Eric Biggers <ebiggers@xxxxxxxxxx> writes: > On Thu, May 16, 2019 at 12:12:48PM +1000, Daniel Axtens wrote: >> >> I'm also seeing issues with ghash with the extended tests: >> >> [ 7.582926] alg: hash: p8_ghash test failed (wrong result) on test vector 0, cfg="random: use_final src_divs=[<reimport>9.72%@+39832, <reimport>18.2%@+65504, <reimport,nosimd>45.57%@alignmask+18, <reimport,nosimd>15.6%@+65496, 6.83%@+65514, <reimport,nosimd>1.2%@+25, <reim" >> >> It seems to happen when one of the source divisions has nosimd and the >> final result uses the simd finaliser, so that's interesting. >> > > The bug is that p8_ghash uses different shash_descs for the SIMD and no-SIMD > cases. So if you start out doing the hash in SIMD context but then switch to > no-SIMD context or vice versa, the digest will be wrong. Note that there can be > an ->export() and ->import() in between, so it's not quite as obscure a case as > one might think. Ah cool, I was just in the process of figuring this out for myself - always lovely to have my theory confirmed! > To fix it I think you'll need to make p8_ghash use 'struct ghash_desc_ctx' just > like ghash-generic so that the two code paths can share the same shash_desc. > That's similar to what the various SHA hash algorithms do. This is very helpful, thank you. I guess I will do that then. Regards, Daniel > > - Eric
