public inbox for llvm@lists.linux.dev
 help / color / mirror / Atom feed
From: kernel test robot <lkp@intel.com>
To: Li Tian <litian@redhat.com>
Cc: llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev
Subject: Re: [PATCH RFC] crypto/hkdf: Fix salt length short issue in FIPS mode
Date: Sat, 29 Nov 2025 07:15:56 +0800	[thread overview]
Message-ID: <202511290734.V82ilOWk-lkp@intel.com> (raw)
In-Reply-To: <20251126134222.22083-1-litian@redhat.com>

Hi Li,

[This is a private test report for your RFC patch.]
kernel test robot noticed the following build errors:

[auto build test ERROR on herbert-cryptodev-2.6/master]
[also build test ERROR on herbert-crypto-2.6/master linus/master v6.18-rc7 next-20251128]
[cannot apply to brauner-vfs/vfs.all]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Li-Tian/crypto-hkdf-Fix-salt-length-short-issue-in-FIPS-mode/20251126-214458
base:   https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
patch link:    https://lore.kernel.org/r/20251126134222.22083-1-litian%40redhat.com
patch subject: [PATCH RFC] crypto/hkdf: Fix salt length short issue in FIPS mode
config: arm-randconfig-001-20251129 (https://download.01.org/0day-ci/archive/20251129/202511290734.V82ilOWk-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251129/202511290734.V82ilOWk-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511290734.V82ilOWk-lkp@intel.com/

All errors (new ones prefixed by >>):

>> fs/crypto/hkdf.c:40:31: error: use of undeclared identifier 'HKDF_HASHLEN'
      40 |         static const u8 default_salt[HKDF_HASHLEN];
         |                                      ^
   fs/crypto/hkdf.c:41:9: error: use of undeclared identifier 'HKDF_HASHLEN'
      41 |         u8 prk[HKDF_HASHLEN];
         |                ^
   fs/crypto/hkdf.c:65:9: error: use of undeclared identifier 'HKDF_HASHLEN'
      65 |         u8 tmp[HKDF_HASHLEN];
         |                ^
   fs/crypto/hkdf.c:67:30: error: use of undeclared identifier 'HKDF_HASHLEN'
      67 |         WARN_ON_ONCE(okmlen > 255 * HKDF_HASHLEN);
         |                                     ^
   fs/crypto/hkdf.c:69:44: error: use of undeclared identifier 'HKDF_HASHLEN'
      69 |         for (unsigned int i = 0; i < okmlen; i += HKDF_HASHLEN) {
         |                                                   ^
   fs/crypto/hkdf.c:72:38: error: use of undeclared identifier 'HKDF_HASHLEN'
      72 |                         hmac_sha512_update(&ctx, &okm[i - HKDF_HASHLEN],
         |                                                           ^
   fs/crypto/hkdf.c:73:9: error: use of undeclared identifier 'HKDF_HASHLEN'
      73 |                                            HKDF_HASHLEN);
         |                                            ^
   fs/crypto/hkdf.c:78:20: error: use of undeclared identifier 'HKDF_HASHLEN'
      78 |                 if (okmlen - i < HKDF_HASHLEN) {
         |                                  ^
   8 errors generated.


vim +/HKDF_HASHLEN +40 fs/crypto/hkdf.c

c1144c9b8ad94d8 Eric Biggers    2019-08-04  15  
c1144c9b8ad94d8 Eric Biggers    2019-08-04  16  /*
c1144c9b8ad94d8 Eric Biggers    2019-08-04  17   * HKDF consists of two steps:
c1144c9b8ad94d8 Eric Biggers    2019-08-04  18   *
c1144c9b8ad94d8 Eric Biggers    2019-08-04  19   * 1. HKDF-Extract: extract a pseudorandom key of length HKDF_HASHLEN bytes from
c1144c9b8ad94d8 Eric Biggers    2019-08-04  20   *    the input keying material and optional salt.
c1144c9b8ad94d8 Eric Biggers    2019-08-04  21   * 2. HKDF-Expand: expand the pseudorandom key into output keying material of
c1144c9b8ad94d8 Eric Biggers    2019-08-04  22   *    any length, parameterized by an application-specific info string.
c1144c9b8ad94d8 Eric Biggers    2019-08-04  23   *
c1144c9b8ad94d8 Eric Biggers    2019-08-04  24   * HKDF-Extract can be skipped if the input is already a pseudorandom key of
c1144c9b8ad94d8 Eric Biggers    2019-08-04  25   * length HKDF_HASHLEN bytes.  However, cipher modes other than AES-256-XTS take
c1144c9b8ad94d8 Eric Biggers    2019-08-04  26   * shorter keys, and we don't want to force users of those modes to provide
c1144c9b8ad94d8 Eric Biggers    2019-08-04  27   * unnecessarily long master keys.  Thus fscrypt still does HKDF-Extract.  No
c1144c9b8ad94d8 Eric Biggers    2019-08-04  28   * salt is used, since fscrypt master keys should already be pseudorandom and
c1144c9b8ad94d8 Eric Biggers    2019-08-04  29   * there's no way to persist a random salt per master key from kernel mode.
c1144c9b8ad94d8 Eric Biggers    2019-08-04  30   */
c1144c9b8ad94d8 Eric Biggers    2019-08-04  31  
c1144c9b8ad94d8 Eric Biggers    2019-08-04  32  /*
19591f7e781fd1e Eric Biggers    2025-09-05  33   * Compute HKDF-Extract using 'master_key' as the input keying material, and
19591f7e781fd1e Eric Biggers    2025-09-05  34   * prepare the resulting HMAC key in 'hkdf'.  Afterwards, 'hkdf' can be used for
19591f7e781fd1e Eric Biggers    2025-09-05  35   * HKDF-Expand many times without having to recompute HKDF-Extract each time.
c1144c9b8ad94d8 Eric Biggers    2019-08-04  36   */
19591f7e781fd1e Eric Biggers    2025-09-05  37  void fscrypt_init_hkdf(struct hmac_sha512_key *hkdf, const u8 *master_key,
c1144c9b8ad94d8 Eric Biggers    2019-08-04  38  		       unsigned int master_key_size)
c1144c9b8ad94d8 Eric Biggers    2019-08-04  39  {
3241cd0c6c17919 Hannes Reinecke 2025-02-24 @40  	static const u8 default_salt[HKDF_HASHLEN];
c1144c9b8ad94d8 Eric Biggers    2019-08-04  41  	u8 prk[HKDF_HASHLEN];
c1144c9b8ad94d8 Eric Biggers    2019-08-04  42  
19591f7e781fd1e Eric Biggers    2025-09-05  43  	hmac_sha512_usingrawkey(default_salt, sizeof(default_salt),
19591f7e781fd1e Eric Biggers    2025-09-05  44  				master_key, master_key_size, prk);
19591f7e781fd1e Eric Biggers    2025-09-05  45  	hmac_sha512_preparekey(hkdf, prk, sizeof(prk));
c1144c9b8ad94d8 Eric Biggers    2019-08-04  46  	memzero_explicit(prk, sizeof(prk));
c1144c9b8ad94d8 Eric Biggers    2019-08-04  47  }
c1144c9b8ad94d8 Eric Biggers    2019-08-04  48  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

           reply	other threads:[~2025-11-28 23:16 UTC|newest]

Thread overview: expand[flat|nested]  mbox.gz  Atom feed
 [parent not found: <20251126134222.22083-1-litian@redhat.com>]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202511290734.V82ilOWk-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=litian@redhat.com \
    --cc=llvm@lists.linux.dev \
    --cc=oe-kbuild-all@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox