From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E3FFC43381 for ; Wed, 20 Mar 2019 17:46:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D5AFB2184D for ; Wed, 20 Mar 2019 17:46:50 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="UJgx06FN" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727047AbfCTRqu (ORCPT ); Wed, 20 Mar 2019 13:46:50 -0400 Received: from mail-lj1-f194.google.com ([209.85.208.194]:35724 "EHLO mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726832AbfCTRqu (ORCPT ); Wed, 20 Mar 2019 13:46:50 -0400 Received: by mail-lj1-f194.google.com with SMTP id t13so3036209lji.2 for ; Wed, 20 Mar 2019 10:46:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=0F8EY6mSACPWs9AHtCStjq/OcGMMW6C0OxLdpLYh0Tg=; b=UJgx06FNqHojj6baaEVi7lrHOyssveg4QoxUbdXnmiw8mwoU1bDaZqsHsFQUz7RBvP xWZcysNeUzEhHFLIksDZ/f+sDtFAGfOuPjiUS7YMnhPA7UPqPL3iRIYdJe90348j5sC8 pUOtYz3emFRzCP1DJHF9O1BPQPS0j4Zvs6UKxkEUdU913702pkqkPtIeLDNE8aI/c+9Y 0RWWOyMGa9mp8nLKETY/fzYK8lgUG2qhnwS63WjvpkqTFDp3l3v8Ea8M8IyM41tDhezG spNSlXWZDCo1FcQuPgGzcMT+GGnn4QJwYLp+qdJuDFgw2gAwKpqHIgw1AcT1Y/PfCBg5 6l+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0F8EY6mSACPWs9AHtCStjq/OcGMMW6C0OxLdpLYh0Tg=; b=IoKfCiSdxfu6zN3GkSBnBkrtdhj2oR4EBjQ8xAdcghjqbfizgkFLiFf9rkwA32J6RB BGMj6hiRDY4uMt5BJCzVTzEiOu3lpRhLV9GL3pRCXomnz02JgS8mjzb4HjyIe+Fsb+p9 EpwIO6gALd4VtWErR6HytRXjX+V3znYej9UK2qwzq8xZpqj5/38tSgWgtqrJ0FbsSRya dVp8DrLEEDZGJQ4KIny7ek0Zi78FvFqkMQacZSwnURARMh9w1Amc7T2oVLt4R1RP6tBK T8/fsFVpyw/t6dKLNeSKCMkGEKjpT0e2oXndC0HWUTeigW0Yy2SWVkvqgVG6p9VCQR0S Txbw== X-Gm-Message-State: APjAAAXuui6+1tUs6L6GU6fHeA4nuXdJ8+mS9sx4odBDPt7UDXYb2ghD YfsvJTBFyIKAMhrgwGKNjeE= X-Google-Smtp-Source: APXvYqzgThgZf7AcQ40ZfNK3s8CQqRprfSMtuFxgx4xlW0yQvbxHclm13SY2dIA0oc7qWFMx5k5Qqw== X-Received: by 2002:a2e:90c9:: with SMTP id o9mr12847582ljg.102.1553104008297; Wed, 20 Mar 2019 10:46:48 -0700 (PDT) Received: from localhost ([178.170.168.3]) by smtp.gmail.com with ESMTPSA id q17sm486514lfb.13.2019.03.20.10.46.47 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 20 Mar 2019 10:46:47 -0700 (PDT) From: Maxim Zhukov X-Google-Original-From: Maxim Zhukov To: gregkh@linuxfoundation.org Cc: Eric Biggers , stable@vger.kernel.org, David Howells , Herbert Xu , Maxim Zhukov Subject: [PATCH v4.9] crypto: pcbc - remove bogus memcpy()s with src == dest Date: Wed, 20 Mar 2019 20:46:36 +0300 Message-Id: <20190320174636.20169-1-mussitantesmortem@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <155309878124516@kroah.com> References: <155309878124516@kroah.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Eric Biggers commit 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 upstream The memcpy()s in the PCBC implementation use walk->iv as both the source and destination, which has undefined behavior. These memcpy()'s are actually unneeded, because walk->iv is already used to hold the previous plaintext block XOR'd with the previous ciphertext block. Thus, walk->iv is already updated to its final value. So remove the broken and unnecessary memcpy()s. Fixes: 91652be5d1b9 ("[CRYPTO] pcbc: Add Propagated CBC template") Cc: # v2.6.21+ Cc: David Howells Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu Signed-off-by: Maxim Zhukov --- crypto/pcbc.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/crypto/pcbc.c b/crypto/pcbc.c index f654965f0933..de81f716cf26 100644 --- a/crypto/pcbc.c +++ b/crypto/pcbc.c @@ -52,7 +52,7 @@ static int crypto_pcbc_encrypt_segment(struct blkcipher_desc *desc, unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *dst = walk->dst.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; do { crypto_xor(iv, src, bsize); @@ -76,7 +76,7 @@ static int crypto_pcbc_encrypt_inplace(struct blkcipher_desc *desc, int bsize = crypto_cipher_blocksize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; u8 tmpbuf[bsize]; do { @@ -89,8 +89,6 @@ static int crypto_pcbc_encrypt_inplace(struct blkcipher_desc *desc, src += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } @@ -130,7 +128,7 @@ static int crypto_pcbc_decrypt_segment(struct blkcipher_desc *desc, unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *dst = walk->dst.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; do { fn(crypto_cipher_tfm(tfm), dst, src); @@ -142,8 +140,6 @@ static int crypto_pcbc_decrypt_segment(struct blkcipher_desc *desc, dst += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } @@ -156,7 +152,7 @@ static int crypto_pcbc_decrypt_inplace(struct blkcipher_desc *desc, int bsize = crypto_cipher_blocksize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; u8 tmpbuf[bsize]; do { @@ -169,8 +165,6 @@ static int crypto_pcbc_decrypt_inplace(struct blkcipher_desc *desc, src += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } -- 2.21.0