From: kernel test robot <lkp@intel.com>
To: Li Tian <litian@redhat.com>
Cc: oe-kbuild-all@lists.linux.dev
Subject: Re: [PATCH RFC] crypto/hkdf: Fix salt length short issue in FIPS mode
Date: Sat, 29 Nov 2025 09:01:16 +0800 [thread overview]
Message-ID: <202511290809.8Fr4ja5n-lkp@intel.com> (raw)
In-Reply-To: <20251126134222.22083-1-litian@redhat.com>
Hi Li,
[This is a private test report for your RFC patch.]
kernel test robot noticed the following build errors:
[auto build test ERROR on herbert-cryptodev-2.6/master]
[also build test ERROR on herbert-crypto-2.6/master linus/master v6.18-rc7 next-20251128]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Li-Tian/crypto-hkdf-Fix-salt-length-short-issue-in-FIPS-mode/20251126-214458
base: https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
patch link: https://lore.kernel.org/r/20251126134222.22083-1-litian%40redhat.com
patch subject: [PATCH RFC] crypto/hkdf: Fix salt length short issue in FIPS mode
config: arc-randconfig-001-20251129 (https://download.01.org/0day-ci/archive/20251129/202511290809.8Fr4ja5n-lkp@intel.com/config)
compiler: arc-linux-gcc (GCC) 8.5.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251129/202511290809.8Fr4ja5n-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511290809.8Fr4ja5n-lkp@intel.com/
All error/warnings (new ones prefixed by >>):
fs/crypto/hkdf.c: In function 'fscrypt_init_hkdf':
>> fs/crypto/hkdf.c:40:31: error: 'HKDF_HASHLEN' undeclared (first use in this function); did you mean 'DT_HASH'?
static const u8 default_salt[HKDF_HASHLEN];
^~~~~~~~~~~~
DT_HASH
fs/crypto/hkdf.c:40:31: note: each undeclared identifier is reported only once for each function it appears in
>> fs/crypto/hkdf.c:41:5: warning: unused variable 'prk' [-Wunused-variable]
u8 prk[HKDF_HASHLEN];
^~~
>> fs/crypto/hkdf.c:40:18: warning: unused variable 'default_salt' [-Wunused-variable]
static const u8 default_salt[HKDF_HASHLEN];
^~~~~~~~~~~~
fs/crypto/hkdf.c: In function 'fscrypt_hkdf_expand':
fs/crypto/hkdf.c:65:9: error: 'HKDF_HASHLEN' undeclared (first use in this function); did you mean 'DT_HASH'?
u8 tmp[HKDF_HASHLEN];
^~~~~~~~~~~~
DT_HASH
>> fs/crypto/hkdf.c:65:5: warning: unused variable 'tmp' [-Wunused-variable]
u8 tmp[HKDF_HASHLEN];
^~~
vim +40 fs/crypto/hkdf.c
c1144c9b8ad94d Eric Biggers 2019-08-04 15
c1144c9b8ad94d Eric Biggers 2019-08-04 16 /*
c1144c9b8ad94d Eric Biggers 2019-08-04 17 * HKDF consists of two steps:
c1144c9b8ad94d Eric Biggers 2019-08-04 18 *
c1144c9b8ad94d Eric Biggers 2019-08-04 19 * 1. HKDF-Extract: extract a pseudorandom key of length HKDF_HASHLEN bytes from
c1144c9b8ad94d Eric Biggers 2019-08-04 20 * the input keying material and optional salt.
c1144c9b8ad94d Eric Biggers 2019-08-04 21 * 2. HKDF-Expand: expand the pseudorandom key into output keying material of
c1144c9b8ad94d Eric Biggers 2019-08-04 22 * any length, parameterized by an application-specific info string.
c1144c9b8ad94d Eric Biggers 2019-08-04 23 *
c1144c9b8ad94d Eric Biggers 2019-08-04 24 * HKDF-Extract can be skipped if the input is already a pseudorandom key of
c1144c9b8ad94d Eric Biggers 2019-08-04 25 * length HKDF_HASHLEN bytes. However, cipher modes other than AES-256-XTS take
c1144c9b8ad94d Eric Biggers 2019-08-04 26 * shorter keys, and we don't want to force users of those modes to provide
c1144c9b8ad94d Eric Biggers 2019-08-04 27 * unnecessarily long master keys. Thus fscrypt still does HKDF-Extract. No
c1144c9b8ad94d Eric Biggers 2019-08-04 28 * salt is used, since fscrypt master keys should already be pseudorandom and
c1144c9b8ad94d Eric Biggers 2019-08-04 29 * there's no way to persist a random salt per master key from kernel mode.
