From: Mian Yousaf Kaukab ykaukab@suse.de
[ Upstream commit 0469dede0eeeefe12a9a2fd76078f4a266513457 ]
ecdsa_set_pub_key() makes an u64 pointer at 1 byte offset of the key. This results in an unaligned u64 pointer. This pointer is passed to ecc_swap_digits() which assumes natural alignment.
This causes a kernel crash on an armv7 platform: [ 0.409022] Unhandled fault: alignment exception (0x001) at 0xc2a0a6a9 ... [ 0.416982] PC is at ecdsa_set_pub_key+0xdc/0x120 ... [ 0.491492] Backtrace: [ 0.492059] [<c07c266c>] (ecdsa_set_pub_key) from [<c07c75d4>] (test_akcipher_one+0xf4/0x6c0)
Handle unaligned input buffer in ecc_swap_digits() by replacing be64_to_cpu() to get_unaligned_be64(). Change type of in pointer to void to reflect it doesn’t necessarily need to be aligned.
Fixes: 4e6602916bc6 ("crypto: ecdsa - Add support for ECDSA signature verification") Reported-by: Guillaume Gardet guillaume.gardet@arm.com Suggested-by: Takashi Iwai tiwai@suse.de Signed-off-by: Mian Yousaf Kaukab ykaukab@suse.de Tested-by: Stefan Berger stefanb@linux.ibm.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Sasha Levin sashal@kernel.org --- crypto/ecc.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/crypto/ecc.h b/crypto/ecc.h index a006132646a4..1350e8eb6ac2 100644 --- a/crypto/ecc.h +++ b/crypto/ecc.h @@ -27,6 +27,7 @@ #define _CRYPTO_ECC_H
#include <crypto/ecc_curve.h> +#include <asm/unaligned.h>
/* One digit is u64 qword. */ #define ECC_CURVE_NIST_P192_DIGITS 3 @@ -46,13 +47,13 @@ * @out: Output array * @ndigits: Number of digits to copy */ -static inline void ecc_swap_digits(const u64 *in, u64 *out, unsigned int ndigits) +static inline void ecc_swap_digits(const void *in, u64 *out, unsigned int ndigits) { const __be64 *src = (__force __be64 *)in; int i;
for (i = 0; i < ndigits; i++) - out[i] = be64_to_cpu(src[ndigits - 1 - i]); + out[i] = get_unaligned_be64(&src[ndigits - 1 - i]); }
/**