~hc/RK356X_SDK_RELEASE.git

..	..	@@ -20,7 +20,7 @@
20	20	unsigned int index, n;
21	21
22	22	/* how much is already in the buffer? */
23		- index = ctx->count & (bsize - 1);
	23	+ index = ctx->count % bsize;
24	24	ctx->count += len;
25	25
26	26	if ((index + len) < bsize)
..	..	@@ -37,7 +37,7 @@
37	37
38	38	/* process as many blocks as possible */
39	39	if (len >= bsize) {
40		- n = len & ~(bsize - 1);
	40	+ n = (len / bsize) * bsize;
41	41	cpacf_kimd(ctx->func, ctx->state, data, n);
42	42	data += n;
43	43	len -= n;
..	..	@@ -50,34 +50,66 @@
50	50	}
51	51	EXPORT_SYMBOL_GPL(s390_sha_update);
52	52
	53	+static int s390_crypto_shash_parmsize(int func)
	54	+{
	55	+ switch (func) {
	56	+ case CPACF_KLMD_SHA_1:
	57	+ return 20;
	58	+ case CPACF_KLMD_SHA_256:
	59	+ return 32;
	60	+ case CPACF_KLMD_SHA_512:
	61	+ return 64;
	62	+ case CPACF_KLMD_SHA3_224:
	63	+ case CPACF_KLMD_SHA3_256:
	64	+ case CPACF_KLMD_SHA3_384:
	65	+ case CPACF_KLMD_SHA3_512:
	66	+ return 200;
	67	+ default:
	68	+ return -EINVAL;
	69	+ }
	70	+}
	71	+
53	72	int s390_sha_final(struct shash_desc desc, u8 out)
54	73	{
55	74	struct s390_sha_ctx *ctx = shash_desc_ctx(desc);
56	75	unsigned int bsize = crypto_shash_blocksize(desc->tfm);
57	76	u64 bits;
58		- unsigned int index, end, plen;
	77	+ unsigned int n;
	78	+ int mbl_offset;
59	79
60		- /* SHA-512 uses 128 bit padding length */
61		- plen = (bsize > SHA256_BLOCK_SIZE) ? 16 : 8;
62		-
63		- /* must perform manual padding */
64		- index = ctx->count & (bsize - 1);
65		- end = (index < bsize - plen) ? bsize : (2 * bsize);
66		-
67		- /* start pad with 1 */
68		- ctx->buf[index] = 0x80;
69		- index++;
70		-
71		- /* pad with zeros */
72		- memset(ctx->buf + index, 0x00, end - index - 8);
73		-
74		- /*
75		- * Append message length. Well, SHA-512 wants a 128 bit length value,
76		- * nevertheless we use u64, should be enough for now...
77		- */
	80	+ n = ctx->count % bsize;
78	81	bits = ctx->count * 8;
79		- memcpy(ctx->buf + end - 8, &bits, sizeof(bits));
80		- cpacf_kimd(ctx->func, ctx->state, ctx->buf, end);
	82	+ mbl_offset = s390_crypto_shash_parmsize(ctx->func);
	83	+ if (mbl_offset < 0)
	84	+ return -EINVAL;
	85	+
	86	+ mbl_offset = mbl_offset / sizeof(u32);
	87	+
	88	+ /* set total msg bit length (mbl) in CPACF parmblock */
	89	+ switch (ctx->func) {
	90	+ case CPACF_KLMD_SHA_1:
	91	+ case CPACF_KLMD_SHA_256:
	92	+ memcpy(ctx->state + mbl_offset, &bits, sizeof(bits));
	93	+ break;
	94	+ case CPACF_KLMD_SHA_512:
	95	+ /*
	96	+ * the SHA512 parmblock has a 128-bit mbl field, clear
	97	+ * high-order u64 field, copy bits to low-order u64 field
	98	+ */
	99	+ memset(ctx->state + mbl_offset, 0x00, sizeof(bits));
	100	+ mbl_offset += sizeof(u64) / sizeof(u32);
	101	+ memcpy(ctx->state + mbl_offset, &bits, sizeof(bits));
	102	+ break;
	103	+ case CPACF_KLMD_SHA3_224:
	104	+ case CPACF_KLMD_SHA3_256:
	105	+ case CPACF_KLMD_SHA3_384:
	106	+ case CPACF_KLMD_SHA3_512:
	107	+ break;
	108	+ default:
	109	+ return -EINVAL;
	110	+ }
	111	+
	112	+ cpacf_klmd(ctx->func, ctx->state, ctx->buf, n);
81	113
82	114	/* copy digest to out */
83	115	memcpy(out, ctx->state, crypto_shash_digestsize(desc->tfm));