tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: s390/hmac - Extend hash length counters to 128 bits

As sha512 requires 128-bit counters, extend the hash length counters
to that length. Previously they were just 32 bits which means that
a >4G sha256 hash would be incorrect.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Herbert Xu 89490e6b 0e2392b6

+14 -11
+14 -11
arch/s390/crypto/hmac_s390.c
··· 72 72 u8 param[MAX_DIGEST_SIZE + MAX_IMBL_SIZE + MAX_BLOCK_SIZE]; 73 73 union s390_kmac_gr0 gr0; 74 74 u8 buf[MAX_BLOCK_SIZE]; 75 - unsigned int buflen; 75 + u64 buflen[2]; 76 76 }; 77 77 78 78 /* 79 79 * kmac_sha2_set_imbl - sets the input message bit-length based on the blocksize 80 80 */ 81 - static inline void kmac_sha2_set_imbl(u8 *param, unsigned int buflen, 82 - unsigned int blocksize) 81 + static inline void kmac_sha2_set_imbl(u8 *param, u64 buflen_lo, 82 + u64 buflen_hi, unsigned int blocksize) 83 83 { 84 84 u8 *imbl = param + SHA2_IMBL_OFFSET(blocksize); 85 85 86 86 switch (blocksize) { 87 87 case SHA256_BLOCK_SIZE: 88 - *(u64 *)imbl = (u64)buflen * BITS_PER_BYTE; 88 + *(u64 *)imbl = buflen_lo * BITS_PER_BYTE; 89 89 break; 90 90 case SHA512_BLOCK_SIZE: 91 - *(u128 *)imbl = (u128)buflen * BITS_PER_BYTE; 91 + *(u128 *)imbl = (((u128)buflen_hi << 64) + buflen_lo) << 3; 92 92 break; 93 93 default: 94 94 break; ··· 176 176 memcpy(ctx->param + SHA2_KEY_OFFSET(bs), 177 177 tfm_ctx->key, bs); 178 178 179 - ctx->buflen = 0; 179 + ctx->buflen[0] = 0; 180 + ctx->buflen[1] = 0; 180 181 ctx->gr0.reg = 0; 181 182 switch (crypto_shash_digestsize(desc->tfm)) { 182 183 case SHA224_DIGEST_SIZE: ··· 207 206 unsigned int offset, n; 208 207 209 208 /* check current buffer */ 210 - offset = ctx->buflen % bs; 211 - ctx->buflen += len; 209 + offset = ctx->buflen[0] % bs; 210 + ctx->buflen[0] += len; 211 + if (ctx->buflen[0] < len) 212 + ctx->buflen[1]++; 212 213 if (offset + len < bs) 213 214 goto store; 214 215 ··· 246 243 unsigned int bs = crypto_shash_blocksize(desc->tfm); 247 244 248 245 ctx->gr0.iimp = 0; 249 - kmac_sha2_set_imbl(ctx->param, ctx->buflen, bs); 250 - _cpacf_kmac(&ctx->gr0.reg, ctx->param, ctx->buf, ctx->buflen % bs); 246 + kmac_sha2_set_imbl(ctx->param, ctx->buflen[0], ctx->buflen[1], bs); 247 + _cpacf_kmac(&ctx->gr0.reg, ctx->param, ctx->buf, ctx->buflen[0] % bs); 251 248 memcpy(out, ctx->param, crypto_shash_digestsize(desc->tfm)); 252 249 253 250 return 0; ··· 265 262 return rc; 266 263 267 264 ctx->gr0.iimp = 0; 268 - kmac_sha2_set_imbl(ctx->param, len, 265 + kmac_sha2_set_imbl(ctx->param, len, 0, 269 266 crypto_shash_blocksize(desc->tfm)); 270 267 _cpacf_kmac(&ctx->gr0.reg, ctx->param, data, len); 271 268 memcpy(out, ctx->param, ds);