143 lines
6.5 KiB
Diff
143 lines
6.5 KiB
Diff
From patchwork Thu May 30 17:50:39 2019
|
|
Content-Type: text/plain; charset="utf-8"
|
|
MIME-Version: 1.0
|
|
Content-Transfer-Encoding: 7bit
|
|
X-Patchwork-Submitter: Eric Biggers <ebiggers@kernel.org>
|
|
X-Patchwork-Id: 10969147
|
|
Return-Path:
|
|
<linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
|
|
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
|
|
[172.30.200.125])
|
|
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 39D0814C0
|
|
for <patchwork-linux-arm@patchwork.kernel.org>;
|
|
Thu, 30 May 2019 17:51:56 +0000 (UTC)
|
|
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
|
|
by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 28A9728C00
|
|
for <patchwork-linux-arm@patchwork.kernel.org>;
|
|
Thu, 30 May 2019 17:51:56 +0000 (UTC)
|
|
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
|
|
id 1C78028C0A; Thu, 30 May 2019 17:51:56 +0000 (UTC)
|
|
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
|
|
pdx-wl-mail.web.codeaurora.org
|
|
X-Spam-Level:
|
|
X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED,
|
|
DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
|
|
Received: from bombadil.infradead.org (bombadil.infradead.org
|
|
[198.137.202.133])
|
|
(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
|
|
(No client certificate requested)
|
|
by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B197628C0C
|
|
for <patchwork-linux-arm@patchwork.kernel.org>;
|
|
Thu, 30 May 2019 17:51:55 +0000 (UTC)
|
|
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
|
|
d=lists.infradead.org; s=bombadil.20170209; h=Sender:
|
|
Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
|
|
List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To
|
|
:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
|
|
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
|
|
List-Owner; bh=CNSxoFvnqNOKLw5IF2bRVNsbx0OBmDMrD3iLmG0w6/0=; b=Ut1/1rp209fwMB
|
|
BGNwLQoUhOy0VzSHRlu9bynYddVY64Hme75tVBdecGOwpejga50uQ/qqonHcT3zY9UNHPxqnWJkCc
|
|
+cCFO73krVE6DPfSoeSSgYyEFxj1vKbrqvaZEmJMf63dXY+kDQQUFaKrXemNEwe1w4IGhfvH0kdPX
|
|
P5qiWS+vtPES3xiX9Ib4CoHYfZK1PK15mpoa3UdxsDUDCbWh0JB6PDhA8Z4hyKk05QDdHyeZ0IW/m
|
|
Y+xI4v4HT4nNquQDAZ6pcvD5eo3z+F7JrIWxliKzK4tpbnuufutuh1uEgZE8xkY4nKNPN8oefkcuK
|
|
ItWkVJ8LzibR3g7ToZcg==;
|
|
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
|
|
by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
|
|
id 1hWPDQ-0000dL-32; Thu, 30 May 2019 17:51:48 +0000
|
|
Received: from mail.kernel.org ([198.145.29.99])
|
|
by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux))
|
|
id 1hWPDN-0000d1-N0
|
|
for linux-arm-kernel@lists.infradead.org; Thu, 30 May 2019 17:51:46 +0000
|
|
Received: from ebiggers-linuxstation.mtv.corp.google.com (unknown
|
|
[104.132.1.77])
|
|
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
|
|
(No client certificate requested)
|
|
by mail.kernel.org (Postfix) with ESMTPSA id 298D925EBD;
|
|
Thu, 30 May 2019 17:51:45 +0000 (UTC)
|
|
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
|
|
s=default; t=1559238705;
|
|
bh=i3XOSxLt0gd25Lvgu66PwiGPL7WdnuFqSIPbfSPRNvs=;
|
|
h=From:To:Cc:Subject:Date:From;
|
|
b=rdLpfIoVgc/waPa/9jjiNG++x8Ie13iqFnrqFxGMBVvq5z5bOtk5kqjgmoUd9EqNh
|
|
xaTAvep02q+Ww1Bxy9imO7Z98/KYj5jqMwhBXRwW10U8QdMwnmPyXc4nz19bRSP2XJ
|
|
Xaix7O+I2Qi5LiV+n1IAEWeN19gjYBYLSopFY8Cw=
