Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp5104898ybi; Tue, 28 May 2019 07:37:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqyFn+xD0pNjYxOmxZSlN4uAU0GO9i7Q0aSdHGJbvzT8o1WsqbwHHRvdbCq8iH6c011857pw X-Received: by 2002:a17:90a:9cc:: with SMTP id 70mr6385556pjo.93.1559054242473; Tue, 28 May 2019 07:37:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559054242; cv=none; d=google.com; s=arc-20160816; b=AK+wliWRmuQA+75oYaBwHJfM0SFQuepWq7c/UwxnZ/HgqPVxp7BqzGVjE2WktsvCN/ FmehSW9VniwAjjWK8mxU5fvVscNPzUBJirYUPQiLX6zyersMHVoEvFhiJisxlFrTo6g/ OKhaTpGkki1myS+DGVhaK+vp2JxNyWO72v1Cj9u57cqrwwpU5Wr+Loks09fR2hJxwd+b UVq0TWzxV24m8ZHKR8KOPN1ci8cOfnbZhyy5UDqZQ8FaCmrjsWE7CexSy1LSbSxUATxf E6qvqkQf6t03DBz4HT0Nt9OhqlG6b8KK5XCR7rlspHesb2tt60/tkpADzp+BYmWORSip 0ujw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=BBDKO8EMJjZWQxMXL1xSwnjCZ+AQSkiGLjl7m48b9A0=; b=PXcEZppG627Z+Sm0m0T5TomMrSr/+pTG9aYHISKnKRVSxMwFpl1OgGdr4WFNdjN5bc rhJeJOYKGOVkVQPVr6XQjAC6BCoUMlEEIPnbGqLdwkec65xlbhF/CBzGbmkJKsP6xy/D L5DgVa9v7hFuqJMF3P68wiKueVU6U5kDe8oM2LB3zZ6xTeGPEx0x+jLRCue/gPsa2i7p fFuPQkvr3urIFTVPl7cNpfxK2J0wMBChZC9Y9nM4UTIVVwRBT72J8kGKU+z9jJtyDOei 27AKyfpnOZLxhRVmztpgjXPjeAflaceJr28K9iVSgOXKC2bzrw/HyFKtq7IS7RBneGJy jtcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=rF95Z0N5; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y62si4565653pgy.362.2019.05.28.07.37.07; Tue, 28 May 2019 07:37:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=rF95Z0N5; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726453AbfE1Ogi (ORCPT + 99 others); Tue, 28 May 2019 10:36:38 -0400 Received: from mail-it1-f194.google.com ([209.85.166.194]:40144 "EHLO mail-it1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726371AbfE1Ogi (ORCPT ); Tue, 28 May 2019 10:36:38 -0400 Received: by mail-it1-f194.google.com with SMTP id h11so4237277itf.5 for ; Tue, 28 May 2019 07:36:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BBDKO8EMJjZWQxMXL1xSwnjCZ+AQSkiGLjl7m48b9A0=; b=rF95Z0N5QLTFBHs3BTxtcbdrh8/unoYwP93vjrLBUrBizEAkTMTsd/byG2IAdwa0ig czH2P3ZpcIoef72BQ7Fd7b13d+s3a4iosZj/hnOHpmn5sGD3PCtpZVltKDbymGXGgQgj vnkyXGqsYeB+XllrC5BheaJ77PMTmgwcso9rrRmq1sPt7e2+RN3I4ERmwZzeFyzIRN4j SwpR3D9y2plr5JL3E/+l3n/Slpy4BPVMfgSpZpZatoJuSrBS8Es8vLro8YrjCVw3sGHx vT0ipIPcRZB3qXK7Eadp+SMr6A4dDvsbA2A3EioYSjth9hl9SHdaKFE9HrQuWo3ktymj OnFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BBDKO8EMJjZWQxMXL1xSwnjCZ+AQSkiGLjl7m48b9A0=; b=iYoUqmXIW7OEvriHxWMikb6nur76W1hAGMXaTYnVByVcTOMzvbaDU6WGttypO8fJ8G jaf/WyPkKGaIQD9Sr6zhnuyIfR2HkIrohx+vntFML0FE9nY5F8QkPz5zlYpkP3mynHkn hh6AAoj7daN3FTCpaLEJs7SFSQKyAswIsqRcHyavyqYGt/zlBzLzjUFEOz0pHvh2yxnb QrU/ff55riP6S5zLynoGab1dKH3EQTSUB9wXd+SAC+PNRMBZFhaV0PgjaGOfvreBexTR zE9BLNAOflcMcr2MEfIGyjj41JDmrmqUlfc+GOVxCE0hkarK38sL5r6IcThdfLHSErPQ o3dg== X-Gm-Message-State: APjAAAWLB+kZNgRtabRFPB6JYzbzpBrkRRVLEccpb89skN53Qsl//xnW ovZOJhQgHp4VHA8ZUseTGalyL0fX1iRw51mrVg39Wsjk9p8= X-Received: by 2002:a24:ca84:: with SMTP id k126mr3191038itg.104.1559054197632; Tue, 28 May 2019 07:36:37 -0700 (PDT) MIME-Version: 1.0 References: <20190528143506.212198-1-lenaptr@google.com> In-Reply-To: <20190528143506.212198-1-lenaptr@google.com> From: Ard Biesheuvel Date: Tue, 28 May 2019 16:36:25 +0200 Message-ID: Subject: Re: [PATCH] arm64 sha2-ce finup: correct digest for empty data To: Elena Petrova Cc: "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , stable Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, 28 May 2019 at 16:35, Elena Petrova wrote: > > The sha256-ce finup implementation for ARM64 produces wrong digest > for empty input (len=0). Expected: the actual digest, result: initial > value of SHA internal state. The error is in sha256_ce_finup: > for empty data `finalize` will be 1, so the code is relying on > sha2_ce_transform to make the final round. However, in > sha256_base_do_update, the block function will not be called when > len == 0. > > Fix it by setting finalize to 0 if data is empty. > > Fixes: 03802f6a80b3a ("crypto: arm64/sha2-ce - move SHA-224/256 ARMv8 implementation to base layer") > Cc: stable@vger.kernel.org > Signed-off-by: Elena Petrova Thanks again Reviewed-by: Ard Biesheuvel > --- > arch/arm64/crypto/sha2-ce-glue.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm64/crypto/sha2-ce-glue.c b/arch/arm64/crypto/sha2-ce-glue.c > index a725997e55f2..6a5ade974a35 100644 > --- a/arch/arm64/crypto/sha2-ce-glue.c > +++ b/arch/arm64/crypto/sha2-ce-glue.c > @@ -60,7 +60,7 @@ static int sha256_ce_finup(struct shash_desc *desc, const u8 *data, > unsigned int len, u8 *out) > { > struct sha256_ce_state *sctx = shash_desc_ctx(desc); > - bool finalize = !sctx->sst.count && !(len % SHA256_BLOCK_SIZE); > + bool finalize = !sctx->sst.count && !(len % SHA256_BLOCK_SIZE) && len; > > if (!crypto_simd_usable()) { > if (len) > -- > 2.22.0.rc1.257.g3120a18244-goog >