Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp11532809pxu; Thu, 31 Dec 2020 12:12:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJxlPhfE+9EVZHX7F9QZBy2kn4aWIfj35vDZi84OjlSfHI9XOIZElNgJXaSN/Bxnpfke3LhP X-Received: by 2002:a17:906:b309:: with SMTP id n9mr54650105ejz.365.1609445525342; Thu, 31 Dec 2020 12:12:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609445525; cv=none; d=google.com; s=arc-20160816; b=bqdDRwBZ3GoZJEFQjBQqBpqQOVlc9eXXPOYhI78YUF6iTDKcOkZ+vp6gGGdJ/MR1ZY DVOOzPlTzoicBUaZ5UDIEPQDZURL/gutHoWIyV+jYx1pRuNIrQ2O/076nhBNG4GOV3kx 6iqBBpPvm7jHF4yA/CHbWXT13GKyN4Vtu5D9rjOXFZo8klaMCO7ltwgbKgdEAztOpgBT fPO01gnz1/PFrSoBmDG856B0IgwzGsVljXiEoVhY4CiSOCiCN3zuS7c55NV/2SFWuAKZ /ATuOBrCT+gE8eSNnWMFjncj/YW5VmWDCUDl94I+WCUKWC+WQ7f8miYOV2/kyrV4WDTr zTkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=oLh1ITYT5my/uodLW1EiD3kV4hnFCz5g8dzsA8BzVSQ=; b=IjTQRz0LnsdMTDXjaxZKxAI9P5wny/3Z23bO/I56nhxdqwhZC5fQCJvOu7cm5mTwiq Q2H1LTIwzMk7CpE+yGmOfVXwTb8lvxcqqP3CIleQu9Nd4BGiyZzfeSJS0PpbC9m93R6b 7qRl/WftVe16v91iHX852bMWfl6D6pLUbhlHDJHi0u7QrJXYK2LcdRFqi0ft7ZctWsQ5 WurIjzyZVjFWqJmgGYIJzAgfVByjOt7vzpiuZ9gunxi+PJMh9PTwddEmxKR6Dm/AkbOv cx4QnU5QC4msTHxR2MAFQ/0QsqS2vg0pGuHzR7S+zPLRERKbk2UkksIkH61EjecbPkMF 9hDA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z23si25375232edx.444.2020.12.31.12.11.43; Thu, 31 Dec 2020 12:12:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726743AbgLaUJ6 (ORCPT + 99 others); Thu, 31 Dec 2020 15:09:58 -0500 Received: from jabberwock.ucw.cz ([46.255.230.98]:56548 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726423AbgLaUJ5 (ORCPT ); Thu, 31 Dec 2020 15:09:57 -0500 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id A1CF51C0B79; Thu, 31 Dec 2020 21:09:14 +0100 (CET) Date: Thu, 31 Dec 2020 21:09:13 +0100 From: Pavel Machek To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Ard Biesheuvel , Herbert Xu Subject: Re: [PATCH 4.19 287/346] crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() Message-ID: <20201231200913.GA32313@amd> References: <20201228124919.745526410@linuxfoundation.org> <20201228124933.649086790@linuxfoundation.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="u3/rZRmxL6MmkK24" Content-Disposition: inline In-Reply-To: <20201228124933.649086790@linuxfoundation.org> User-Agent: Mutt/1.5.23 (2014-03-12) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --u3/rZRmxL6MmkK24 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > ecdh_set_secret() casts a void* pointer to a const u64* in order to > feed it into ecc_is_key_valid(). This is not generally permitted by > the C standard, and leads to actual misalignment faults on ARMv6 > cores. In some cases, these are fixed up in software, but this still > leads to performance hits that are entirely avoidable. >=20 > So let's copy the key into the ctx buffer first, which we will do > anyway in the common case, and which guarantees correct alignment. Fair enough... but: params.key_size is validated in ecc_is_key_valid(), and that now happens _after_ memcpy. How is it guaranteed that we don't overflow the buffer during memcpy? > +++ b/crypto/ecdh.c > @@ -57,12 +57,13 @@ static int ecdh_set_secret(struct crypto > return ecc_gen_privkey(ctx->curve_id, ctx->ndigits, > ctx->private_key); > =20 > - if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, > - (const u64 *)params.key, params.key_size) < 0) > - return -EINVAL; > - > memcpy(ctx->private_key, params.key, params.key_size); > =20 > + if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, > + ctx->private_key, params.key_size) < 0) { > + memzero_explicit(ctx->private_key, params.key_size); > + return -EINVAL; > + } > return 0; Best regards, Pavel --=20 DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany --u3/rZRmxL6MmkK24 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAl/uL+kACgkQMOfwapXb+vL/zgCfV9frB8aOKtDBX6hBaRHumNTR sMoAn0AMBIwfvbTX3PKLzZAL8rhBosyQ =X5PK -----END PGP SIGNATURE----- --u3/rZRmxL6MmkK24--