|
|
From: Eric Biggers <ebiggers@kernel.org>
|
|
To: linux-crypto@vger.kernel.org
|
|
Subject: [PATCH] crypto: ghash - fix unaligned memory access in ghash_setkey()
|
|
Date: Thu, 30 May 2019 10:50:39 -0700
|
|
Message-Id: <20190530175039.195574-1-ebiggers@kernel.org>
|
|
X-Mailer: git-send-email 2.22.0.rc1.257.g3120a18244-goog
|
|
MIME-Version: 1.0
|
|
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
|
|
X-CRM114-CacheID: sfid-20190530_105145_765710_080A4ED4
|
|
X-CRM114-Status: GOOD ( 12.92 )
|
|
X-BeenThere: linux-arm-kernel@lists.infradead.org
|
|
X-Mailman-Version: 2.1.21
|
|
Precedence: list
|
|
List-Id: <linux-arm-kernel.lists.infradead.org>
|
|
List-Unsubscribe:
|
|
<http://lists.infradead.org/mailman/options/linux-arm-kernel>,
|
|
<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
|
|
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
|
|
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
|
|
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
|
|
List-Subscribe:
|
|
<http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
|
|
<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
|
|
Cc: stable@vger.kernel.org, Peter Robinson <pbrobinson@gmail.com>,
|
|
linux-arm-kernel@lists.infradead.org
|
|
Content-Type: text/plain; charset="us-ascii"
|
|
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
|
|
Errors-To:
|
|
linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
|
|
X-Virus-Scanned: ClamAV using ClamSMTP
|
|
|
|
From: Eric Biggers <ebiggers@google.com>
|
|
|
|
Changing ghash_mod_init() to be subsys_initcall made it start running
|
|
before the alignment fault handler has been installed on ARM. In kernel
|
|
builds where the keys in the ghash test vectors happened to be
|
|
misaligned in the kernel image, this exposed the longstanding bug that
|
|
ghash_setkey() is incorrectly casting the key buffer (which can have any
|
|
alignment) to be128 for passing to gf128mul_init_4k_lle().
|
|
|
|
Fix this by memcpy()ing the key to a temporary buffer.
|
|
|
|
Don't fix it by setting an alignmask on the algorithm instead because
|
|
that would unnecessarily force alignment of the data too.
|
|
|
|
Fixes: 2cdc6899a88e ("crypto: ghash - Add GHASH digest algorithm for GCM")
|
|
Reported-by: Peter Robinson <pbrobinson@gmail.com>
|
|
Cc: stable@vger.kernel.org
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
---
|
|
crypto/ghash-generic.c | 8 +++++++-
|
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
|
|
index e6307935413c1..c8a347798eae6 100644
|
|
--- a/crypto/ghash-generic.c
|
|
+++ b/crypto/ghash-generic.c
|
|
@@ -34,6 +34,7 @@ static int ghash_setkey(struct crypto_shash *tfm,
|
|
const u8 *key, unsigned int keylen)
|
|
{
|
|
struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
|
|
+ be128 k;
|
|
|
|
if (keylen != GHASH_BLOCK_SIZE) {
|
|
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
|
@@ -42,7 +43,12 @@ static int ghash_setkey(struct crypto_shash *tfm,
|
|
|
|
if (ctx->gf128)
|
|
gf128mul_free_4k(ctx->gf128);
|
|
- ctx->gf128 = gf128mul_init_4k_lle((be128 *)key);
|
|
+
|
|
+ BUILD_BUG_ON(sizeof(k) != GHASH_BLOCK_SIZE);
|
|
+ memcpy(&k, key, GHASH_BLOCK_SIZE); /* avoid violating alignment rules */
|
|
+ ctx->gf128 = gf128mul_init_4k_lle(&k);
|
|
+ memzero_explicit(&k, GHASH_BLOCK_SIZE);
|
|
+
|
|
if (!ctx->gf128)
|
|
return -ENOMEM;
|
|
|