[PATCH] arm64/crypto: fix and improve GHASH secure hash implementation
Ard Biesheuvel
ard.biesheuvel at linaro.org
Thu Jun 12 07:54:00 PDT 2014
On 12 June 2014 16:48, Catalin Marinas <catalin.marinas at arm.com> wrote:
> On Thu, Jun 12, 2014 at 03:43:07PM +0100, Ard Biesheuvel wrote:
>> This fixes a bug in the arm64 GHASH implementation, and switches to a faster,
>> polynomial multiplication based reduction instead of one that uses
>> shifts and rotates.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel at linaro.org>
>> ---
>>
>> This is a bug fix and a performance optimization in a single patch.
>
> Thanks. I'll push it after -rc1.
>
>> As the code has never worked correctly and was merged just a couple of
>> days ago,
>
> IIRC you said you tested the crypto patches.
>
Yes, I did. Unfortunately [as I found out today] the built-in test
suite for GHASH consists of a single test vector, which happens to
pass with the old code. I will be submitting a patch to linux-crypto
shortly to add more test vectors that would have caught this
particular bug.
--
Ard.
More information about the linux-arm-kernel
mailing list