crypto: blake2b - Reimplement using library API

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Replace blake2b_generic.c with a new file blake2b.c which implements the
BLAKE2b crypto_shash algorithms on top of the BLAKE2b library API.

Change the driver name suffix from "-generic" to "-lib" to reflect that
these algorithms now just use the (possibly arch-optimized) library.

This closely mirrors crypto/{md5,sha1,sha256,sha512}.c.

Remove include/crypto/internal/blake2b.h since it is no longer used.
Likewise, remove struct blake2b_state from include/crypto/blake2b.h.

Omit support for import_core and export_core, since there are no legacy
drivers that need these for these algorithms.

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20251018043106.375964-10-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Eric Biggers 5 months ago fa3ca9bf ba6617bd

+117 -320

7 changed files

expand all

crypto

Kconfig

Makefile

blake2b.c

blake2b_generic.c

testmgr.c

include

crypto

blake2b.h

internal

blake2b.h

crypto/Kconfig

··· 881 881 config CRYPTO_BLAKE2B 882 882 tristate "BLAKE2b" 883 883 select CRYPTO_HASH 884 + select CRYPTO_LIB_BLAKE2B 884 885 help 885 886 BLAKE2b cryptographic hash function (RFC 7693) 886 887

+1 -2

crypto/Makefile

··· 83 83 obj-$(CONFIG_CRYPTO_STREEBOG) += streebog_generic.o 84 84 obj-$(CONFIG_CRYPTO_WP512) += wp512.o 85 85 CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149 86 - obj-$(CONFIG_CRYPTO_BLAKE2B) += blake2b_generic.o 87 - CFLAGS_blake2b_generic.o := -Wframe-larger-than=4096 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105930 86 + obj-$(CONFIG_CRYPTO_BLAKE2B) += blake2b.o 88 87 obj-$(CONFIG_CRYPTO_ECB) += ecb.o 89 88 obj-$(CONFIG_CRYPTO_CBC) += cbc.o 90 89 obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o

+111

crypto/blake2b.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-or-later 2 + /* 3 + * Crypto API support for BLAKE2b 4 + * 5 + * Copyright 2025 Google LLC 6 + */ 7 + #include <crypto/blake2b.h> 8 + #include <crypto/internal/hash.h> 9 + #include <linux/kernel.h> 10 + #include <linux/module.h> 11 + 12 + struct blake2b_tfm_ctx { 13 + unsigned int keylen; 14 + u8 key[BLAKE2B_KEY_SIZE]; 15 + }; 16 + 17 + static int crypto_blake2b_setkey(struct crypto_shash *tfm, 18 + const u8 *key, unsigned int keylen) 19 + { 20 + struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm); 21 + 22 + if (keylen > BLAKE2B_KEY_SIZE) 23 + return -EINVAL; 24 + memcpy(tctx->key, key, keylen); 25 + tctx->keylen = keylen; 26 + return 0; 27 + } 28 + 29 + #define BLAKE2B_CTX(desc) ((struct blake2b_ctx *)shash_desc_ctx(desc)) 30 + 31 + static int crypto_blake2b_init(struct shash_desc *desc) 32 + { 33 + const struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm); 34 + unsigned int digestsize = crypto_shash_digestsize(desc->tfm); 35 + 36 + blake2b_init_key(BLAKE2B_CTX(desc), digestsize, 37 + tctx->key, tctx->keylen); 38 + return 0; 39 + } 40 + 41 + static int crypto_blake2b_update(struct shash_desc *desc, 42 + const u8 *data, unsigned int len) 43 + { 44 + blake2b_update(BLAKE2B_CTX(desc), data, len); 45 + return 0; 46 + } 47 + 48 + static int crypto_blake2b_final(struct shash_desc *desc, u8 *out) 49 + { 50 + blake2b_final(BLAKE2B_CTX(desc), out); 51 + return 0; 52 + } 53 + 54 + static int crypto_blake2b_digest(struct shash_desc *desc, 55 + const u8 *data, unsigned int len, u8 *out) 56 + { 57 + const struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm); 58 + unsigned int digestsize = crypto_shash_digestsize(desc->tfm); 59 + 60 + blake2b(tctx->key, tctx->keylen, data, len, out, digestsize); 61 + return 0; 62 + } 63 + 64 + #define BLAKE2B_ALG(name, digest_size) \ 65 + { \ 66 + .base.cra_name = name, \ 67 + .base.cra_driver_name = name "-lib", \ 68 + .base.cra_priority = 300, \ 69 + .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, \ 70 + .base.cra_blocksize = BLAKE2B_BLOCK_SIZE, \ 71 + .base.cra_ctxsize = sizeof(struct blake2b_tfm_ctx), \ 72 + .base.cra_module = THIS_MODULE, \ 73 + .digestsize = digest_size, \ 74 + .setkey = crypto_blake2b_setkey, \ 75 + .init = crypto_blake2b_init, \ 76 + .update = crypto_blake2b_update, \ 77 + .final = crypto_blake2b_final, \ 78 + .digest = crypto_blake2b_digest, \ 79 + .descsize = sizeof(struct blake2b_ctx), \ 80 + } 81 + 82 + static struct shash_alg algs[] = { 83 + BLAKE2B_ALG("blake2b-160", BLAKE2B_160_HASH_SIZE), 84 + BLAKE2B_ALG("blake2b-256", BLAKE2B_256_HASH_SIZE), 85 + BLAKE2B_ALG("blake2b-384", BLAKE2B_384_HASH_SIZE), 86 + BLAKE2B_ALG("blake2b-512", BLAKE2B_512_HASH_SIZE), 87 + }; 88 + 89 + static int __init crypto_blake2b_mod_init(void) 90 + { 91 + return crypto_register_shashes(algs, ARRAY_SIZE(algs)); 92 + } 93 + module_init(crypto_blake2b_mod_init); 94 + 95 + static void __exit crypto_blake2b_mod_exit(void) 96 + { 97 + crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); 98 + } 99 + module_exit(crypto_blake2b_mod_exit); 100 + 101 + MODULE_LICENSE("GPL"); 102 + MODULE_DESCRIPTION("Crypto API support for BLAKE2b"); 103 + 104 + MODULE_ALIAS_CRYPTO("blake2b-160"); 105 + MODULE_ALIAS_CRYPTO("blake2b-160-lib"); 106 + MODULE_ALIAS_CRYPTO("blake2b-256"); 107 + MODULE_ALIAS_CRYPTO("blake2b-256-lib"); 108 + MODULE_ALIAS_CRYPTO("blake2b-384"); 109 + MODULE_ALIAS_CRYPTO("blake2b-384-lib"); 110 + MODULE_ALIAS_CRYPTO("blake2b-512"); 111 + MODULE_ALIAS_CRYPTO("blake2b-512-lib");

