On Fri, Jun 29, 2018 at 02:14:35PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > There is a copy-paste error where sha256_mb_mgr_get_comp_job_avx2() > copies the SHA-256 digest state from sha256_mb_mgr::args::digest to > job_sha256::result_digest. Consequently, the sha256_mb algorithm > sometimes calculates the wrong digest. Fix it. > > Reproducer using AF_ALG: > > #include <assert.h> > #include <linux/if_alg.h> > #include <stdio.h> > #include <string.h> > #include <sys/socket.h> > #include <unistd.h> > > static const __u8 expected[32] = > "\xad\x7f\xac\xb2\x58\x6f\xc6\xe9\x66\xc0\x04\xd7\xd1\xd1\x6b\x02" > "\x4f\x58\x05\xff\x7c\xb4\x7c\x7a\x85\xda\xbd\x8b\x48\x89\x2c\xa7"; > > int main() > { > int fd; > struct sockaddr_alg addr = { > .salg_type = "hash", > .salg_name = "sha256_mb", > }; > __u8 data[4096] = { 0 }; > __u8 digest[32]; > int ret; > int i; > > fd = socket(AF_ALG, SOCK_SEQPACKET, 0); > bind(fd, (void *)&addr, sizeof(addr)); > fork(); > fd = accept(fd, 0, 0); > do { > ret = write(fd, data, 4096); > assert(ret == 4096); > ret = read(fd, digest, 32); > assert(ret == 32); > } while (memcmp(digest, expected, 32) == 0); > > printf("wrong digest: "); > for (i = 0; i < 32; i++) > printf("%02x", digest[i]); > printf("\n"); > } > > Output was: > > wrong digest: ad7facb2000000000000000000000000ffffffef7cb47c7a85dabd8b48892ca7 > > Fixes: 172b1d6b5a93 ("crypto: sha256-mb - fix ctx pointer and digest copy") > Cc: <stable@xxxxxxxxxxxxxxx> # v4.8+ > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt