tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: s390/hmac - Fix counter in export state

The hmac export state needs to be one block-size bigger to account
for the ipad.

Reported-by: Ingo Franzki <ifranzki@linux.ibm.com>
Fixes: 08811169ac01 ("crypto: s390/hmac - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Herbert Xu 1b39bc4a 442134ab

+8 -4
+8 -4
arch/s390/crypto/hmac_s390.c
··· 290 290 struct s390_kmac_sha2_ctx *ctx = shash_desc_ctx(desc); 291 291 unsigned int bs = crypto_shash_blocksize(desc->tfm); 292 292 unsigned int ds = bs / 2; 293 + u64 lo = ctx->buflen[0]; 293 294 union { 294 295 u8 *u8; 295 296 u64 *u64; ··· 302 301 else 303 302 memcpy(p.u8, ctx->param, ds); 304 303 p.u8 += ds; 305 - put_unaligned(ctx->buflen[0], p.u64++); 304 + lo += bs; 305 + put_unaligned(lo, p.u64++); 306 306 if (ds == SHA512_DIGEST_SIZE) 307 - put_unaligned(ctx->buflen[1], p.u64); 307 + put_unaligned(ctx->buflen[1] + (lo < bs), p.u64); 308 308 return err; 309 309 } 310 310 ··· 318 316 const u8 *u8; 319 317 const u64 *u64; 320 318 } p = { .u8 = in }; 319 + u64 lo; 321 320 int err; 322 321 323 322 err = s390_hmac_sha2_init(desc); 324 323 memcpy(ctx->param, p.u8, ds); 325 324 p.u8 += ds; 326 - ctx->buflen[0] = get_unaligned(p.u64++); 325 + lo = get_unaligned(p.u64++); 326 + ctx->buflen[0] = lo - bs; 327 327 if (ds == SHA512_DIGEST_SIZE) 328 - ctx->buflen[1] = get_unaligned(p.u64); 328 + ctx->buflen[1] = get_unaligned(p.u64) - (lo < bs); 329 329 if (ctx->buflen[0] | ctx->buflen[1]) 330 330 ctx->gr0.ikp = 1; 331 331 return err;