[PATCH] crypto: s390/hmac - Fix counter in export state

public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed

From: Herbert Xu <herbert@gondor.apana.org.au>
To: Ingo Franzki <ifranzki@linux.ibm.com>
Cc: linux-crypto@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>,
	Harald Freudenberger <freude@linux.ibm.com>,
	Holger Dengler <dengler@linux.ibm.com>
Subject: [PATCH] crypto: s390/hmac - Fix counter in export state
Date: Fri, 23 May 2025 19:24:34 +0800	[thread overview]
Message-ID: <aDBa8tuSvw1mnnKL@gondor.apana.org.au> (raw)
In-Reply-To: <152288d2-a034-4594-a5cc-d46faf34ac24@linux.ibm.com>

On Fri, May 23, 2025 at 10:02:18AM +0200, Ingo Franzki wrote:
> 
> Yes, indeed, reverting this commit makes the problem to go away. 

Great.  While I've got your attenttion, could you also test this
patch to see if it makes the hmac errors go away?

Thanks,

---8<---
The hmac export state needs to be one block-size bigger to account
for the ipad.

Reported-by: Ingo Franzki <ifranzki@linux.ibm.com>
Fixes: 08811169ac01 ("crypto: s390/hmac - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/arch/s390/crypto/hmac_s390.c b/arch/s390/crypto/hmac_s390.c
index 93a1098d9f8d..58444da9b004 100644
--- a/arch/s390/crypto/hmac_s390.c
+++ b/arch/s390/crypto/hmac_s390.c
@@ -290,6 +290,7 @@ static int s390_hmac_export(struct shash_desc *desc, void *out)
 	struct s390_kmac_sha2_ctx *ctx = shash_desc_ctx(desc);
 	unsigned int bs = crypto_shash_blocksize(desc->tfm);
 	unsigned int ds = bs / 2;
+	u64 lo = ctx->buflen[0];
 	union {
 		u8 *u8;
 		u64 *u64;
@@ -301,9 +302,10 @@ static int s390_hmac_export(struct shash_desc *desc, void *out)
 	else
 		memcpy(p.u8, ctx->param, ds);
 	p.u8 += ds;
-	put_unaligned(ctx->buflen[0], p.u64++);
+	lo += bs;
+	put_unaligned(lo, p.u64++);
 	if (ds == SHA512_DIGEST_SIZE)
-		put_unaligned(ctx->buflen[1], p.u64);
+		put_unaligned(ctx->buflen[1] + (lo < bs), p.u64);
 	return err;
 }
 
@@ -316,14 +318,16 @@ static int s390_hmac_import(struct shash_desc *desc, const void *in)
 		const u8 *u8;
 		const u64 *u64;
 	} p = { .u8 = in };
+	u64 lo;
 	int err;
 
 	err = s390_hmac_sha2_init(desc);
 	memcpy(ctx->param, p.u8, ds);
 	p.u8 += ds;
-	ctx->buflen[0] = get_unaligned(p.u64++);
+	lo = get_unaligned(p.u64++);
+	ctx->buflen[0] = lo - bs;
 	if (ds == SHA512_DIGEST_SIZE)
-		ctx->buflen[1] = get_unaligned(p.u64);
+		ctx->buflen[1] = get_unaligned(p.u64) - (lo < bs);
 	if (ctx->buflen[0] | ctx->buflen[1])
 		ctx->gr0.ikp = 1;
 	return err;
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

next prev parent reply	other threads:[~2025-05-23 11:24 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-05-22 14:13 CI: Selftest failures of s390 SHA3 and HMAC on next kernel Ingo Franzki
2025-05-23  5:51 ` Herbert Xu
2025-05-23  8:02   ` Ingo Franzki
2025-05-23 11:24     ` Herbert Xu [this message]
2025-05-23 11:41       ` [PATCH] crypto: s390/hmac - Fix counter in export state Ingo Franzki
2025-05-23 11:41 ` CI: Selftest failures of s390 SHA3 and HMAC on next kernel Herbert Xu
2025-05-23 12:03   ` Ingo Franzki
2025-05-23 12:06     ` Herbert Xu
2025-05-23 12:28     ` [PATCH] crypto: s390/sha3 - Use cpu byte-order when exporting Herbert Xu
2025-05-23 12:54       ` Ingo Franzki
2025-05-23 12:56         ` Herbert Xu

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:93a1098d9f8 dfblob:58444da9b00 )
 OR (
bs:"[PATCH] crypto: s390/hmac - Fix counter in export state" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aDBa8tuSvw1mnnKL@gondor.apana.org.au \
    --to=herbert@gondor.apana.org.au \
    --cc=dengler@linux.ibm.com \
    --cc=ebiggers@kernel.org \
    --cc=freude@linux.ibm.com \
    --cc=ifranzki@linux.ibm.com \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox