Page MenuHome GnuPG
Create Task
Maniphest T7167

The libgcrypt 1.11.0 tests fail on s390x
Closed, ResolvedPublic
Actions

Description

I tried to update libgcrypt to 1.11 in Fedora, but we got some failures on s390 architecture:

computed: a0 12 f9 83 af cb 5e 36 37 4e 5f db a8 e7 5e 5d 08 d3 a6 fe 7a a7 f0 9d ed e0 12 3b 90 4e 55 f6 
expected: c1 c3 69 25 b6 40 9a 04 f1 b5 04 fc bc a9 d8 2b 40 17 27 7c b5 ed 2b 20 65 fc 1d 38 14 d5 aa f5 
computed: a0 12 f9 83 af cb 5e 36 37 4e 5f db a8 e7 5e 5d 08 d3 a6 fe 7a a7 f0 9d ed e0 12 3b 90 4e 55 f6 
expected: c1 c3 69 25 b6 40 9a 04 f1 b5 04 fc bc a9 d8 2b 40 17 27 7c b5 ed 2b 20 65 fc 1d 38 14 d5 aa f5 
computed: 85 dc 9c ca a6 6f ab fb 94 17 cd 64 2d 53 ff b7 f2 30 ed 70 87 5c 69 e1 79 ab 72 1d 78 95 c7 e5 
expected: c5 22 1d 50 e4 f8 22 d9 6a 2e 88 81 a9 61 42 0f 29 4b 7b 24 fe 3d 20 94 ba ed 2c 65 24 cc 16 6b 
computed: 85 dc 9c ca a6 6f ab fb 94 17 cd 64 2d 53 ff b7 f2 30 ed 70 87 5c 69 e1 79 ab 72 1d 78 95 c7 e5 
expected: c5 22 1d 50 e4 f8 22 d9 6a 2e 88 81 a9 61 42 0f 29 4b 7b 24 fe 3d 20 94 ba ed 2c 65 24 cc 16 6b 
computed: 33 dc 74 56 44 a8 0e 6b de 40 80 75 86 b4 86 4c 6c af d7 81 4e 7e bc a7 55 7a 48 ab c8 09 ba ba 1d a2 bc 5f ca 0b f7 9f ba b7 01 4a f2 1f 80 7b 7a a6 cd 0a c0 52 6c 1c 60 a0 6b f7 a8 3a 07 4c 
expected: d0 08 82 8e 2b 80 ac 9d 22 18 ff ee 1d 07 0c 48 b8 e4 c8 7b ff 32 c9 69 9d 5b 68 96 ee e0 ed d1 64 02 0e 2b e0 56 08 58 d9 c0 0c 03 7e 34 a9 69 37 c5 61 a7 4c 41 2b b4 c7 46 46 95 27 28 1c 8c 
computed: 33 dc 74 56 44 a8 0e 6b de 40 80 75 86 b4 86 4c 6c af d7 81 4e 7e bc a7 55 7a 48 ab c8 09 ba ba 1d a2 bc 5f ca 0b f7 9f ba b7 01 4a f2 1f 80 7b 7a a6 cd 0a c0 52 6c 1c 60 a0 6b f7 a8 3a 07 4c 
expected: d0 08 82 8e 2b 80 ac 9d 22 18 ff ee 1d 07 0c 48 b8 e4 c8 7b ff 32 c9 69 9d 5b 68 96 ee e0 ed d1 64 02 0e 2b e0 56 08 58 d9 c0 0c 03 7e 34 a9 69 37 c5 61 a7 4c 41 2b b4 c7 46 46 95 27 28 1c 8c 
computed: a3 14 9a 0a 85 d1 f3 41 94 04 ba 8f cf a8 1a 27 b0 02 ae cc 93 4b 8b 3c d3 bf 79 de 22 63 33 51 38 8b f5 ba a6 74 52 d5 b3 56 f4 38 df 6f dc 4e 44 5c c7 cb a7 5e 5b 3d 86 bd 1f 97 ac 4f 8c 1a 
expected: 07 dc 27 b1 1e 51 fb ac 75 bc 7b 3c 1d 98 3e 8b 4b 85 fb 1d ef af 21 89 12 ac 86 43 02 73 09 17 27 f4 2b 17 ed 1d f6 3e 8e c1 18 f0 4b 23 63 3c 1d fb 15 74 c8 fb 55 cb 45 da 8e 25 af b0 92 bb 
computed: a3 14 9a 0a 85 d1 f3 41 94 04 ba 8f cf a8 1a 27 b0 02 ae cc 93 4b 8b 3c d3 bf 79 de 22 63 33 51 38 8b f5 ba a6 74 52 d5 b3 56 f4 38 df 6f dc 4e 44 5c c7 cb a7 5e 5b 3d 86 bd 1f 97 ac 4f 8c 1a 
expected: 07 dc 27 b1 1e 51 fb ac 75 bc 7b 3c 1d 98 3e 8b 4b 85 fb 1d ef af 21 89 12 ac 86 43 02 73 09 17 27 f4 2b 17 ed 1d f6 3e 8e c1 18 f0 4b 23 63 3c 1d fb 15 74 c8 fb 55 cb 45 da 8e 25 af b0 92 bb 
basic: algo 329, digest mismatch
basic: check_one_md_multi: algo 329, digest mismatch
basic: algo 329, digest mismatch
basic: check_one_md_multi: algo 329, digest mismatch
basic: algo 330, digest mismatch
basic: check_one_md_multi: algo 330, digest mismatch
basic: algo 330, digest mismatch
basic: check_one_md_multi: algo 330, digest mismatch
FAIL: basic

All other architectures worked, as well as when the hw acceleration was disabled so I assume it is in the the s390x specific code. I am not familiar with that one so filling the output. Let me know if you will need some more information to investigate/troubleshoot this issue.

