On Thu, Jun 26, 2025 at 03:54:58PM +0200, Ingo Franzki wrote:
> Hi Eric, Herbert,
>
> There is a Syzbot finding in arch/s390/crypto/sha_common.c.
> Yes that's s390 specific code, but I guess its due to the recent changes in the digest code....
>
> Seems that field first_message_part (bool) of struct s390_sha_ctx has an invalid value when s390_sha_update_blocks() gets called.
> No idea why it could have an invalid value, I only see it being set to 0 or 1. Maybe ctx is pointing to an entirely wrong context in that call chain (bad pointer)?
>
> Does this ring a bell for you?
>
> Status: reporting: reported C repro on 2025/06/09 15:22
> Reported-by: syzbotz+cb049f03e0851197b31a@xxxxxxxxxxxxx
> First crash: 16d, last: now
This is an issue in hmac_s390_sha512, which I haven't touched. I see there were
recent changes to it, though:
commit 89490e6b80c53bf7783fe183a2fda8d0944f52d2
Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Tue Apr 29 16:49:32 2025 +0800
crypto: s390/hmac - Extend hash length counters to 128 bits
commit 08811169ac016a234765e23deb45a5c8dd8aee6b
Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Fri May 2 17:00:43 2025 +0800
crypto: s390/hmac - Use API partial block handling
commit 1b39bc4a703a63a22c08232015540adfb31f22ba
Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Fri May 23 19:24:34 2025 +0800
crypto: s390/hmac - Fix counter in export state
- Eric
