From patchwork Fri Mar 15 02:09:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Daniel Axtens X-Patchwork-Id: 10853989 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E446613B5 for ; Fri, 15 Mar 2019 02:09:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CFE2E28BF7 for ; Fri, 15 Mar 2019 02:09:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C412528C1C; Fri, 15 Mar 2019 02:09:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6D45B28BF7 for ; Fri, 15 Mar 2019 02:09:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727346AbfCOCJG (ORCPT ); Thu, 14 Mar 2019 22:09:06 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:37326 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727304AbfCOCJG (ORCPT ); Thu, 14 Mar 2019 22:09:06 -0400 Received: by mail-pf1-f194.google.com with SMTP id 8so1739573pfr.4 for ; Thu, 14 Mar 2019 19:09:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Y3kqJQ5xsOjs4aV1pFM0MeGV8X4Abqf24LZEIyvcPnE=; b=MYzwGELu/d1daXHH5m38Tz2y+m+vS0t/i7J7G1Tba0K6lEAE1PBJZrOKdMR1yR4H/y mdkh1NivJ7Ank2bMvpzjQrDN/Mhv0A2QHmxk6EdoM02KQIh6Wr44rBzDsevU2xTExpnb 2uaERrNyy/xu+lragW9+cvIOaTuD2/XDPYSCM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Y3kqJQ5xsOjs4aV1pFM0MeGV8X4Abqf24LZEIyvcPnE=; b=M1Z3Qca5ZixIRH/Ce+pxWy3NmsR9md0bqEUxjAjmFNQMqUwdx+W2pYdSkA2R83kUXo vdIsD9eM/FUBOZG2RzWemqPcomTr73vKQ5U6EkV1xIGT3bym2flxbSp03rSaXL7eZmB0 Vb1x3IRM5qNaYroOTcNMV+8ULxS46TZwmuKtyaDC7FY+MSAbo+bMxQjW7MVSi2DKYY6P xV4nsjvkUGoDmHh+iFBTG+KwWCN54HEIBglF+rEroLN4sxQJPmnXXwhSZ/A7rpI9XsCP Z3QPV+i4v6hZXjtBx3M1WkQlMBOc0/SpcWbgXI1oVfxuAsvXPrAS2ew3+Ll2PigOPi3j Yjzg== X-Gm-Message-State: APjAAAVE7BtPI5gNUHfMQPL6N6IVP55VGa3QTnAzjpTOOLRmzeP7YKes 8bELYa1zvVWyf4lhk03t14ojEw== X-Google-Smtp-Source: APXvYqz4OAteB7F0UWElJ5HD5WmtiImAfV0WL0obe2SGPZSKJk4sI0S2qI7wlcwxjHcOlARBq8cw2w== X-Received: by 2002:a65:534d:: with SMTP id w13mr1025397pgr.186.1552615745775; Thu, 14 Mar 2019 19:09:05 -0700 (PDT) Received: from localhost (124-171-209-25.dyn.iinet.net.au. [124.171.209.25]) by smtp.gmail.com with ESMTPSA id j20sm472815pfh.141.2019.03.14.19.09.04 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 14 Mar 2019 19:09:04 -0700 (PDT) From: Daniel Axtens To: omosnacek@gmail.com, linux-crypto@vger.kernel.org, Herbert Xu Cc: marcelo.cerri@canonical.com, Stephan Mueller , leo.barbosa@canonical.com, linuxppc-dev@lists.ozlabs.org, nayna@linux.ibm.com, pfsmorigo@gmail.com, leitao@debian.org Subject: [PATCH] crypto: vmx - fix copy-paste error in CTR mode Date: Fri, 15 Mar 2019 13:09:01 +1100 Message-Id: <20190315020901.16509-1-dja@axtens.net> X-Mailer: git-send-email 2.19.1 MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The original assembly imported from OpenSSL has two copy-paste errors in handling CTR mode. When dealing with a 2 or 3 block tail, the code branches to the CBC decryption exit path, rather than to the CTR exit path. This leads to corruption of the IV, which leads to subsequent blocks being corrupted. This can be detected with libkcapi test suite, which is available at https://github.com/smuellerDD/libkcapi Reported-by: Ondrej Mosnáček Fixes: 5c380d623ed3 ("crypto: vmx - Add support for VMS instructions by ASM") Cc: stable@vger.kernel.org Signed-off-by: Daniel Axtens Tested-by: Michael Ellerman Tested-by: Ondrej Mosnacek --- drivers/crypto/vmx/aesp8-ppc.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/vmx/aesp8-ppc.pl b/drivers/crypto/vmx/aesp8-ppc.pl index d6a9f63d65ba..de78282b8f44 100644 --- a/drivers/crypto/vmx/aesp8-ppc.pl +++ b/drivers/crypto/vmx/aesp8-ppc.pl @@ -1854,7 +1854,7 @@ Lctr32_enc8x_three: stvx_u $out1,$x10,$out stvx_u $out2,$x20,$out addi $out,$out,0x30 - b Lcbc_dec8x_done + b Lctr32_enc8x_done .align 5 Lctr32_enc8x_two: @@ -1866,7 +1866,7 @@ Lctr32_enc8x_two: stvx_u $out0,$x00,$out stvx_u $out1,$x10,$out addi $out,$out,0x20 - b Lcbc_dec8x_done + b Lctr32_enc8x_done .align 5 Lctr32_enc8x_one: