From patchwork Wed Oct 23 09:50:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 177252 Delivered-To: patch@linaro.org Received: by 2002:a92:409a:0:0:0:0:0 with SMTP id d26csp478774ill; Wed, 23 Oct 2019 02:50:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqw9iuOMNj63EfyyKBHoMLIRY9CdY0S51LDVzsSUZy5dqQBH2qB8A3rzWCUMSwRCRoYdNLNH X-Received: by 2002:a05:6402:21d3:: with SMTP id bi19mr13234871edb.104.1571824256704; Wed, 23 Oct 2019 02:50:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571824256; cv=none; d=google.com; s=arc-20160816; b=jVAGlpGrzMorm4Sifer+69OT/2ztHLLJo2Nh+rEuAdltBVryFQqUwJGe9Gm1nHTC9B aZNj4KjDp7o0bq1rzJOpnubdNpmLQi5MTsWAQh+8zoZWZVhecMcgjmbZVTbuYCRmoe1q af1FZn3Yup/ASHxGONwRs92VOY6YxB12GT7g+OLiVc9vIjVd2MI8SoWCbHkhBleW4NSF 32vUO8B6QC9BQ20x5bPpoZRB3knA7uy2mi1CMGZ2BOgU2GNCqbpESK9mPpmNHMY/HZvX mZlvHtIuwOzVoWIg+IC7jWUwT7SroIMIir8RNYLlryud1Ipx/ng+NDTuiNGfMS3owGrZ oDWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Y7euiEZ5qUmJ55MIvkbOZJ6qG1qEsIMRuwcRG14O88Q=; b=l4qxmJE8EgBDo8SoMkX99zX/VWWt+UkeNHzf7bUyN4AgfYQi54qdaRtQpdrtejLnaC yVP1ZBmEjxC+CH72jiws4EIAgxxXftq04235wvfvmZxR2IuY5IhJ0YjWVOEcr2Y4IaKt R66HH1e5p+vBkBJkaAclpKwumL7PaPAhx/8MydDn1o1yOQ9Wk2kXuJ72ZigyFFsjYdE5 mFLzQV+vZvf/ABn86oOILb7y0jVl7JtOf9aZ20ox20Pfg9y0xYxiUxtK4Z0k55c1Kv2C fOz+WxdMzt+51fH+1FkmR1Ltffy6IjBfL75UPdwKDl6lHMh+RmlbPdmo7un/SzJwVJ5R 54qw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Vq7MMsft; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g10si12157274ejc.424.2019.10.23.02.50.54; Wed, 23 Oct 2019 02:50:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Vq7MMsft; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2403799AbfJWJux (ORCPT + 3 others); Wed, 23 Oct 2019 05:50:53 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:35155 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732648AbfJWJux (ORCPT ); Wed, 23 Oct 2019 05:50:53 -0400 Received: by mail-wm1-f65.google.com with SMTP id v6so1991235wmj.0 for ; Wed, 23 Oct 2019 02:50:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Y7euiEZ5qUmJ55MIvkbOZJ6qG1qEsIMRuwcRG14O88Q=; b=Vq7MMsftXZPZcu6f0FCqIG58dK+T69VoF/4ymFEIX9B8PDqXERzUvoxmvRAf63qQBt sxG14zcyYlY9GebYQYGudQeosRTeTEEZjeSRT9ksGLgMm8OD4kzbbChTOdCogqkVdc+M gYLDTzHBKfng7Mr5njK+l23btPTZIsC3iqnKW7ZBMFtkosEbPPjaZ0LT0ZwIqOFlUGGx syI5xOTQvo9iusLYy5yszLv3Inq4jAsgwsQbvfprrZ7HffiF/4y/RFydIUjLeXU46YI8 4fJHCUEAQtUbg4WcFsiua3rXkelNFDqFNLLWd1DnQVSMdREz/OapFdES2mEw47hjSHit PHfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Y7euiEZ5qUmJ55MIvkbOZJ6qG1qEsIMRuwcRG14O88Q=; b=j36hGK0ZKfdwXE/Tvb1JhN0xp1h42uOgeVbAdYHA6Dou9mliAHNkETbICtiSYvy2Qx WINEZGeq8yY/T15B0RDKH0b/rd3mwraR/lPckDWLSYjq+pbO0bRhwThFRaQVEyh4bCu6 Fr6/u9kHyj29r5de2xr7NsabDzwkrn3UdiGyp3kXrHRprli9aSep7lHiBSiDWfZRbxGz TD0xPfbZWE2rVHkEp2WwuW7Dd9d/C8gMJbugM2OoK2s8IPrnzAx08eCZ8b7hV5b2XDsS yqPItAMAYYpVxdvu2h/ptDwFylceSwo3w6+zAd2X9jlh/J46aRrKG9sCtDATNshl+5NV AM8w== X-Gm-Message-State: APjAAAVZSqTSWE7G5AmoGFrHg11syoQx0jVESmXtgjgnL+2bojTh81Ky ladQ1ZSQsLklCD1i7CnpQ1VMWILJM3tilAeu X-Received: by 2002:a1c:6a07:: with SMTP id f7mr7422095wmc.124.1571824251589; Wed, 23 Oct 2019 02:50:51 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id y186sm25914296wmb.41.2019.10.23.02.50.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Oct 2019 02:50:50 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, Ard Biesheuvel Subject: [PATCH] crypto: ecdh - fix big endian bug in ECC library Date: Wed, 23 Oct 2019 11:50:44 +0200 Message-Id: <20191023095044.12319-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The elliptic curve arithmetic library used by the EC-DH KPP implementation assumes big endian byte order, and unconditionally reverses the byte and word order of multi-limb quantities. On big endian systems, the byte reordering is not necessary, while the word ordering needs to be retained. So replace the __swab64() invocation with a call to be64_to_cpu() which should do the right thing for both little and big endian builds. Cc: # v4.9+ Signed-off-by: Ard Biesheuvel --- crypto/ecc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.20.1 diff --git a/crypto/ecc.c b/crypto/ecc.c index dfe114bc0c4a..8ee787723c5c 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -1284,10 +1284,11 @@ EXPORT_SYMBOL(ecc_point_mult_shamir); static inline void ecc_swap_digits(const u64 *in, u64 *out, unsigned int ndigits) { + const __be64 *src = (__force __be64 *)in; int i; for (i = 0; i < ndigits; i++) - out[i] = __swab64(in[ndigits - 1 - i]); + out[i] = be64_to_cpu(src[ndigits - 1 - i]); } static int __ecc_is_key_valid(const struct ecc_curve *curve,