On Wed, Jul 30, 2025 at 10:11:47AM +0200, Ingo Franzki wrote:
> Hi Eric, Herbert,
>
> I just noticed that the algorithm 'hmac(sha3-224)' is not supported anymore.
> This is at least on yesterday's 6.17 as well as on linux-next.
> On earlier kernels 'hmac(sha3-224)' was available. I don't exactly know when it started to be missing.
> I can't tell if the same is true on other archs.
>
> 'sha3-224' as digest is there, but 'hmac(sha3-224)' is not. All the other sha3 and all sha2 variants are there as well (digest and hmac).
>
> # grep "sha3-" /proc/crypto
> name : hmac(sha3-512)
> driver : hmac(sha3-512-s390)
> name : hmac(sha3-384)
> driver : hmac(sha3-384-s390)
> name : hmac(sha3-256)
> driver : hmac(sha3-256-s390)
> name : sha3-384
> driver : sha3-384-s390
> name : sha3-512
> driver : sha3-512-s390
> name : sha3-224
> driver : sha3-224-s390
> name : sha3-256
> driver : sha3-256-s390
> name : sha3-512
> driver : sha3-512-generic
> name : sha3-384
> driver : sha3-384-generic
> name : sha3-256
> driver : sha3-256-generic
> name : sha3-224
> driver : sha3-224-generic
>
> On a 6.11 kernel:
>
> # grep "sha3-" /proc/crypto
> name : sha3-384
> driver : sha3-384-s390
> name : sha3-512
> driver : sha3-512-s390
> name : sha3-224 <---- its there
> driver : sha3-224-s390
> name : sha3-256
> driver : sha3-256-s390
> name : sha3-512
> driver : sha3-512-generic
> name : sha3-384
> driver : sha3-384-generic
> name : sha3-256
> driver : sha3-256-generic
> name : sha3-224
> driver : sha3-224-generic
I haven't touched SHA-3 yet. This is a bug from the following commit:
commit 6f90ba7065515d69b24729cf85c45b2add99e638
Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Fri Apr 18 11:00:13 2025 +0800
crypto: s390/sha3 - Use API partial block handling
Use the Crypto API partial block handling.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
That increased the descsize of hmac(sha3-224-s390) from 368 to 369,
which made it exceed HASH_MAX_DESCSIZE, causing it to fail to register.
- Eric
