From: Eric Biggers <ebiggers@kernel.org>
To: Ingo Franzki <ifranzki@linux.ibm.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
linux-crypto@vger.kernel.org,
Harald Freudenberger <freude@linux.ibm.com>,
Holger Dengler <dengler@linux.ibm.com>,
linux-s390@vger.kernel.org
Subject: Re: Regression: hmac(sha3-224) is missing in newer kernels on s390?
Date: Wed, 30 Jul 2025 09:11:49 -0700 [thread overview]
Message-ID: <20250730161149.GA1162@sol> (raw)
In-Reply-To: <8b954aa1-ce73-4f3a-9c8a-5667fac602c9@linux.ibm.com>
On Wed, Jul 30, 2025 at 10:11:47AM +0200, Ingo Franzki wrote:
> Hi Eric, Herbert,
>
> I just noticed that the algorithm 'hmac(sha3-224)' is not supported anymore.
> This is at least on yesterday's 6.17 as well as on linux-next.
> On earlier kernels 'hmac(sha3-224)' was available. I don't exactly know when it started to be missing.
> I can't tell if the same is true on other archs.
>
> 'sha3-224' as digest is there, but 'hmac(sha3-224)' is not. All the other sha3 and all sha2 variants are there as well (digest and hmac).
>
> # grep "sha3-" /proc/crypto
> name : hmac(sha3-512)
> driver : hmac(sha3-512-s390)
> name : hmac(sha3-384)
> driver : hmac(sha3-384-s390)
> name : hmac(sha3-256)
> driver : hmac(sha3-256-s390)
> name : sha3-384
> driver : sha3-384-s390
> name : sha3-512
> driver : sha3-512-s390
> name : sha3-224
> driver : sha3-224-s390
> name : sha3-256
> driver : sha3-256-s390
> name : sha3-512
> driver : sha3-512-generic
> name : sha3-384
> driver : sha3-384-generic
> name : sha3-256
> driver : sha3-256-generic
> name : sha3-224
> driver : sha3-224-generic
>
> On a 6.11 kernel:
>
> # grep "sha3-" /proc/crypto
> name : sha3-384
> driver : sha3-384-s390
> name : sha3-512
> driver : sha3-512-s390
> name : sha3-224 <---- its there
> driver : sha3-224-s390
> name : sha3-256
> driver : sha3-256-s390
> name : sha3-512
> driver : sha3-512-generic
> name : sha3-384
> driver : sha3-384-generic
> name : sha3-256
> driver : sha3-256-generic
> name : sha3-224
> driver : sha3-224-generic
I haven't touched SHA-3 yet. This is a bug from the following commit:
commit 6f90ba7065515d69b24729cf85c45b2add99e638
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Fri Apr 18 11:00:13 2025 +0800
crypto: s390/sha3 - Use API partial block handling
Use the Crypto API partial block handling.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
That increased the descsize of hmac(sha3-224-s390) from 368 to 369,
which made it exceed HASH_MAX_DESCSIZE, causing it to fail to register.
- Eric
next prev parent reply other threads:[~2025-07-30 16:12 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-30 8:11 Regression: hmac(sha3-224) is missing in newer kernels on s390? Ingo Franzki
2025-07-30 11:29 ` Ingo Franzki
2025-07-30 16:11 ` Eric Biggers [this message]
2025-07-31 1:41 ` [PATCH] crypto: hash - Increase HASH_MAX_DESCSIZE for hmac(sha3-224-s390) Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250730161149.GA1162@sol \
--to=ebiggers@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox