On Fri, Oct 24, 2014 at 04:20:58PM +0200, Steffen Trumtrar wrote: > +struct sahara_sha_reqctx { > + unsigned int mode; > + unsigned int digest_size; > + unsigned int context_size; > + u8 buf[SAHARA_MAX_SHA_BLOCK_SIZE]; > + u8 rembuf[SAHARA_MAX_SHA_BLOCK_SIZE]; > + unsigned int buf_cnt; > + unsigned int sg_in_idx; > + struct scatterlist *in_sg; > + struct scatterlist in_sg_chain[2]; > + bool in_sg_chained; > + size_t total; > +}; Sorry but this is still broken as you don't seem to be storing the hash state in this structure. Unless I'm misreading your code buf and rembuf are simply leftover plain-text that is to be hashed, rather than the hash state. This implies that the hash state is still being stored in some other structure that will be overwritten if you receive another hash request before the previous one has been finalised (i.e., someone calls final/finup) or exported. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html