Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9255840pxu; Mon, 28 Dec 2020 10:34:45 -0800 (PST) X-Google-Smtp-Source: ABdhPJwzshQVW3pwM4ak9UHQlg1cyMCVNCl+bo9MJhn759Sw+jQddvMKXxF2HNw3tABPyKtgbRSa X-Received: by 2002:aa7:c355:: with SMTP id j21mr42023988edr.338.1609180485142; Mon, 28 Dec 2020 10:34:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609180485; cv=none; d=google.com; s=arc-20160816; b=dl9VZ/CZ38KPkztD0lOAbdGjGxvK3FWPinFbgUIQu1+CWYHiyMQke5G1CryWcgDuOK FYFVVCeQqk359mCKosDyuIPrZaRiHN3ezMlwm2Iwdx7vAgwb8kcqcG9Rtku2QCwibIkN 2EugDeAXUZcuU0a9rEnLOBsvTcAvBbSBc3n+OFtneapsQz+oCVVMybZS0V1zbeLcKRu8 xcJBWnuroBj7MXQau/wbpuStMb2U1PI0eObIkTLUnycuDstiIPFWnDtj6b53MHdOtyHI /0YXiaVQcUMl/vDtjcCC7VTkC5ZS6d11XSxXxtZfLx0VtHCcJp38XebHU5t8jI4kMDNL EvOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=wBdd75H5aDP113xl1FsTe5EDWIhJuYTNsnS8WIIGGzw=; b=ScswfNYZx1dVw/cnXPtztdUxUc2atVlOxu2p0MZh/+XyYBFuzYj5+/LnFMsQUIcCMT uRmZDp+ZM4lq5tnCGduAy4rO04H4HQvXU4SAiKyNGCEcmcrdRiUrk3WvGIz4hGuZxHP+ cn/75KPdCCQlzAv/OL4ccE4OEqr0JtdHc7Ph70rAuWqwNVzleqqDeMQjIXq9h6RlsBB6 jijkl3h5W+3m0zsNH4OLMdtzSK4EOWlw3is9L6A54fSYxcP2z1GextLV6nfwrzV0KVZg U4HhFGuQqLqldPPdj9A59kyA65e1VqhJWHiDWPYd327N+ebXw27PhQG7mw00Tv6h+3D5 26ew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aZd6ubNB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z23si23185673edl.270.2020.12.28.10.34.23; Mon, 28 Dec 2020 10:34:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aZd6ubNB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389404AbgL1Nfl (ORCPT + 99 others); Mon, 28 Dec 2020 08:35:41 -0500 Received: from mail.kernel.org ([198.145.29.99]:35762 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389337AbgL1NfY (ORCPT ); Mon, 28 Dec 2020 08:35:24 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 5A7E8206ED; Mon, 28 Dec 2020 13:34:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609162483; bh=FDM1bQrrBwAJ8UlQWbpyLw1SCK+IuHp/9BB247poVos=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aZd6ubNB4yBbLJO74gQf7PTk+ioJ7TFh+Rz/v5O5KYA32m2eGgFNyz8SGMLZh2Vlu gnWZrDW9TSDMeukRrny+D0ZcsGNoZAAFF0hNQrns+JGXkqatjBmc27SAcMXz0cg+ET pUQ7HCHIv39mii/UERQhanO8B/kyI2B6mkpEOPN4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ard Biesheuvel , Herbert Xu Subject: [PATCH 4.19 287/346] crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() Date: Mon, 28 Dec 2020 13:50:06 +0100 Message-Id: <20201228124933.649086790@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228124919.745526410@linuxfoundation.org> References: <20201228124919.745526410@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ard Biesheuvel commit 17858b140bf49961b71d4e73f1c3ea9bc8e7dda0 upstream. ecdh_set_secret() casts a void* pointer to a const u64* in order to feed it into ecc_is_key_valid(). This is not generally permitted by the C standard, and leads to actual misalignment faults on ARMv6 cores. In some cases, these are fixed up in software, but this still leads to performance hits that are entirely avoidable. So let's copy the key into the ctx buffer first, which we will do anyway in the common case, and which guarantees correct alignment. Cc: Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/ecdh.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -57,12 +57,13 @@ static int ecdh_set_secret(struct crypto return ecc_gen_privkey(ctx->curve_id, ctx->ndigits, ctx->private_key); - if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, - (const u64 *)params.key, params.key_size) < 0) - return -EINVAL; - memcpy(ctx->private_key, params.key, params.key_size); + if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, + ctx->private_key, params.key_size) < 0) { + memzero_explicit(ctx->private_key, params.key_size); + return -EINVAL; + } return 0; }