Home Home > GIT Browse > SLE12-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-07-16 14:46:35 +0200
committerTakashi Iwai <tiwai@suse.de>2019-07-16 14:47:16 +0200
commit0f51f7d5943d8d0d7b06cead8ea840b0bb8dd9b7 (patch)
treeb20c35465fc70feca12d221adaca804658c62dfb
parent4c29020d847a1a06dce5f783fc2670b439426192 (diff)
crypto: arm64/sha2-ce - correct digest for empty data in finup
(bsc#1051510).
-rw-r--r--patches.fixes/crypto-arm64-sha2-ce-correct-digest-for-empty-data-i.patch40
-rw-r--r--series.conf1
2 files changed, 41 insertions, 0 deletions
diff --git a/patches.fixes/crypto-arm64-sha2-ce-correct-digest-for-empty-data-i.patch b/patches.fixes/crypto-arm64-sha2-ce-correct-digest-for-empty-data-i.patch
new file mode 100644
index 0000000000..b28f23de72
--- /dev/null
+++ b/patches.fixes/crypto-arm64-sha2-ce-correct-digest-for-empty-data-i.patch
@@ -0,0 +1,40 @@
+From 6bd934de1e393466b319d29c4427598fda096c57 Mon Sep 17 00:00:00 2001
+From: Elena Petrova <lenaptr@google.com>
+Date: Tue, 28 May 2019 15:35:06 +0100
+Subject: [PATCH] crypto: arm64/sha2-ce - correct digest for empty data in finup
+Git-commit: 6bd934de1e393466b319d29c4427598fda096c57
+Patch-mainline: v5.3-rc1
+References: bsc#1051510
+
+The sha256-ce finup implementation for ARM64 produces wrong digest
+for empty input (len=0). Expected: the actual digest, result: initial
+value of SHA internal state. The error is in sha256_ce_finup:
+for empty data `finalize` will be 1, so the code is relying on
+sha2_ce_transform to make the final round. However, in
+sha256_base_do_update, the block function will not be called when
+len == 0.
+
+Fix it by setting finalize to 0 if data is empty.
+
+Fixes: 03802f6a80b3a ("crypto: arm64/sha2-ce - move SHA-224/256 ARMv8 implementation to base layer")
+Cc: stable@vger.kernel.org
+Signed-off-by: Elena Petrova <lenaptr@google.com>
+Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ arch/arm64/crypto/sha2-ce-glue.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/crypto/sha2-ce-glue.c
++++ b/arch/arm64/crypto/sha2-ce-glue.c
+@@ -50,7 +50,7 @@ static int sha256_ce_finup(struct shash_
+ unsigned int len, u8 *out)
+ {
+ struct sha256_ce_state *sctx = shash_desc_ctx(desc);
+- bool finalize = !sctx->sst.count && !(len % SHA256_BLOCK_SIZE);
++ bool finalize = !sctx->sst.count && !(len % SHA256_BLOCK_SIZE) && len;
+
+ ASM_EXPORT(sha256_ce_offsetof_count,
+ offsetof(struct sha256_ce_state, sst.count));
diff --git a/series.conf b/series.conf
index deae3fcf00..a9abfc8443 100644
--- a/series.conf
+++ b/series.conf
@@ -22823,6 +22823,7 @@
patches.fixes/crypto-talitos-properly-handle-split-ICV.patch
patches.fixes/crypto-talitos-Align-SEC1-accesses-to-32-bits-bounda.patch
patches.fixes/crypto-arm64-sha1-ce-correct-digest-for-empty-data-i.patch
+ patches.fixes/crypto-arm64-sha2-ce-correct-digest-for-empty-data-i.patch
patches.fixes/lib-scatterlist-Fix-mapping-iterator-when-sg-offset-.patch
patches.drivers/pwm-stm32-Use-3-cells-of_xlate.patch
patches.drivers/gpio-omap-fix-lack-of-irqstatus_raw0-for-OMAP4.patch