On Thu, May 16, 2019 at 12:12:48PM +1000, Daniel Axtens wrote: > > I'm also seeing issues with ghash with the extended tests: > > [ 7.582926] alg: hash: p8_ghash test failed (wrong result) on test vector 0, cfg="random: use_final src_divs=[<reimport>9.72%@+39832, <reimport>18.2%@+65504, <reimport,nosimd>45.57%@alignmask+18, <reimport,nosimd>15.6%@+65496, 6.83%@+65514, <reimport,nosimd>1.2%@+25, <reim" > > It seems to happen when one of the source divisions has nosimd and the > final result uses the simd finaliser, so that's interesting. > The bug is that p8_ghash uses different shash_descs for the SIMD and no-SIMD cases. So if you start out doing the hash in SIMD context but then switch to no-SIMD context or vice versa, the digest will be wrong. Note that there can be an ->export() and ->import() in between, so it's not quite as obscure a case as one might think. To fix it I think you'll need to make p8_ghash use 'struct ghash_desc_ctx' just like ghash-generic so that the two code paths can share the same shash_desc. That's similar to what the various SHA hash algorithms do. - Eric
