crypto: morus/generic - fix for big endian systems

commit 5a8dedfa3276e88c5865f265195d63d72aec3e72 upstream.

Omit the endian swabbing when folding the lengths of the assoc and
crypt input buffers into the state to finalize the tag. This is not
necessary given that the memory representation of the state is in
machine native endianness already.

This fixes an error reported by tcrypt running on a big endian system:

  alg: aead: Test 2 failed on encryption for morus640-generic
  00000000: a8 30 ef fb e6 26 eb 23 b0 87 dd 98 57 f3 e1 4b
  00000010: 21
  alg: aead: Test 2 failed on encryption for morus1280-generic
  00000000: 88 19 1b fb 1c 29 49 0e ee 82 2f cb 97 a6 a5 ee
  00000010: 5f

Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations")
Cc: <stable@vger.kernel.org> # v4.18+
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/crypto/morus1280.c b/crypto/morus1280.c
index 6180b2557836a3156062abebea0b3c4c7d6d39a4..8f1952d96ebd2ee67cff2c9469fbdd7665f4786c 100644 (file)
--- a/crypto/morus1280.c
+++ b/crypto/morus1280.c
@@ -385,14 +385,11 @@ static void crypto_morus1280_final(struct morus1280_state *state,
                                   struct morus1280_block *tag_xor,
                                   u64 assoclen, u64 cryptlen)
 {
-       u64 assocbits = assoclen * 8;
-       u64 cryptbits = cryptlen * 8;
-
        struct morus1280_block tmp;
        unsigned int i;
 
-       tmp.words[0] = cpu_to_le64(assocbits);
-       tmp.words[1] = cpu_to_le64(cryptbits);
+       tmp.words[0] = assoclen * 8;
+       tmp.words[1] = cryptlen * 8;
        tmp.words[2] = 0;
        tmp.words[3] = 0;
 

diff --git a/crypto/morus640.c b/crypto/morus640.c
index 5eede3749e646b425614aa86de9143c82545fcc6..6ccb901934c30ce4c66f6b34c6835c971f4898c2 100644 (file)
--- a/crypto/morus640.c
+++ b/crypto/morus640.c
@@ -384,21 +384,13 @@ static void crypto_morus640_final(struct morus640_state *state,
                                  struct morus640_block *tag_xor,
                                  u64 assoclen, u64 cryptlen)
 {
-       u64 assocbits = assoclen * 8;
-       u64 cryptbits = cryptlen * 8;
-
-       u32 assocbits_lo = (u32)assocbits;
-       u32 assocbits_hi = (u32)(assocbits >> 32);
-       u32 cryptbits_lo = (u32)cryptbits;
-       u32 cryptbits_hi = (u32)(cryptbits >> 32);
-
        struct morus640_block tmp;
        unsigned int i;
 
-       tmp.words[0] = cpu_to_le32(assocbits_lo);
-       tmp.words[1] = cpu_to_le32(assocbits_hi);
-       tmp.words[2] = cpu_to_le32(cryptbits_lo);
-       tmp.words[3] = cpu_to_le32(cryptbits_hi);
+       tmp.words[0] = lower_32_bits(assoclen * 8);
+       tmp.words[1] = upper_32_bits(assoclen * 8);
+       tmp.words[2] = lower_32_bits(cryptlen * 8);
+       tmp.words[3] = upper_32_bits(cryptlen * 8);
 
        for (i = 0; i < MORUS_BLOCK_WORDS; i++)
                state->s[4].words[i] ^= state->s[0].words[i];