From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4627BC4360F for ; Wed, 20 Mar 2019 17:32:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1995321841 for ; Wed, 20 Mar 2019 17:32:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Al1C4lAB" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726448AbfCTRcY (ORCPT ); Wed, 20 Mar 2019 13:32:24 -0400 Received: from mail-lj1-f194.google.com ([209.85.208.194]:40679 "EHLO mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726823AbfCTRcY (ORCPT ); Wed, 20 Mar 2019 13:32:24 -0400 Received: by mail-lj1-f194.google.com with SMTP id q66so2994941ljq.7 for ; Wed, 20 Mar 2019 10:32:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kHHOHtyrqDjoxhUnu2YJBRqlszAhf3CIgxD3hrsb7Oo=; b=Al1C4lABXSREGNu8i5UlubQE8IVD1R4ZN9eVLOJIGxV0L8KpaStaVTlfCJ9b1XHnFw LLzz/pxMoZXM6tUXmWg/uJuSD6wRjgJRDr0BTemckPfbmKpX10DNf+UKpupLDc72Iy49 UbgAE9YdTPoOrjd9h8GFgzMbEWEArttmeFVKqn0qQRU6z3TvbuNrY0IifQTDLt0dVv5A G8v/5Z7ZfllgW+6ibbE2pGSQftL9gx0U0Z9wj0e42gIsv6YeZ0d33td2qy7py6xa6oSk 3vQJlVp5w/YK8M2vmE7YcfLtEH7BuH7RiMiS/xkXqluxHjiqwnBqZTjvl0rhga3jllSv vRQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kHHOHtyrqDjoxhUnu2YJBRqlszAhf3CIgxD3hrsb7Oo=; b=GI1B6pSGtC6kHLQSD69/q3vJzoQz63l7IGtpgINeA0rZdL/mLT6kwSR4KlbUJVgfzF bmdcOuhr1o2tC1QLmz3zSI0C7sgSi20LTUEdZ5hUNtX0UO5+Ft1t6tpQHnhZ5X5Bnt4q kBTBq4nNRayuu0uw6MIZvzJREbTupvkNhz/uIMLmFzvYj0jlHrE94stz6Xl0m1s5kg0w 5ZxciNbNJWEeB558QnFYUQQ317rFijP3x0l3/2PHiooMvPx7UFJG3C2cCnObyr15noTS SEsXnhz61Pp2LdLHJQJY8xh0PFF4jWpYCbIqQzoGAWZcTtk+INr3kXetbQXpRsW5pnYd YORQ== X-Gm-Message-State: APjAAAUfiWOR164JHc5nRVBpPFTw2BKmY+MgnAvL5wOEnbfBV4Xl3fVf BkyUIs5LL/U8CQiunAHMGsg= X-Google-Smtp-Source: APXvYqw3S/NjDDYYXPs7jtOoOHWUgkAOgY9+VWO87ct+GOs3pDV6wNIqJoS7yCKnaaObRoQ6gC+LjQ== X-Received: by 2002:a2e:9c09:: with SMTP id s9mr17706193lji.83.1553103142422; Wed, 20 Mar 2019 10:32:22 -0700 (PDT) Received: from localhost ([178.170.168.3]) by smtp.gmail.com with ESMTPSA id p27sm442456ljb.30.2019.03.20.10.32.20 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 20 Mar 2019 10:32:20 -0700 (PDT) From: Maxim Zhukov X-Google-Original-From: Maxim Zhukov To: gregkh@linuxfoundation.org Cc: Eric Biggers , stable@vger.kernel.org, David Howells , Herbert Xu , Maxim Zhukov Subject: [PATCH] crypto: pcbc - remove bogus memcpy()s with src == dest Date: Wed, 20 Mar 2019 20:32:07 +0300 Message-Id: <20190320173207.18266-1-mussitantesmortem@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <15530987438372@kroah.com> References: <15530987438372@kroah.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Eric Biggers commit 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 upstream The memcpy()s in the PCBC implementation use walk->iv as both the source and destination, which has undefined behavior. These memcpy()'s are actually unneeded, because walk->iv is already used to hold the previous plaintext block XOR'd with the previous ciphertext block. Thus, walk->iv is already updated to its final value. So remove the broken and unnecessary memcpy()s. Fixes: 91652be5d1b9 ("[CRYPTO] pcbc: Add Propagated CBC template") Cc: # v2.6.21+ Cc: David Howells Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu Signed-off-by: Maxim Zhukov --- crypto/pcbc.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/crypto/pcbc.c b/crypto/pcbc.c index d9e45a958720..67009a532201 100644 --- a/crypto/pcbc.c +++ b/crypto/pcbc.c @@ -50,7 +50,7 @@ static int crypto_pcbc_encrypt_segment(struct skcipher_request *req, unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *dst = walk->dst.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; do { crypto_xor(iv, src, bsize); @@ -71,7 +71,7 @@ static int crypto_pcbc_encrypt_inplace(struct skcipher_request *req, int bsize = crypto_cipher_blocksize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; u8 tmpbuf[bsize]; do { @@ -83,8 +83,6 @@ static int crypto_pcbc_encrypt_inplace(struct skcipher_request *req, src += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } @@ -120,7 +118,7 @@ static int crypto_pcbc_decrypt_segment(struct skcipher_request *req, unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *dst = walk->dst.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; do { crypto_cipher_decrypt_one(tfm, dst, src); @@ -131,8 +129,6 @@ static int crypto_pcbc_decrypt_segment(struct skcipher_request *req, dst += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } @@ -143,7 +139,7 @@ static int crypto_pcbc_decrypt_inplace(struct skcipher_request *req, int bsize = crypto_cipher_blocksize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; u8 tmpbuf[bsize] __aligned(__alignof__(u32)); do { @@ -155,8 +151,6 @@ static int crypto_pcbc_decrypt_inplace(struct skcipher_request *req, src += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } -- 2.21.0