After commit 13150742b09e ("Merge tag 'libcrypto-updates-for-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux"),
crypto_shash_export_core() fails with -ENOSYS for all SHA algorithms
registered via shash.
The failure originates from shash_default_export_core(), which is now
being used as the default export function. However, this function is not
implemented, resulting in -ENOSYS.
Before the merge, SHA shash implementations were setting the
CRYPTO_AHASH_ALG_BLOCK_ONLY flag. This caused alg->export_core to be
assigned to alg->export, enabling proper state export. It seems the
removal of CRYPTO_AHASH_ALG_BLOCK_ONLY from the SHA implementations was
intentional, is this correct?
This issue breaks all aead implementations in the QAT driver, which
since commit ccafe2821cfa ("crypto: qat – Use crypto_shash_export_core")
rely on crypto_shash_export_core() to retrieve the initial state for
HMAC (i.e., H(K' xor opad) and H(K' xor ipad)).
It’s likely that the Chelsio driver is also affected, as it uses the
same API.
What is the recommended way to move forward? Should the SHA
implementations reintroduce CRYPTO_AHASH_ALG_BLOCK_ONLY? Should
shash_default_export_core() be properly implemented? Should drivers
like QAT switch to using the software library directly to export the SHA
state? Or is there another preferred approach?
Thanks,
--
Giovanni
