crypto: s390/sha512 - Fix sha512 state size

The sha512 state size in s390_sha_ctx is out by a factor of 8,
fix it so that it stays below HASH_MAX_DESCSIZE.  Also fix the
state init function which was writing garbage to the state.  Luckily
this is not actually used for anything other than export.

Reported-by: Harald Freudenberger <freude@linux.ibm.com>
Fixes: 572b5c4682c7 ("crypto: s390/sha512 - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

2 files changed, 8 insertions, 8 deletions

diff --git a/arch/s390/crypto/sha.h b/arch/s390/crypto/sha.h
index 0a3cc1739144..d757ccbce2b4 100644
--- a/arch/s390/crypto/sha.h
+++ b/arch/s390/crypto/sha.h
@@ -24,7 +24,7 @@ struct s390_sha_ctx {
 	union {
 		u32 state[CPACF_MAX_PARMBLOCK_SIZE / sizeof(u32)];
 		struct {
-			u64 state[SHA512_DIGEST_SIZE];
+			u64 state[SHA512_DIGEST_SIZE / sizeof(u64)];
 			u64 count_hi;
 		} sha512;
 	};
diff --git a/arch/s390/crypto/sha512_s390.c b/arch/s390/crypto/sha512_s390.c
index 14818fcc9cd4..3c5175e6dda6 100644
--- a/arch/s390/crypto/sha512_s390.c
+++ b/arch/s390/crypto/sha512_s390.c
@@ -22,13 +22,13 @@ static int sha512_init(struct shash_desc *desc)
 	struct s390_sha_ctx *ctx = shash_desc_ctx(desc);
 
 	ctx->sha512.state[0] = SHA512_H0;
-	ctx->sha512.state[2] = SHA512_H1;
-	ctx->sha512.state[4] = SHA512_H2;
-	ctx->sha512.state[6] = SHA512_H3;
-	ctx->sha512.state[8] = SHA512_H4;
-	ctx->sha512.state[10] = SHA512_H5;
-	ctx->sha512.state[12] = SHA512_H6;
-	ctx->sha512.state[14] = SHA512_H7;
+	ctx->sha512.state[1] = SHA512_H1;
+	ctx->sha512.state[2] = SHA512_H2;
+	ctx->sha512.state[3] = SHA512_H3;
+	ctx->sha512.state[4] = SHA512_H4;
+	ctx->sha512.state[5] = SHA512_H5;
+	ctx->sha512.state[6] = SHA512_H6;
+	ctx->sha512.state[7] = SHA512_H7;
 	ctx->count = 0;
 	ctx->sha512.count_hi = 0;
 	ctx->func = CPACF_KIMD_SHA_512;