Home Home > GIT Browse > SLE12-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-07-16 14:46:35 +0200
committerTakashi Iwai <tiwai@suse.de>2019-07-16 14:47:19 +0200
commit8b2ef33e42040d205747263c1c1ab27bf9b2adb7 (patch)
tree9abf5b51246494c302b38507b7144202355a6625
parent0f51f7d5943d8d0d7b06cead8ea840b0bb8dd9b7 (diff)
crypto: ghash - fix unaligned memory access in ghash_setkey()
(bsc#1051510).
-rw-r--r--patches.fixes/crypto-ghash-fix-unaligned-memory-access-in-ghash_se.patch61
-rw-r--r--series.conf1
2 files changed, 62 insertions, 0 deletions
diff --git a/patches.fixes/crypto-ghash-fix-unaligned-memory-access-in-ghash_se.patch b/patches.fixes/crypto-ghash-fix-unaligned-memory-access-in-ghash_se.patch
new file mode 100644
index 0000000000..b7c17315be
--- /dev/null
+++ b/patches.fixes/crypto-ghash-fix-unaligned-memory-access-in-ghash_se.patch
@@ -0,0 +1,61 @@
+From 5c6bc4dfa515738149998bb0db2481a4fdead979 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 30 May 2019 10:50:39 -0700
+Subject: [PATCH] crypto: ghash - fix unaligned memory access in ghash_setkey()
+Git-commit: 5c6bc4dfa515738149998bb0db2481a4fdead979
+Patch-mainline: v5.3-rc1
+References: bsc#1051510
+
+Changing ghash_mod_init() to be subsys_initcall made it start running
+before the alignment fault handler has been installed on ARM. In kernel
+builds where the keys in the ghash test vectors happened to be
+misaligned in the kernel image, this exposed the longstanding bug that
+ghash_setkey() is incorrectly casting the key buffer (which can have any
+alignment) to be128 for passing to gf128mul_init_4k_lle().
+
+Fix this by memcpy()ing the key to a temporary buffer.
+
+Don't fix it by setting an alignmask on the algorithm instead because
+that would unnecessarily force alignment of the data too.
+
+Fixes: 2cdc6899a88e ("crypto: ghash - Add GHASH digest algorithm for GCM")
+Reported-by: Peter Robinson <pbrobinson@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Tested-by: Peter Robinson <pbrobinson@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ crypto/ghash-generic.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
+index e6307935413c..c8a347798eae 100644
+--- a/crypto/ghash-generic.c
++++ b/crypto/ghash-generic.c
+@@ -34,6 +34,7 @@ static int ghash_setkey(struct crypto_shash *tfm,
+ const u8 *key, unsigned int keylen)
+ {
+ struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
++ be128 k;
+
+ if (keylen != GHASH_BLOCK_SIZE) {
+ crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+@@ -42,7 +43,12 @@ static int ghash_setkey(struct crypto_shash *tfm,
+
+ if (ctx->gf128)
+ gf128mul_free_4k(ctx->gf128);
+- ctx->gf128 = gf128mul_init_4k_lle((be128 *)key);
++
++ BUILD_BUG_ON(sizeof(k) != GHASH_BLOCK_SIZE);
++ memcpy(&k, key, GHASH_BLOCK_SIZE); /* avoid violating alignment rules */
++ ctx->gf128 = gf128mul_init_4k_lle(&k);
++ memzero_explicit(&k, GHASH_BLOCK_SIZE);
++
+ if (!ctx->gf128)
+ return -ENOMEM;
+
+--
+2.16.4
+
diff --git a/series.conf b/series.conf
index a9abfc8443..100a9b7bc5 100644
--- a/series.conf
+++ b/series.conf
@@ -22824,6 +22824,7 @@
patches.fixes/crypto-talitos-Align-SEC1-accesses-to-32-bits-bounda.patch
patches.fixes/crypto-arm64-sha1-ce-correct-digest-for-empty-data-i.patch
patches.fixes/crypto-arm64-sha2-ce-correct-digest-for-empty-data-i.patch
+ patches.fixes/crypto-ghash-fix-unaligned-memory-access-in-ghash_se.patch
patches.fixes/lib-scatterlist-Fix-mapping-iterator-when-sg-offset-.patch
patches.drivers/pwm-stm32-Use-3-cells-of_xlate.patch
patches.drivers/gpio-omap-fix-lack-of-irqstatus_raw0-for-OMAP4.patch