c4bb1af70e
commit 5c6bc4dfa515738149998bb0db2481a4fdead979 upstream.
Changing ghash_mod_init() to be subsys_initcall made it start running
before the alignment fault handler has been installed on ARM. In kernel
builds where the keys in the ghash test vectors happened to be
misaligned in the kernel image, this exposed the longstanding bug that
ghash_setkey() is incorrectly casting the key buffer (which can have any
alignment) to be128 for passing to gf128mul_init_4k_lle().
Fix this by memcpy()ing the key to a temporary buffer.
Don't fix it by setting an alignmask on the algorithm instead because
that would unnecessarily force alignment of the data too.
Fixes: 2cdc6899a88e ("crypto: ghash - Add GHASH digest algorithm for GCM")
Reported-by: Peter Robinson <pbrobinson@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|---|---|---|
| .. | ||
| asymmetric_keys | ||
| async_tx | ||
| 842.c | ||
| ablk_helper.c | ||
| ablkcipher.c | ||
| aead.c | ||
| aes_generic.c | ||
| af_alg.c | ||
| ahash.c | ||
| akcipher.c | ||
| algapi.c | ||
| algboss.c | ||
| algif_aead.c | ||
| algif_hash.c | ||
| algif_rng.c | ||
| algif_skcipher.c | ||
| ansi_cprng.c | ||
| anubis.c | ||
| api.c | ||
| arc4.c | ||
| authenc.c | ||
| authencesn.c | ||
| blkcipher.c | ||
| blowfish_common.c | ||
| blowfish_generic.c | ||
| camellia_generic.c | ||
| cast_common.c | ||
| cast5_generic.c | ||
| cast6_generic.c | ||
| cbc.c | ||
| ccm.c | ||
| chacha20_generic.c | ||
| chacha20poly1305.c | ||
| chainiv.c | ||
| cipher.c | ||
| cmac.c | ||
| compress.c | ||
| crc32.c | ||
| crc32c_generic.c | ||
| crct10dif_common.c | ||
| crct10dif_generic.c | ||
| cryptd.c | ||
| crypto_null.c | ||
| crypto_user.c | ||
| crypto_wq.c | ||
| ctr.c | ||
| cts.c | ||
| deflate.c | ||
| des_generic.c | ||
| drbg.c | ||
| ecb.c | ||
| echainiv.c | ||
| eseqiv.c | ||
| fcrypt.c | ||
| fips.c | ||
| gcm.c | ||
| gf128mul.c | ||
| ghash-generic.c | ||
| hash_info.c | ||
| heh.c | ||
| hmac.c | ||
| internal.h | ||
| jitterentropy-kcapi.c | ||
| jitterentropy.c | ||
| Kconfig | ||
| keywrap.c | ||
| khazad.c | ||
| lrw.c | ||
| lz4.c | ||
| lz4hc.c | ||
| lzo.c | ||
| Makefile | ||
| mcryptd.c | ||
| md4.c | ||
| md5.c | ||
| memneq.c | ||
| michael_mic.c | ||
| pcbc.c | ||
| pcompress.c | ||
| pcrypt.c | ||
| poly1305_generic.c | ||
| proc.c | ||
| ripemd.h | ||
| rmd128.c | ||
| rmd160.c | ||
| rmd256.c | ||
| rmd320.c | ||
| rng.c | ||
| rsa_helper.c | ||
| rsa.c | ||
| rsaprivkey.asn1 | ||
| rsapubkey.asn1 | ||
| salsa20_generic.c | ||
| scatterwalk.c | ||
| seed.c | ||
| seqiv.c | ||
| serpent_generic.c | ||
| sha1_generic.c | ||
| sha256_generic.c | ||
| sha512_generic.c | ||
| shash.c | ||
| skcipher.c | ||
| tcrypt.c | ||
| tcrypt.h | ||
| tea.c | ||
| testmgr.c | ||
| testmgr.h | ||
| tgr192.c | ||
| twofish_common.c | ||
| twofish_generic.c | ||
| vmac.c | ||
| wp512.c | ||
| xcbc.c | ||
| xor.c | ||
| xts.c | ||
| zlib.c | ||
| zstd.c | ||