Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
crypto: s390/sha3 - Use cpu byte-order when exporting
The sha3 partial hash on s390 is in little-endian just like the
final hash. However the generic implementation produces native
or big-endian partial hashes.
Make s390 sha3 conform to that by doing the byte-swap on export
and import.
Reported-by: Ingo Franzki <ifranzki@linux.ibm.com>
Fixes: 6f90ba706551 ("crypto: s390/sha3 - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+35
-13
+3
arch/s390/crypto/sha.h
+3
arch/s390/crypto/sha.h
+16
-6
arch/s390/crypto/sha3_256_s390.c
+16
-6
arch/s390/crypto/sha3_256_s390.c
···
35
35
static int sha3_256_export(struct shash_desc *desc, void *out)
36
36
{
37
37
struct s390_sha_ctx *sctx = shash_desc_ctx(desc);
38
-
struct sha3_state *octx = out;
38
+
union {
39
+
u8 *u8;
40
+
u64 *u64;
41
+
} p = { .u8 = out };
42
+
int i;
39
43
40
44
if (sctx->first_message_part) {
41
-
memset(sctx->state, 0, sizeof(sctx->state));
42
-
sctx->first_message_part = 0;
45
+
memset(out, 0, SHA3_STATE_SIZE);
46
+
return 0;
43
47
}
44
-
memcpy(octx->st, sctx->state, sizeof(octx->st));
48
+
for (i = 0; i < SHA3_STATE_SIZE / 8; i++)
49
+
put_unaligned(le64_to_cpu(sctx->sha3.state[i]), p.u64++);
45
50
return 0;
46
51
}
47
52
48
53
static int sha3_256_import(struct shash_desc *desc, const void *in)
49
54
{
50
55
struct s390_sha_ctx *sctx = shash_desc_ctx(desc);
51
-
const struct sha3_state *ictx = in;
56
+
union {
57
+
const u8 *u8;
58
+
const u64 *u64;
59
+
} p = { .u8 = in };
60
+
int i;
52
61
62
+
for (i = 0; i < SHA3_STATE_SIZE / 8; i++)
63
+
sctx->sha3.state[i] = cpu_to_le64(get_unaligned(p.u64++));
53
64
sctx->count = 0;
54
-
memcpy(sctx->state, ictx->st, sizeof(ictx->st));
55
65
sctx->first_message_part = 0;
56
66
sctx->func = CPACF_KIMD_SHA3_256;
57
67
+16
-7
arch/s390/crypto/sha3_512_s390.c
+16
-7
arch/s390/crypto/sha3_512_s390.c
···
34
34
static int sha3_512_export(struct shash_desc *desc, void *out)
35
35
{
36
36
struct s390_sha_ctx *sctx = shash_desc_ctx(desc);
37
-
struct sha3_state *octx = out;
38
-
37
+
union {
38
+
u8 *u8;
39
+
u64 *u64;
40
+
} p = { .u8 = out };
41
+
int i;
39
42
40
43
if (sctx->first_message_part) {
41
-
memset(sctx->state, 0, sizeof(sctx->state));
42
-
sctx->first_message_part = 0;
44
+
memset(out, 0, SHA3_STATE_SIZE);
45
+
return 0;
43
46
}
44
-
memcpy(octx->st, sctx->state, sizeof(octx->st));
47
+
for (i = 0; i < SHA3_STATE_SIZE / 8; i++)
48
+
put_unaligned(le64_to_cpu(sctx->sha3.state[i]), p.u64++);
45
49
return 0;
46
50
}
47
51
48
52
static int sha3_512_import(struct shash_desc *desc, const void *in)
49
53
{
50
54
struct s390_sha_ctx *sctx = shash_desc_ctx(desc);
51
-
const struct sha3_state *ictx = in;
55
+
union {
56
+
const u8 *u8;
57
+
const u64 *u64;
58
+
} p = { .u8 = in };
59
+
int i;
52
60
61
+
for (i = 0; i < SHA3_STATE_SIZE / 8; i++)
62
+
sctx->sha3.state[i] = cpu_to_le64(get_unaligned(p.u64++));
53
63
sctx->count = 0;
54
-
memcpy(sctx->state, ictx->st, sizeof(ictx->st));
55
64
sctx->first_message_part = 0;
56
65
sctx->func = CPACF_KIMD_SHA3_512;
57
66