Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3473119imu; Sun, 11 Nov 2018 15:55:10 -0800 (PST) X-Google-Smtp-Source: AJdET5e1hR8B8O+hEiManyYd1MGheKvWBSx9tTocJKovqOqu5pAcRgcxTIUI48WhZDTl/K1mBo7Q X-Received: by 2002:a62:3346:: with SMTP id z67-v6mr9785813pfz.112.1541980510202; Sun, 11 Nov 2018 15:55:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541980510; cv=none; d=google.com; s=arc-20160816; b=OeP2g34Q9bxybeeqPYsGhrpcMr7oKiub3qogfqJq131XQvNrDQDocr9f+1cevJfOkm zIsyra0mC+pJdHvIUfpWuspsJy8t8460UN3Ii+5jGQowuAs1OdghjSpgmSXdEFbOl/6z u7PjnSLSeZHPqsI97boG0ZqU1pBzy+rIUIHvr5mxBMdb+QsIQEnn/GhbklX8sOiXV3Mc GGna2NLT9xWdUo2WUUSQPJdcc65u+DwpRFC4Wj1ThjqcDs8ZNFoslWa74awfpIDJuD4A FoZWT4qsPmIKNiJJeB2rp0sG2jKR/gN+t6JKRjVouid43bHBUSQZQ0ZuVsDjGr7EY0Uf Ob6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=L+RPAYeRs9dHL19x9DOexCvVhevJguff92o9ZuXXDWA=; b=z+Y3lfbLslGVIPK3h5gunpPb8F2YG1u/izTJVsca1buRnoxOHdtPMydcmf/VfkgWI+ wm2pzcIelYFd0FkMtur1lVOrO2VGYT82E3UCj0IBpGMF0MOOWF2YskCxkANsr2F0YNnx l89kL2uyp6l7I9ynC54lvgsmD4wNT1SCXqK4DN0BujHvbD9mxLsvWDAlDUEluLjmPxkQ wFBKmpo0MRalRYm12Rr1NV9lC39tmWvwXQ+I9di2rOrmU1EhPiNQmohUSEOafNoGNU9V lORHi9mRGN6j52MGItIyWvHvZIPr0HCif1lguozY+iecW040nA2EoiRVtIyOmnG6CyY4 TO7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ugfP0x3W; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x3-v6si17075113pfb.122.2018.11.11.15.54.55; Sun, 11 Nov 2018 15:55:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ugfP0x3W; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732938AbeKLJnn (ORCPT + 99 others); Mon, 12 Nov 2018 04:43:43 -0500 Received: from mail.kernel.org ([198.145.29.99]:37238 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732795AbeKLIS0 (ORCPT ); Mon, 12 Nov 2018 03:18:26 -0500 Received: from localhost (unknown [206.108.79.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9FAED22353; Sun, 11 Nov 2018 22:28:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541975310; bh=H/NGUGH/XNAqBI8nf5ULOnJ8oW7o5j16uaCqYagc0ng=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ugfP0x3WokPZslchXJvT4aOonmiGkykF8I0ryXbdE55AcyfQ3WWeMSBoRasDXXb2G KdwKTmwktzFMYJvm31WooWYJI3RtE+7XcDsOeEkaEgVz4k19G5smM0499azlXIMxdG Lw8tS3UhptyNlBUTZtonM/nJ/izbky0sllRo/ovc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ondrej Mosnacek , Ard Biesheuvel , Herbert Xu Subject: [PATCH 4.19 245/361] crypto: morus/generic - fix for big endian systems Date: Sun, 11 Nov 2018 14:19:52 -0800 Message-Id: <20181111221652.681034206@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181111221619.915519183@linuxfoundation.org> References: <20181111221619.915519183@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ard Biesheuvel commit 5a8dedfa3276e88c5865f265195d63d72aec3e72 upstream. Omit the endian swabbing when folding the lengths of the assoc and crypt input buffers into the state to finalize the tag. This is not necessary given that the memory representation of the state is in machine native endianness already. This fixes an error reported by tcrypt running on a big endian system: alg: aead: Test 2 failed on encryption for morus640-generic 00000000: a8 30 ef fb e6 26 eb 23 b0 87 dd 98 57 f3 e1 4b 00000010: 21 alg: aead: Test 2 failed on encryption for morus1280-generic 00000000: 88 19 1b fb 1c 29 49 0e ee 82 2f cb 97 a6 a5 ee 00000010: 5f Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations") Cc: # v4.18+ Reviewed-by: Ondrej Mosnacek Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/morus1280.c | 7 ++----- crypto/morus640.c | 16 ++++------------ 2 files changed, 6 insertions(+), 17 deletions(-) --- a/crypto/morus1280.c +++ b/crypto/morus1280.c @@ -385,14 +385,11 @@ static void crypto_morus1280_final(struc struct morus1280_block *tag_xor, u64 assoclen, u64 cryptlen) { - u64 assocbits = assoclen * 8; - u64 cryptbits = cryptlen * 8; - struct morus1280_block tmp; unsigned int i; - tmp.words[0] = cpu_to_le64(assocbits); - tmp.words[1] = cpu_to_le64(cryptbits); + tmp.words[0] = assoclen * 8; + tmp.words[1] = cryptlen * 8; tmp.words[2] = 0; tmp.words[3] = 0; --- a/crypto/morus640.c +++ b/crypto/morus640.c @@ -384,21 +384,13 @@ static void crypto_morus640_final(struct struct morus640_block *tag_xor, u64 assoclen, u64 cryptlen) { - u64 assocbits = assoclen * 8; - u64 cryptbits = cryptlen * 8; - - u32 assocbits_lo = (u32)assocbits; - u32 assocbits_hi = (u32)(assocbits >> 32); - u32 cryptbits_lo = (u32)cryptbits; - u32 cryptbits_hi = (u32)(cryptbits >> 32); - struct morus640_block tmp; unsigned int i; - tmp.words[0] = cpu_to_le32(assocbits_lo); - tmp.words[1] = cpu_to_le32(assocbits_hi); - tmp.words[2] = cpu_to_le32(cryptbits_lo); - tmp.words[3] = cpu_to_le32(cryptbits_hi); + tmp.words[0] = lower_32_bits(assoclen * 8); + tmp.words[1] = upper_32_bits(assoclen * 8); + tmp.words[2] = lower_32_bits(cryptlen * 8); + tmp.words[3] = upper_32_bits(cryptlen * 8); for (i = 0; i < MORUS_BLOCK_WORDS; i++) state->s[4].words[i] ^= state->s[0].words[i];