On Fri, Jun 29, 2018 at 02:14:35PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
>
> There is a copy-paste error where sha256_mb_mgr_get_comp_job_avx2()
> copies the SHA-256 digest state from sha256_mb_mgr::args::digest to
> job_sha256::result_digest. Consequently, the sha256_mb algorithm
> sometimes calculates the wrong digest. Fix it.
>
> Reproducer using AF_ALG:
>
> #include <assert.h>
> #include <linux/if_alg.h>
> #include <stdio.h>
> #include <string.h>
> #include <sys/socket.h>
> #include <unistd.h>
>
> static const __u8 expected[32] =
> "\xad\x7f\xac\xb2\x58\x6f\xc6\xe9\x66\xc0\x04\xd7\xd1\xd1\x6b\x02"
> "\x4f\x58\x05\xff\x7c\xb4\x7c\x7a\x85\xda\xbd\x8b\x48\x89\x2c\xa7";
>
> int main()
> {
> int fd;
> struct sockaddr_alg addr = {
> .salg_type = "hash",
> .salg_name = "sha256_mb",
> };
> __u8 data[4096] = { 0 };
> __u8 digest[32];
> int ret;
> int i;
>
> fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
> bind(fd, (void *)&addr, sizeof(addr));
> fork();
> fd = accept(fd, 0, 0);
> do {
> ret = write(fd, data, 4096);
> assert(ret == 4096);
> ret = read(fd, digest, 32);
> assert(ret == 32);
> } while (memcmp(digest, expected, 32) == 0);
>
> printf("wrong digest: ");
> for (i = 0; i < 32; i++)
> printf("%02x", digest[i]);
> printf("\n");
> }
>
> Output was:
>
> wrong digest: ad7facb2000000000000000000000000ffffffef7cb47c7a85dabd8b48892ca7
>
> Fixes: 172b1d6b5a93 ("crypto: sha256-mb - fix ctx pointer and digest copy")
> Cc: <stable@xxxxxxxxxxxxxxx> # v4.8+
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
