From eeb0ea9a6ec3b9fa8a1f8eefaf551a5b0f6ed231 Mon Sep 17 00:00:00 2001
From: nagendra modadugu <ngm@google.com>
Date: Wed, 18 Jan 2017 11:55:28 -0800
Subject: [PATCH] g: remove superfluous DCRYPTO_SHA256_init in HMAC
 implementation

DCRYPTO_HMAC_SHA256_init makes two calls to DCRYPTO_SHA256_init()
without an intervening HASH_final() call.  This is incorrect usage
of the the hashing API, and results in the hardware SHA engine
getting locked for the life-time of the process (and resulting
in all future hash calls falling back to the software implementation).

This bug manifested itself when introducing NVRAM encryption, which
requires the hardware SHA engine to be available for key generation.

BRANCH=none
BUG=chrome-os-partner:55331
TEST=TCG tests pass

Change-Id: Ia4ccb6a6d64636c4618ef775291442975f3f1f92
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/430154
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
---
 chip/g/dcrypto/hmac.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/chip/g/dcrypto/hmac.c b/chip/g/dcrypto/hmac.c
index 1c34ddfd96..1ba2833a41 100644
--- a/chip/g/dcrypto/hmac.c
+++ b/chip/g/dcrypto/hmac.c
@@ -40,7 +40,6 @@ static void HMAC_init(LITE_HMAC_CTX *ctx, const void *key, unsigned int len)
 void DCRYPTO_HMAC_SHA256_init(LITE_HMAC_CTX *ctx, const void *key,
 			unsigned int len)
 {
-	DCRYPTO_SHA256_init(&ctx->hash, 0);
 	HMAC_init(ctx, key, len);
 }