leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
af839b4e54
linux/arch/x86
History
Eric Biggers af839b4e54 crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() 
There is a copy-paste error where sha256_mb_mgr_get_comp_job_avx2()
copies the SHA-256 digest state from sha256_mb_mgr::args::digest to
job_sha256::result_digest.  Consequently, the sha256_mb algorithm
sometimes calculates the wrong digest.  Fix it.

Reproducer using AF_ALG:

    #include <assert.h>
    #include <linux/if_alg.h>
    #include <stdio.h>
    #include <string.h>
    #include <sys/socket.h>
    #include <unistd.h>

    static const __u8 expected[32] =
        "\xad\x7f\xac\xb2\x58\x6f\xc6\xe9\x66\xc0\x04\xd7\xd1\xd1\x6b\x02"
        "\x4f\x58\x05\xff\x7c\xb4\x7c\x7a\x85\xda\xbd\x8b\x48\x89\x2c\xa7";

    int main()
    {
        int fd;
        struct sockaddr_alg addr = {
            .salg_type = "hash",
            .salg_name = "sha256_mb",
        };
        __u8 data[4096] = { 0 };
        __u8 digest[32];
        int ret;
        int i;

        fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
        bind(fd, (void *)&addr, sizeof(addr));
        fork();
        fd = accept(fd, 0, 0);
        do {
            ret = write(fd, data, 4096);
            assert(ret == 4096);
            ret = read(fd, digest, 32);
            assert(ret == 32);
        } while (memcmp(digest, expected, 32) == 0);

        printf("wrong digest: ");
        for (i = 0; i < 32; i++)
            printf("%02x", digest[i]);
        printf("\n");
    }

Output was:

    wrong digest: ad7facb2000000000000000000000000ffffffef7cb47c7a85dabd8b48892ca7

Fixes: 172b1d6b5a ("crypto: sha256-mb - fix ctx pointer and digest copy")
Cc: <stable@vger.kernel.org> # v4.8+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-07-09 00:30:19 +08:00
..
boot Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-06-10 09:44:53 -07:00
configs
crypto crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() 2018-07-09 00:30:19 +08:00
entry docs: Fix some broken references 2018-06-15 18:10:01 -03:00
events treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
hyperv x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header 2018-05-26 14:14:33 +02:00
ia32 syscalls/x86: auto-create compat_sys_*() prototypes 2018-04-02 20:16:18 +02:00
include Kbuild: rename CC_STACKPROTECTOR[_STRONG] config variables 2018-06-14 12:21:18 +09:00
kernel Kbuild: rename CC_STACKPROTECTOR[_STRONG] config variables 2018-06-14 12:21:18 +09:00
kvm KVM: x86: VMX: redo fix for link error without CONFIG_HYPERV 2018-06-14 18:53:14 +02:00
lib libnvdimm for 4.18 2018-06-08 17:21:52 -07:00
math-emu
mm treewide: use PHYS_ADDR_MAX to avoid type casting ULLONG_MAX 2018-06-15 07:55:25 +09:00
net treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
oprofile
pci treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
platform treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
power x86/mm: Stop pretending pgtable_l5_enabled is a variable 2018-05-19 11:56:57 +02:00
purgatory kernel/kexec_file.c: move purgatories sha256 to common code 2018-04-13 17:10:28 -07:00
ras
realmode
tools
um Kconfig updates for v4.18 2018-06-06 11:31:45 -07:00
video
xen xen: fixes and features for v4-18-rc1 2018-06-08 09:24:54 -07:00
.gitignore
Kbuild
Kconfig Kbuild: rename HAVE_CC_STACKPROTECTOR config variable 2018-06-15 07:15:28 +09:00
Kconfig.cpu Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-03-25 07:36:02 -10:00
Kconfig.debug x86, nfit_test: Add unit test for memcpy_mcsafe() 2018-05-22 23:18:31 -07:00
Makefile kbuild: add machine size to CHECKFLAGS 2018-06-01 11:36:58 +09:00
Makefile_32.cpu
Makefile.um