Re: [PATCH] crypto: padlock-sha - Add support for Zhaoxin processor

[Herbert Xu]

On Mon, Jun 16, 2025 at 08:23:36PM +0800, AlanSong-oc wrote:
>
> The 128-byte buffer requirement is already included in 'descsize',
> as defined by PADLOCK_SHA_DESCSIZE. In the previous version of
> the padlock-sha driver, the 'struct sha1_state' variable and the buffer
> resided in separate memory regions. It allowed the driver to safely
> write initial hash constants into the buffer and retrieve hash results
> from buffer through memcpy() operations. Crucially, when the XSHA1
> instruction zeroed out the tail bytes of the buffer, it cannot affect
> the contents of 'struct sha1_state'. However, in the current driver
> implementation, the 'struct sha1_state' shares memory space with the
> buffer. Consequently, when the XSHA1 instruction executes, it
> inadvertently clears other members of 'struct sha1_state'. Specifically,
> when padlock_sha1_finup() is called, the 'count' member of
> 'struct sha1_state' no longer reflects the actual data length processed.
> Explain it using a graph as shown below:

Thanks for the explanation.  There is no requirement to use struct
sha1_state.  Just supply a custom version of the struct for the
shash descriptor that includes the necessary space.

IOW do the copy in the rarely used export/import functions, instead
of on every hash operation.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt