crypto: x86/ghash - fix unaligned access in ghash_setkey()

[ Upstream commit 116db2704c193fff6d73ea6c2219625f0c9bdfc8 ]

The key can be unaligned, so use the unaligned memory access helpers.

Fixes: b950149ee573 ("crypto: ghash-clmulni-intel - use C implementation for setkey()")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c
index 04d72a5a8ce9815ffca1db870b4110fe2a4c4166..c9864ac9c0149225483f5093b2a55b7118434d60 100644 (file)
--- a/arch/x86/crypto/ghash-clmulni-intel_glue.c
+++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c
@@ -19,6 +19,7 @@
 #include <crypto/internal/simd.h>
 #include <asm/cpu_device_id.h>
 #include <asm/simd.h>
+#include <asm/unaligned.h>
 
 #define GHASH_BLOCK_SIZE       16
 #define GHASH_DIGEST_SIZE      16
@@ -54,7 +55,6 @@ static int ghash_setkey(struct crypto_shash *tfm,
                        const u8 *key, unsigned int keylen)
 {
        struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
-       be128 *x = (be128 *)key;
        u64 a, b;
 
        if (keylen != GHASH_BLOCK_SIZE) {
@@ -63,8 +63,8 @@ static int ghash_setkey(struct crypto_shash *tfm,
        }
 
        /* perform multiplication by 'x' in GF(2^128) */
-       a = be64_to_cpu(x->a);
-       b = be64_to_cpu(x->b);
+       a = get_unaligned_be64(key);
+       b = get_unaligned_be64(key + 8);
 
        ctx->shash.a = (b << 1) | (a >> 63);
        ctx->shash.b = (a << 1) | (b >> 63);