c1144c9b8ad94d Eric Biggers 2019-08-04 30 */
c1144c9b8ad94d Eric Biggers 2019-08-04 31
c1144c9b8ad94d Eric Biggers 2019-08-04 32 /*
19591f7e781fd1 Eric Biggers 2025-09-05 33 * Compute HKDF-Extract using 'master_key' as the input keying material, and
19591f7e781fd1 Eric Biggers 2025-09-05 34 * prepare the resulting HMAC key in 'hkdf'. Afterwards, 'hkdf' can be used for
19591f7e781fd1 Eric Biggers 2025-09-05 35 * HKDF-Expand many times without having to recompute HKDF-Extract each time.
c1144c9b8ad94d Eric Biggers 2019-08-04 36 */
19591f7e781fd1 Eric Biggers 2025-09-05 37 void fscrypt_init_hkdf(struct hmac_sha512_key *hkdf, const u8 *master_key,
c1144c9b8ad94d Eric Biggers 2019-08-04 38 unsigned int master_key_size)
c1144c9b8ad94d Eric Biggers 2019-08-04 39 {
3241cd0c6c1791 Hannes Reinecke 2025-02-24 @40 static const u8 default_salt[HKDF_HASHLEN];
c1144c9b8ad94d Eric Biggers 2019-08-04 @41 u8 prk[HKDF_HASHLEN];
c1144c9b8ad94d Eric Biggers 2019-08-04 42
19591f7e781fd1 Eric Biggers 2025-09-05 43 hmac_sha512_usingrawkey(default_salt, sizeof(default_salt),
19591f7e781fd1 Eric Biggers 2025-09-05 44 master_key, master_key_size, prk);
19591f7e781fd1 Eric Biggers 2025-09-05 45 hmac_sha512_preparekey(hkdf, prk, sizeof(prk));
c1144c9b8ad94d Eric Biggers 2019-08-04 46 memzero_explicit(prk, sizeof(prk));
c1144c9b8ad94d Eric Biggers 2019-08-04 47 }
c1144c9b8ad94d Eric Biggers 2019-08-04 48
c1144c9b8ad94d Eric Biggers 2019-08-04 49 /*
19591f7e781fd1 Eric Biggers 2025-09-05 50 * HKDF-Expand (RFC 5869 section 2.3). Expand the HMAC key 'hkdf' into 'okmlen'
c1144c9b8ad94d Eric Biggers 2019-08-04 51 * bytes of output keying material parameterized by the application-specific
c1144c9b8ad94d Eric Biggers 2019-08-04 52 * 'info' of length 'infolen' bytes, prefixed by "fscrypt\0" and the 'context'
c1144c9b8ad94d Eric Biggers 2019-08-04 53 * byte. This is thread-safe and may be called by multiple threads in parallel.
c1144c9b8ad94d Eric Biggers 2019-08-04 54 *
c1144c9b8ad94d Eric Biggers 2019-08-04 55 * ('context' isn't part of the HKDF specification; it's just a prefix fscrypt
c1144c9b8ad94d Eric Biggers 2019-08-04 56 * adds to its application-specific info strings to guarantee that it doesn't
c1144c9b8ad94d Eric Biggers 2019-08-04 57 * accidentally repeat an info string when using HKDF for different purposes.)
c1144c9b8ad94d Eric Biggers 2019-08-04 58 */
19591f7e781fd1 Eric Biggers 2025-09-05 59 void fscrypt_hkdf_expand(const struct hmac_sha512_key *hkdf, u8 context,
c1144c9b8ad94d Eric Biggers 2019-08-04 60 const u8 *info, unsigned int infolen,
c1144c9b8ad94d Eric Biggers 2019-08-04 61 u8 *okm, unsigned int okmlen)
c1144c9b8ad94d Eric Biggers 2019-08-04 62 {
19591f7e781fd1 Eric Biggers 2025-09-05 63 struct hmac_sha512_ctx ctx;
19591f7e781fd1 Eric Biggers 2025-09-05 64 u8 counter = 1;
19591f7e781fd1 Eric Biggers 2025-09-05 @65 u8 tmp[HKDF_HASHLEN];
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
prev parent reply other threads:[~2025-11-29 1:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-26 13:42 [PATCH RFC] crypto/hkdf: Fix salt length short issue in FIPS mode Li Tian
2025-11-26 17:41 ` Eric Biggers
[not found] ` <CAHhBTWuOy1nC1rYqye8BzE+unoC+3M9Dsw+Mj54=3eeFwqyTXw@mail.gmail.com>
2025-11-27 1:14 ` Eric Biggers
[not found] ` <CAHhBTWsTqP3LzJV+=_usvttJcMFoLYSY5Sqt2H-U-oki3Hu0Mw@mail.gmail.com>
2025-11-27 1:51 ` Eric Biggers
[not found] ` <CAHhBTWs6rWq2huD8Ech79OVOxK3v3ijU3KFFOGLQ+pr7277Vew@mail.gmail.com>
2025-11-27 3:23 ` Eric Biggers
2025-11-28 23:15 ` kernel test robot
2025-11-29 1:01 ` kernel test robot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202511290809.8Fr4ja5n-lkp@intel.com \
--to=lkp@intel.com \
--cc=litian@redhat.com \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.