-09-05 43 hmac_sha512_usingrawkey(default_salt, sizeof(default_salt),
19591f7e781fd1e Eric Biggers 2025-09-05 44 master_key, master_key_size, prk);
19591f7e781fd1e Eric Biggers 2025-09-05 45 hmac_sha512_preparekey(hkdf, prk, sizeof(prk));
c1144c9b8ad94d8 Eric Biggers 2019-08-04 46 memzero_explicit(prk, sizeof(prk));
c1144c9b8ad94d8 Eric Biggers 2019-08-04 47 }
c1144c9b8ad94d8 Eric Biggers 2019-08-04 48
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next prev parent reply other threads:[~2025-11-28 23:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-26 13:42 [PATCH RFC] crypto/hkdf: Fix salt length short issue in FIPS mode Li Tian
2025-11-26 17:41 ` Eric Biggers
[not found] ` <CAHhBTWuOy1nC1rYqye8BzE+unoC+3M9Dsw+Mj54=3eeFwqyTXw@mail.gmail.com>
2025-11-27 1:14 ` Eric Biggers
[not found] ` <CAHhBTWsTqP3LzJV+=_usvttJcMFoLYSY5Sqt2H-U-oki3Hu0Mw@mail.gmail.com>
2025-11-27 1:51 ` Eric Biggers
[not found] ` <CAHhBTWs6rWq2huD8Ech79OVOxK3v3ijU3KFFOGLQ+pr7277Vew@mail.gmail.com>
2025-11-27 3:23 ` Eric Biggers
2025-11-28 23:15 ` kernel test robot [this message]
2025-11-29 1:01 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202511290734.V82ilOWk-lkp@intel.com \
--to=lkp@intel.com \
--cc=litian@redhat.com \
--cc=llvm@lists.linux.dev \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.