Details

External Link
https://bugzilla.redhat.com/show_bug.cgi?id=2293064
Version
1.11.0

Related Objects
Search...

StatusAssignedTask
 OpenNoneT7165 Release Libgcrypt 1.11.0
 ResolvedjukiviliT7167 The libgcrypt 1.11.0 tests fail on s390x

Event Timeline

Jakuje created this task.Wed, Jun 19, 2:36 PM
werner added a parent task: T7165: Release Libgcrypt 1.11.0.Wed, Jun 19, 10:31 PM
jukivili added a subscriber: jukivili.Thu, Jun 20, 6:06 AM

Algo 329 and 330 are the new CSHAKE128 and CSHAKE256 digest algos. Looks that s390x only support accelerating SHA3 and SHAKE, as only SHA3 and SHAKE suffix are supported (see keccak_final_s390x()). So s390x acceleration needs to be disabled for CSHAKE algos.

Biggest problem with s390x, I think, is that qemu/s390x does not have good support for s390x HW/crypto acceleration and therefore my nightly CI runs do not catch issues in most of the s390x accelerated implementations.

Jakuje added a comment.Thu, Jun 20, 9:43 AM

Thank you for having a look into that. If I see right, Fedora has a real s390 hardware for builders so I can verify the fix when available.

werner triaged this task as High priority.Thu, Jun 20, 12:21 PM
werner edited projects, added s390; removed libgcrypt.
jukivili added a comment.EditedThu, Jun 20, 7:12 PM

Here's fix candidate (edit, new try):

0001-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch1 KBDownload

Jakuje added a comment.Fri, Jun 21, 9:57 AM

Running scratch build on s390x: https://koji.fedoraproject.org/koji/taskinfo?taskID=119376728 with the proposed change. The failure is now:

Ohhhh jeeee: Assertion `ctx->suffix == 0x1F' failed (keccak.c:748:keccak_final_s390x)
FAIL: basic
jukivili added a comment.Fri, Jun 21, 10:46 AM

Just to make sure, did you use the updated version of the patch? I edited the message with fix candidate and changed the attachment.

From 2486d9b5ae015c1786cb84466a751da4bc0d7122 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Thu, 20 Jun 2024 20:10:09 +0300
Subject: [PATCH] Disable SHA3 s390x acceleration for CSHAKE

* cipher/keccak.c (keccak_final_s390x): Add assert check for
expected SHAKE suffix.
(_gcry_cshake_customize, cshake_hash_buffers): Disable s390x
acceleration when selecting CSHAKE suffix.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
 cipher/keccak.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/cipher/keccak.c b/cipher/keccak.c
index aaf83a62..44cc9f71 100644
--- a/cipher/keccak.c
+++ b/cipher/keccak.c
@@ -745,6 +745,8 @@ keccak_final_s390x (void *context)
     }
   else
     {
+      gcry_assert(ctx->suffix == SHAKE_DELIMITED_SUFFIX);
+
       klmd_shake_execute (ctx->kimd_func, &ctx->state, NULL, 0, ctx->buf,
 			  ctx->count);
       ctx->count = 0;
@@ -1497,9 +1499,14 @@ _gcry_cshake_customize (void *context, struct gcry_cshake_customization *p)
     /* No customization */
     return 0;
 
+  ctx->suffix = CSHAKE_DELIMITED_SUFFIX;
+#ifdef USE_S390X_CRYPTO
+  /* CSHAKE suffix is not supported by s390x/kimd. */
+  ctx->kimd_func = 0;
+#endif
+
   len_written = cshake_input_n (ctx, p->n, p->n_len);
   cshake_input_s (ctx, p->s, p->s_len, len_written);
-  ctx->suffix = CSHAKE_DELIMITED_SUFFIX;
   return 0;
 }
 
@@ -1536,9 +1543,14 @@ cshake_hash_buffers (const gcry_md_spec_t *spec, void *outbuf, size_t nbytes,
           size_t s_len = iov[1].len;
           size_t len;
 
+          ctx.suffix = CSHAKE_DELIMITED_SUFFIX;
+#ifdef USE_S390X_CRYPTO
+          /* CSHAKE suffix is not supported by s390x/kimd. */
+          ctx.kimd_func = 0;
+#endif
+
           len = cshake_input_n (&ctx, n, n_len);
           cshake_input_s (&ctx, s, s_len, len);
-          ctx.suffix = CSHAKE_DELIMITED_SUFFIX;
         }
       iovcnt -= 2;
       iov += 2;
-- 
2.43.0
Jakuje added a comment.Fri, Jun 21, 11:34 AM

Oh, I did not notice the change as I clicked to the patch from mail notification. Trying now with the updated one:

https://koji.fedoraproject.org/koji/taskinfo?taskID=119379900

This change worked ok.

werner added a project: libgcrypt.Fri, Jun 21, 1:24 PM
jukivili added a comment.Sat, Jun 22, 2:35 PM

Thanks for testing. I pushed this fix to libgcrypt master.

jukivili closed this task as Resolved.Sun, Jun 23, 4:39 PM
jukivili claimed this task.