-192

crypto/blake2b_generic.c

··· 1 - // SPDX-License-Identifier: (GPL-2.0-only OR Apache-2.0) 2 - /* 3 - * Generic implementation of the BLAKE2b digest algorithm. Based on the BLAKE2b 4 - * reference implementation, but it has been heavily modified for use in the 5 - * kernel. The reference implementation was: 6 - * 7 - * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. You may use this under 8 - * the terms of the CC0, the OpenSSL Licence, or the Apache Public License 9 - * 2.0, at your option. The terms of these licenses can be found at: 10 - * 11 - * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 - * - OpenSSL license : https://www.openssl.org/source/license.html 13 - * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 14 - * 15 - * More information about BLAKE2 can be found at https://blake2.net. 16 - */ 17 - 18 - #include <crypto/internal/blake2b.h> 19 - #include <crypto/internal/hash.h> 20 - #include <linux/kernel.h> 21 - #include <linux/module.h> 22 - #include <linux/string.h> 23 - #include <linux/unaligned.h> 24 - 25 - static const u8 blake2b_sigma[12][16] = { 26 - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, 27 - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, 28 - { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, 29 - { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, 30 - { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, 31 - { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, 32 - { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, 33 - { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, 34 - { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, 35 - { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, 36 - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, 37 - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } 38 - }; 39 - 40 - static void blake2b_increment_counter(struct blake2b_state *S, const u64 inc) 41 - { 42 - S->t[0] += inc; 43 - S->t[1] += (S->t[0] < inc); 44 - } 45 - 46 - #define G(r,i,a,b,c,d) \ 47 - do { \ 48 - a = a + b + m[blake2b_sigma[r][2*i+0]]; \ 49 - d = ror64(d ^ a, 32); \ 50 - c = c + d; \ 51 - b = ror64(b ^ c, 24); \ 52 - a = a + b + m[blake2b_sigma[r][2*i+1]]; \ 53 - d = ror64(d ^ a, 16); \ 54 - c = c + d; \ 55 - b = ror64(b ^ c, 63); \ 56 - } while (0) 57 - 58 - #define ROUND(r) \ 59 - do { \ 60 - G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ 61 - G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ 62 - G(r,2,v[ 2],v[ 6],v[10],v[14]); \ 63 - G(r,3,v[ 3],v[ 7],v[11],v[15]); \ 64 - G(r,4,v[ 0],v[ 5],v[10],v[15]); \ 65 - G(r,5,v[ 1],v[ 6],v[11],v[12]); \ 66 - G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ 67 - G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ 68 - } while (0) 69 - 70 - static void blake2b_compress_one_generic(struct blake2b_state *S, 71 - const u8 block[BLAKE2B_BLOCK_SIZE]) 72 - { 73 - u64 m[16]; 74 - u64 v[16]; 75 - size_t i; 76 - 77 - for (i = 0; i < 16; ++i) 78 - m[i] = get_unaligned_le64(block + i * sizeof(m[i])); 79 - 80 - for (i = 0; i < 8; ++i) 81 - v[i] = S->h[i]; 82 - 83 - v[ 8] = BLAKE2B_IV0; 84 - v[ 9] = BLAKE2B_IV1; 85 - v[10] = BLAKE2B_IV2; 86 - v[11] = BLAKE2B_IV3; 87 - v[12] = BLAKE2B_IV4 ^ S->t[0]; 88 - v[13] = BLAKE2B_IV5 ^ S->t[1]; 89 - v[14] = BLAKE2B_IV6 ^ S->f[0]; 90 - v[15] = BLAKE2B_IV7 ^ S->f[1]; 91 - 92 - ROUND(0); 93 - ROUND(1); 94 - ROUND(2); 95 - ROUND(3); 96 - ROUND(4); 97 - ROUND(5); 98 - ROUND(6); 99 - ROUND(7); 100 - ROUND(8); 101 - ROUND(9); 102 - ROUND(10); 103 - ROUND(11); 104 - #ifdef CONFIG_CC_IS_CLANG 105 - #pragma nounroll /* https://llvm.org/pr45803 */ 106 - #endif 107 - for (i = 0; i < 8; ++i) 108 - S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; 109 - } 110 - 111 - #undef G 112 - #undef ROUND 113 - 114 - static void blake2b_compress_generic(struct blake2b_state *state, 115 - const u8 *block, size_t nblocks, u32 inc) 116 - { 117 - do { 118 - blake2b_increment_counter(state, inc); 119 - blake2b_compress_one_generic(state, block); 120 - block += BLAKE2B_BLOCK_SIZE; 121 - } while (--nblocks); 122 - } 123 - 124 - static int crypto_blake2b_update_generic(struct shash_desc *desc, 125 - const u8 *in, unsigned int inlen) 126 - { 127 - return crypto_blake2b_update_bo(desc, in, inlen, 128 - blake2b_compress_generic); 129 - } 130 - 131 - static int crypto_blake2b_finup_generic(struct shash_desc *desc, const u8 *in, 132 - unsigned int inlen, u8 *out) 133 - { 134 - return crypto_blake2b_finup(desc, in, inlen, out, 135 - blake2b_compress_generic); 136 - } 137 - 138 - #define BLAKE2B_ALG(name, driver_name, digest_size) \ 139 - { \ 140 - .base.cra_name = name, \ 141 - .base.cra_driver_name = driver_name, \ 142 - .base.cra_priority = 100, \ 143 - .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY | \ 144 - CRYPTO_AHASH_ALG_BLOCK_ONLY | \ 145 - CRYPTO_AHASH_ALG_FINAL_NONZERO, \ 146 - .base.cra_blocksize = BLAKE2B_BLOCK_SIZE, \ 147 - .base.cra_ctxsize = sizeof(struct blake2b_tfm_ctx), \ 148 - .base.cra_module = THIS_MODULE, \ 149 - .digestsize = digest_size, \ 150 - .setkey = crypto_blake2b_setkey, \ 151 - .init = crypto_blake2b_init, \ 152 - .update = crypto_blake2b_update_generic, \ 153 - .finup = crypto_blake2b_finup_generic, \ 154 - .descsize = BLAKE2B_DESC_SIZE, \ 155 - .statesize = BLAKE2B_STATE_SIZE, \ 156 - } 157 - 158 - static struct shash_alg blake2b_algs[] = { 159 - BLAKE2B_ALG("blake2b-160", "blake2b-160-generic", 160 - BLAKE2B_160_HASH_SIZE), 161 - BLAKE2B_ALG("blake2b-256", "blake2b-256-generic", 162 - BLAKE2B_256_HASH_SIZE), 163 - BLAKE2B_ALG("blake2b-384", "blake2b-384-generic", 164 - BLAKE2B_384_HASH_SIZE), 165 - BLAKE2B_ALG("blake2b-512", "blake2b-512-generic", 166 - BLAKE2B_512_HASH_SIZE), 167 - }; 168 - 169 - static int __init blake2b_mod_init(void) 170 - { 171 - return crypto_register_shashes(blake2b_algs, ARRAY_SIZE(blake2b_algs)); 172 - } 173 - 174 - static void __exit blake2b_mod_fini(void) 175 - { 176 - crypto_unregister_shashes(blake2b_algs, ARRAY_SIZE(blake2b_algs)); 177 - } 178 - 179 - module_init(blake2b_mod_init); 180 - module_exit(blake2b_mod_fini); 181 - 182 - MODULE_AUTHOR("David Sterba <kdave@kernel.org>"); 183 - MODULE_DESCRIPTION("BLAKE2b generic implementation"); 184 - MODULE_LICENSE("GPL"); 185 - MODULE_ALIAS_CRYPTO("blake2b-160"); 186 - MODULE_ALIAS_CRYPTO("blake2b-160-generic"); 187 - MODULE_ALIAS_CRYPTO("blake2b-256"); 188 - MODULE_ALIAS_CRYPTO("blake2b-256-generic"); 189 - MODULE_ALIAS_CRYPTO("blake2b-384"); 190 - MODULE_ALIAS_CRYPTO("blake2b-384-generic"); 191 - MODULE_ALIAS_CRYPTO("blake2b-512"); 192 - MODULE_ALIAS_CRYPTO("blake2b-512-generic");

