Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9172544pxu; Mon, 28 Dec 2020 08:22:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJyJjbLWw9XpqaUfQUGhaV8au5hOFrQRnRPOghNaXO2B6KJvMqCP+eQY6tDZAKj8PD8xqTCb X-Received: by 2002:a17:906:660b:: with SMTP id b11mr31077615ejp.458.1609172552183; Mon, 28 Dec 2020 08:22:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609172552; cv=none; d=google.com; s=arc-20160816; b=sTasZ1qWp5/6o74MHfhiV/hSjM+jyfVZlQqok4CDtp7zkLaSuYsawyWAeJUWQ2gX70 7gm0Sj2RvRuiN5j48XQx2HX090RzkClECeTouDXJNvP8/miGHlyi+sdDBN7aSSeGQF3o W6drb7pA3cKI9p1mIptSm3561gGVf18gK0fTC9Dqxf8XpoIxntspBzv8Whq6GwLiMZHb hb384anibr9TP7TfVdyPLpxul6r14fQiWuKpuFD3veN2LcGASx6sHhPMWSjqk+ao/sJs m1ps7FZlM+7kdLv3zER5z5qQgfacRIJVYdzWTXqXgHAUEMC11i+IQmfpetugh0lzbBsy mp+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=wBdd75H5aDP113xl1FsTe5EDWIhJuYTNsnS8WIIGGzw=; b=l1a0iO2tqNSoFGkHm1SxAm+y5gyV5unSzpip0Cqslymjkm+dgQ+w4hrMsgvfoRkoJU CmclhTABPHYoskZZlCR5+9lKG7csCB8bm9WlSkbxIFFzX7VZcGT7JL86jsHs7JdaCgy2 CSt90xzrHq1vyF7sq+Kdkg6pBNzRSR4//bqNTB7Q4Mm2HAA8MBk7vGPxTa4HySbzLCw4 pw7f7o3uKKx/M/dvlfIZeTT/yyIOS2MVKDyVdCxnK9YhbMOiwNeVh2GEC3C32PSDVFbC x9iaO2oJYkXOf/7fRQzqOfGxpQnVNtRS/DtAuz9dvM9TxezIvhLfKXl7ACCveXELqZfs py8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="JM/dbOlT"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m10si18879609eja.453.2020.12.28.08.22.08; Mon, 28 Dec 2020 08:22:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="JM/dbOlT"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2440840AbgL1QRI (ORCPT + 99 others); Mon, 28 Dec 2020 11:17:08 -0500 Received: from mail.kernel.org ([198.145.29.99]:45428 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731506AbgL1NRK (ORCPT ); Mon, 28 Dec 2020 08:17:10 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 05FC620728; Mon, 28 Dec 2020 13:16:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609161389; bh=FDM1bQrrBwAJ8UlQWbpyLw1SCK+IuHp/9BB247poVos=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JM/dbOlTMHwhyxXct4wlS+gnbHK/W8bPpAlysuCSBl4B6jlDOVyoZZt5U0n7X2SJA UGhwgoRLjkFUHJHv1s3lLt4UMn5YnwZd+XsNEojIGXGbHosiR3K4ciqXKEXSudK13x WMz0bzL/S+QXmWvzR0Y8NBtlrcUHdTOeLY+8Cpd8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ard Biesheuvel , Herbert Xu Subject: [PATCH 4.14 197/242] crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() Date: Mon, 28 Dec 2020 13:50:02 +0100 Message-Id: <20201228124914.381056475@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228124904.654293249@linuxfoundation.org> References: <20201228124904.654293249@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ard Biesheuvel commit 17858b140bf49961b71d4e73f1c3ea9bc8e7dda0 upstream. ecdh_set_secret() casts a void* pointer to a const u64* in order to feed it into ecc_is_key_valid(). This is not generally permitted by the C standard, and leads to actual misalignment faults on ARMv6 cores. In some cases, these are fixed up in software, but this still leads to performance hits that are entirely avoidable. So let's copy the key into the ctx buffer first, which we will do anyway in the common case, and which guarantees correct alignment. Cc: Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/ecdh.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -57,12 +57,13 @@ static int ecdh_set_secret(struct crypto return ecc_gen_privkey(ctx->curve_id, ctx->ndigits, ctx->private_key); - if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, - (const u64 *)params.key, params.key_size) < 0) - return -EINVAL; - memcpy(ctx->private_key, params.key, params.key_size); + if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, + ctx->private_key, params.key_size) < 0) { + memzero_explicit(ctx->private_key, params.key_size); + return -EINVAL; + } return 0; }