Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9093695pxu; Mon, 28 Dec 2020 06:29:31 -0800 (PST) X-Google-Smtp-Source: ABdhPJyTNORwj4/ewoNLlmkZAGP+iP62NyiUiJU1rJBu/oFkR71YTN7lvn33raPsfLUeER1RBxiF X-Received: by 2002:a17:907:b09:: with SMTP id h9mr42604633ejl.155.1609165771071; Mon, 28 Dec 2020 06:29:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609165771; cv=none; d=google.com; s=arc-20160816; b=uJOp/BxG2UEwcIhRR+GsyE4GpcXZwq/A8CIEddgG3YmgII3NWF47Lg2xJ3ITR5Azrf sWZFWAYxspW/9aH21ybiTLF/Km1DZK9tuWnL0q0HFlXWFckFlAW5MRoLWBq3kiIvCWOx fQRoGltpGuZ95ip5rECsQ9dFkHwfytdmRrRvcOBHLJSlxFhb7efar9NjnUtQuG6VO4aQ s2zUXZfN3IgyxbfxupaF8pXXUQkiV2I1qTIblbLSWA5lJ6aSil1r7qGdrrs+lt3CjPwY 4Tp5SG9qs5k6iIvgGMz8uGLhlBT0gsVOWi8Sb9wh1ZlNeCyRLp7gNGlucOd0Swmw+3Lh FgTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=shywPJa+p1hGDKEb/KrrpN8cxlmbX2Y5A7Mfhfnxku4=; b=yWuz5il842EqmjxF7hDwsteHV6BmQ7ggusn9tlhv16wPiPmAT93awv+b6uXRcC7Is1 eMgg7BgPekV1j2QJmxTkxwx0h4ts+oVTFsHfeTbVOjj22t50NOSXGZgnqTSPB9ySppKR 4l9mCDk/hwH0TjtCwNEoVAXd0NqGIBei+7hUsLRAeK8kDQfhNRPNzSPRczVRczwIiP1b T5clrjFEJ722lnVC5WeHXDlOcT8Es7CphhT7ZqiFABd60D3V9flneR2UfyBC52F1cbU7 6jN7lyEFiR9/eIgo3Q670bjbRdwahOKMpzfaf1RBaonrWRjTY9UiVmQwyL7ztkdcisNV wI/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=GZupbiP3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cq5si20207739edb.200.2020.12.28.06.29.08; Mon, 28 Dec 2020 06:29:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=GZupbiP3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2503771AbgL1O0U (ORCPT + 99 others); Mon, 28 Dec 2020 09:26:20 -0500 Received: from mail.kernel.org ([198.145.29.99]:33542 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2503665AbgL1O0J (ORCPT ); Mon, 28 Dec 2020 09:26:09 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 462EB206D4; Mon, 28 Dec 2020 14:25:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609165553; bh=C4Xx29pfeW0Sm72GZwO45w63PsyaxlpmUCXJGWfKUyo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GZupbiP3v8ZkOUrtcT4ghOFNzH10Uncx1FhILM1LgPkq5EuLLf/NRjPRVSVreLE7d 5gqx79V/r/q1yd9urNuHxsNOWirPXEsD/UD2JDqv3yr7MyZYnfEf++f7kS84AYXiSl KnnxtoiyQz6myHUO9+qdMILBL04PWIwuJAbmgb1w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ard Biesheuvel , Herbert Xu Subject: [PATCH 5.10 571/717] crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() Date: Mon, 28 Dec 2020 13:49:29 +0100 Message-Id: <20201228125048.273238998@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228125020.963311703@linuxfoundation.org> References: <20201228125020.963311703@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ard Biesheuvel commit 17858b140bf49961b71d4e73f1c3ea9bc8e7dda0 upstream. ecdh_set_secret() casts a void* pointer to a const u64* in order to feed it into ecc_is_key_valid(). This is not generally permitted by the C standard, and leads to actual misalignment faults on ARMv6 cores. In some cases, these are fixed up in software, but this still leads to performance hits that are entirely avoidable. So let's copy the key into the ctx buffer first, which we will do anyway in the common case, and which guarantees correct alignment. Cc: Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/ecdh.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -53,12 +53,13 @@ static int ecdh_set_secret(struct crypto return ecc_gen_privkey(ctx->curve_id, ctx->ndigits, ctx->private_key); - if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, - (const u64 *)params.key, params.key_size) < 0) - return -EINVAL; - memcpy(ctx->private_key, params.key, params.key_size); + if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, + ctx->private_key, params.key_size) < 0) { + memzero_explicit(ctx->private_key, params.key_size); + return -EINVAL; + } return 0; }