crypto/testmgr.c

··· 4332 4332 .fips_allowed = 1, 4333 4333 }, { 4334 4334 .alg = "blake2b-160", 4335 + .generic_driver = "blake2b-160-lib", 4335 4336 .test = alg_test_hash, 4336 4337 .fips_allowed = 0, 4337 4338 .suite = { ··· 4340 4339 } 4341 4340 }, { 4342 4341 .alg = "blake2b-256", 4342 + .generic_driver = "blake2b-256-lib", 4343 4343 .test = alg_test_hash, 4344 4344 .fips_allowed = 0, 4345 4345 .suite = { ··· 4348 4346 } 4349 4347 }, { 4350 4348 .alg = "blake2b-384", 4349 + .generic_driver = "blake2b-384-lib", 4351 4350 .test = alg_test_hash, 4352 4351 .fips_allowed = 0, 4353 4352 .suite = { ··· 4356 4353 } 4357 4354 }, { 4358 4355 .alg = "blake2b-512", 4356 + .generic_driver = "blake2b-512-lib", 4359 4357 .test = alg_test_hash, 4360 4358 .fips_allowed = 0, 4361 4359 .suite = {

-10

include/crypto/blake2b.h

··· 7 7 #include <linux/types.h> 8 8 #include <linux/string.h> 9 9 10 - struct blake2b_state { 11 - /* 'h', 't', and 'f' are used in assembly code, so keep them as-is. */ 12 - u64 h[8]; 13 - u64 t[2]; 14 - /* The true state ends here. The rest is temporary storage. */ 15 - u64 f[2]; 16 - }; 17 - 18 10 enum blake2b_lengths { 19 11 BLAKE2B_BLOCK_SIZE = 128, 20 12 BLAKE2B_HASH_SIZE = 64, 21 13 BLAKE2B_KEY_SIZE = 64, 22 - BLAKE2B_STATE_SIZE = offsetof(struct blake2b_state, f), 23 - BLAKE2B_DESC_SIZE = sizeof(struct blake2b_state), 24 14 25 15 BLAKE2B_160_HASH_SIZE = 20, 26 16 BLAKE2B_256_HASH_SIZE = 32,

