From patchwork Fri Jun 29 21:14:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10497627 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4229E601C7 for ; Fri, 29 Jun 2018 21:16:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 311CD29719 for ; Fri, 29 Jun 2018 21:16:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2406329721; Fri, 29 Jun 2018 21:16:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BB58329719 for ; Fri, 29 Jun 2018 21:16:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935709AbeF2VQG (ORCPT ); Fri, 29 Jun 2018 17:16:06 -0400 Received: from mail-pl0-f67.google.com ([209.85.160.67]:37329 "EHLO mail-pl0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752549AbeF2VQD (ORCPT ); Fri, 29 Jun 2018 17:16:03 -0400 Received: by mail-pl0-f67.google.com with SMTP id 31-v6so5024730plc.4 for ; Fri, 29 Jun 2018 14:16:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=TaMH7C7bpxVfkT23UOQPrx2un2ABagnAbi5GuGr3VJc=; b=px6jQqTceu2BPlbX97dGI2bkvidP5vRn4h0v92ujJTwqWWEz7cQRKDVk3p2x4oI1mg TUJLJyWI872OzwaJ1hiZZbZVZtMTbTRNS1kxBlbpRxKah3NdGtUhXk3zvHc9a0Lg3dds 8mN5e6x+e5YBZa7tyiRJH/TYrJcZ0Eox2oO9/v/PejyiOs7OngoCvwFry2kOYJ98y/Nu pvjgZzB8VhsfkmM7uAZp7HWqk9wLsMqdQdg92lKbkCl4NrpcrURECTw4atTNGzJoRcEI cxiBFW8RdhHE9zdhCbKlrgc/5KQ+j4xs4+Z16zbxSFWwkVkSxXKSVCJLXFt8scE4wHIN 5UNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=TaMH7C7bpxVfkT23UOQPrx2un2ABagnAbi5GuGr3VJc=; b=Ck1b+r1gOEI54Tl4e/rxMdKnKXZZx9VGGump3rcimxAg0FoFLlPrKF8xRaC2MaOiqB WEhKlFxMIUAAS+YUkNAv44z1YGJI3t6pYHKVElf9HvReDT6hmx+/5XDm7J0vLgltiiFl M/5TDtejy3harYtiQiA6n3qEOfwSmEUv3Jlb20W2x276JuOeqLsfdX3NIBec+pBqZCpk VcFnIjx96NfisHcSq81ZTw3dtL9B/G0DlrbU3onmzRWmnXmTdU28yilmlJD8yd+Pb4Cd W3vspSNjEFQ+fVLC3u6RA71LNdKHAOz70OMxpI3SU/tX9n9Fi9vqLeV4/ONkwAWba+fi naRw== X-Gm-Message-State: APt69E07juBuQEhMIMN2krCxvj3Id4Pum1dVy9pAUG4zEVI6dmPeoKK4 0/KDE3mmsY6ixBG5svcFBO2SYecD X-Google-Smtp-Source: ADUXVKLlnlDYYKyT2eTigsgZ28/fDy1Xd7qdPocEUhB6v5kzBRYOmpFAs11M6VcgYpyw1UqmRtzmOw== X-Received: by 2002:a17:902:8645:: with SMTP id y5-v6mr16420716plt.334.1530306962968; Fri, 29 Jun 2018 14:16:02 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([2620:15c:17:3:dc28:5c82:b905:e8a8]) by smtp.gmail.com with ESMTPSA id v13-v6sm22939821pfa.131.2018.06.29.14.16.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 Jun 2018 14:16:02 -0700 (PDT) From: Eric Biggers To: linux-crypto@vger.kernel.org, Herbert Xu Cc: Xiaodong Liu , Megha Dey , Tim Chen , Eric Biggers Subject: [PATCH] crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() Date: Fri, 29 Jun 2018 14:14:35 -0700 Message-Id: <20180629211435.203108-1-ebiggers3@gmail.com> X-Mailer: git-send-email 2.18.0.399.gad0ab374a1-goog Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers There is a copy-paste error where sha256_mb_mgr_get_comp_job_avx2() copies the SHA-256 digest state from sha256_mb_mgr::args::digest to job_sha256::result_digest. Consequently, the sha256_mb algorithm sometimes calculates the wrong digest. Fix it. Reproducer using AF_ALG: #include #include #include #include #include #include static const __u8 expected[32] = "\xad\x7f\xac\xb2\x58\x6f\xc6\xe9\x66\xc0\x04\xd7\xd1\xd1\x6b\x02" "\x4f\x58\x05\xff\x7c\xb4\x7c\x7a\x85\xda\xbd\x8b\x48\x89\x2c\xa7"; int main() { int fd; struct sockaddr_alg addr = { .salg_type = "hash", .salg_name = "sha256_mb", }; __u8 data[4096] = { 0 }; __u8 digest[32]; int ret; int i; fd = socket(AF_ALG, SOCK_SEQPACKET, 0); bind(fd, (void *)&addr, sizeof(addr)); fork(); fd = accept(fd, 0, 0); do { ret = write(fd, data, 4096); assert(ret == 4096); ret = read(fd, digest, 32); assert(ret == 32); } while (memcmp(digest, expected, 32) == 0); printf("wrong digest: "); for (i = 0; i < 32; i++) printf("%02x", digest[i]); printf("\n"); } Output was: wrong digest: ad7facb2000000000000000000000000ffffffef7cb47c7a85dabd8b48892ca7 Fixes: 172b1d6b5a93 ("crypto: sha256-mb - fix ctx pointer and digest copy") Cc: # v4.8+ Signed-off-by: Eric Biggers --- arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S index 16c4ccb1f154..d2364c55bbde 100644 --- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S +++ b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S @@ -265,7 +265,7 @@ ENTRY(sha256_mb_mgr_get_comp_job_avx2) vpinsrd $1, _args_digest+1*32(state, idx, 4), %xmm0, %xmm0 vpinsrd $2, _args_digest+2*32(state, idx, 4), %xmm0, %xmm0 vpinsrd $3, _args_digest+3*32(state, idx, 4), %xmm0, %xmm0 - vmovd _args_digest(state , idx, 4) , %xmm0 + vmovd _args_digest+4*32(state, idx, 4), %xmm1 vpinsrd $1, _args_digest+5*32(state, idx, 4), %xmm1, %xmm1 vpinsrd $2, _args_digest+6*32(state, idx, 4), %xmm1, %xmm1 vpinsrd $3, _args_digest+7*32(state, idx, 4), %xmm1, %xmm1