-116

include/crypto/internal/blake2b.h

··· 1 - /* SPDX-License-Identifier: GPL-2.0 OR MIT */ 2 - /* 3 - * Helper functions for BLAKE2b implementations. 4 - * Keep this in sync with the corresponding BLAKE2s header. 5 - */ 6 - 7 - #ifndef _CRYPTO_INTERNAL_BLAKE2B_H 8 - #define _CRYPTO_INTERNAL_BLAKE2B_H 9 - 10 - #include <asm/byteorder.h> 11 - #include <crypto/blake2b.h> 12 - #include <crypto/internal/hash.h> 13 - #include <linux/array_size.h> 14 - #include <linux/compiler.h> 15 - #include <linux/build_bug.h> 16 - #include <linux/errno.h> 17 - #include <linux/math.h> 18 - #include <linux/string.h> 19 - #include <linux/types.h> 20 - 21 - static inline void blake2b_set_lastblock(struct blake2b_state *state) 22 - { 23 - state->f[0] = -1; 24 - state->f[1] = 0; 25 - } 26 - 27 - static inline void blake2b_set_nonlast(struct blake2b_state *state) 28 - { 29 - state->f[0] = 0; 30 - state->f[1] = 0; 31 - } 32 - 33 - typedef void (*blake2b_compress_t)(struct blake2b_state *state, 34 - const u8 *block, size_t nblocks, u32 inc); 35 - 36 - /* Helper functions for shash implementations of BLAKE2b */ 37 - 38 - struct blake2b_tfm_ctx { 39 - u8 key[BLAKE2B_BLOCK_SIZE]; 40 - unsigned int keylen; 41 - }; 42 - 43 - static inline int crypto_blake2b_setkey(struct crypto_shash *tfm, 44 - const u8 *key, unsigned int keylen) 45 - { 46 - struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm); 47 - 48 - if (keylen > BLAKE2B_KEY_SIZE) 49 - return -EINVAL; 50 - 51 - BUILD_BUG_ON(BLAKE2B_KEY_SIZE > BLAKE2B_BLOCK_SIZE); 52 - 53 - memcpy(tctx->key, key, keylen); 54 - memset(tctx->key + keylen, 0, BLAKE2B_BLOCK_SIZE - keylen); 55 - tctx->keylen = keylen; 56 - 57 - return 0; 58 - } 59 - 60 - static inline void __crypto_blake2b_init(struct blake2b_state *state, 61 - size_t outlen, size_t keylen) 62 - { 63 - state->h[0] = BLAKE2B_IV0 ^ (0x01010000 | keylen << 8 | outlen); 64 - state->h[1] = BLAKE2B_IV1; 65 - state->h[2] = BLAKE2B_IV2; 66 - state->h[3] = BLAKE2B_IV3; 67 - state->h[4] = BLAKE2B_IV4; 68 - state->h[5] = BLAKE2B_IV5; 69 - state->h[6] = BLAKE2B_IV6; 70 - state->h[7] = BLAKE2B_IV7; 71 - state->t[0] = 0; 72 - state->t[1] = 0; 73 - } 74 - 75 - static inline int crypto_blake2b_init(struct shash_desc *desc) 76 - { 77 - const struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm); 78 - struct blake2b_state *state = shash_desc_ctx(desc); 79 - unsigned int outlen = crypto_shash_digestsize(desc->tfm); 80 - 81 - __crypto_blake2b_init(state, outlen, tctx->keylen); 82 - return tctx->keylen ? 83 - crypto_shash_update(desc, tctx->key, BLAKE2B_BLOCK_SIZE) : 0; 84 - } 85 - 86 - static inline int crypto_blake2b_update_bo(struct shash_desc *desc, 87 - const u8 *in, unsigned int inlen, 88 - blake2b_compress_t compress) 89 - { 90 - struct blake2b_state *state = shash_desc_ctx(desc); 91 - 92 - blake2b_set_nonlast(state); 93 - compress(state, in, inlen / BLAKE2B_BLOCK_SIZE, BLAKE2B_BLOCK_SIZE); 94 - return inlen - round_down(inlen, BLAKE2B_BLOCK_SIZE); 95 - } 96 - 97 - static inline int crypto_blake2b_finup(struct shash_desc *desc, const u8 *in, 98 - unsigned int inlen, u8 *out, 99 - blake2b_compress_t compress) 100 - { 101 - struct blake2b_state *state = shash_desc_ctx(desc); 102 - u8 buf[BLAKE2B_BLOCK_SIZE]; 103 - int i; 104 - 105 - memcpy(buf, in, inlen); 106 - memset(buf + inlen, 0, BLAKE2B_BLOCK_SIZE - inlen); 107 - blake2b_set_lastblock(state); 108 - compress(state, buf, 1, inlen); 109 - for (i = 0; i < ARRAY_SIZE(state->h); i++) 110 - __cpu_to_le64s(&state->h[i]); 111 - memcpy(out, state->h, crypto_shash_digestsize(desc->tfm)); 112 - memzero_explicit(buf, sizeof(buf)); 113 - return 0; 114 - } 115 - 116 - #endif /* _CRYPTO_INTERNAL_BLAKE2B_H */