Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp581280img; Fri, 22 Mar 2019 04:29:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqwjtMpCAofYV5v0Dq49ac6ku4t1X85Xt9T5P4o5zWh29fxkgyjMrTdhIQ/4bYfMqzpAlSb7 X-Received: by 2002:a62:568e:: with SMTP id h14mr8966637pfj.134.1553254187955; Fri, 22 Mar 2019 04:29:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553254187; cv=none; d=google.com; s=arc-20160816; b=JqMJO4Vkyt4/GpZpqeRsmkMVsbLyM2mGILHvLvEJp2DDetBnVVGhsJTmB1kAxMa3VA 4q3kJsz6Ngt7GzybrJMh7v8xPf4Vz1bu9YnbnIxZMWQZQPC7bmjDbnomABoy0SevvAB5 iW2HJGojvRE7Y4Z1X8ImmI8af01mTKY7/TiPldpoxbu+n6C/37z7rdHcoHF+0I5n1uW5 wJok+pBC7aRt1PBecpMWx+dAbVK/W6RXCpCeie37ktMCpUJgeiMRJy91vXsD0Ol7C8ci RqsOd7/GF+QRLQRDYrQdaSj4MlPoHpuTC8wgomrS6zC+tnMqIp4DLc3TqlZLPemWsK4X +wqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cchXPTuidHb3Ejof4nmVcyfaudZP42sAIM9C2ukvqIY=; b=Zzu/QKtN5rfLJTmMutO291oDq2gC6pjvM8cPcHTc3baiU6+pEQvqEO36xI8woS2F8W Ji6bl4qFQLiuEwmIsOtD9GHmvWJb/RuUPuSjMpGzA8y4D3eJpA3A0hnNpliFU2M5eF0s TdtCt/qHS61fBLo4crTuj+yvGiVtzXQqeD+8ak+mfMmVmQ+fyn4rdY/Vj8MOb2bApse0 IqNYzgW8fxEJTCJVCdgM44ubUWTWSjahISLQGC8fcp5nrcS2z26iuF1SCi76Lwed0Rp1 jrJ7cCzMXQaJd/lAjth+n+EdGABQipEhDiEl0laLc1lyypD/BMbgKfKkgbjsKwZkrGv3 Sxbg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=xLSz9ETk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k7si6578447pfb.69.2019.03.22.04.29.29; Fri, 22 Mar 2019 04:29:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=xLSz9ETk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729423AbfCVL01 (ORCPT + 99 others); Fri, 22 Mar 2019 07:26:27 -0400 Received: from mail.kernel.org ([198.145.29.99]:54148 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729416AbfCVL0Z (ORCPT ); Fri, 22 Mar 2019 07:26:25 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B2F5C218B0; Fri, 22 Mar 2019 11:26:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553253984; bh=JW8pHTtbhe1pTAw0ZBp0SimrBO3fQ2ypaPbr+1DcNmU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xLSz9ETktQ9yuurfM0Mx4IxS7AVH/JObI0+yWyGl6MIgKUuVmMKeIY3fkTza60dFD YYfBiG6f/T4pxJHpy3abJXy2WYYYV0Mox3vVcHAglYGNxuGvFTLjNd0TOQc8qOS9Lg hnYbNZDYrLwljKDr8Eo57Y0dob3Yx3+Jy1UBRCtY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Howells , Eric Biggers , Herbert Xu , Maxim Zhukov Subject: [PATCH 3.18 116/134] crypto: pcbc - remove bogus memcpy()s with src == dest Date: Fri, 22 Mar 2019 12:15:29 +0100 Message-Id: <20190322111218.728609677@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190322111210.465931067@linuxfoundation.org> References: <20190322111210.465931067@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Eric Biggers commit 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 upstream. The memcpy()s in the PCBC implementation use walk->iv as both the source and destination, which has undefined behavior. These memcpy()'s are actually unneeded, because walk->iv is already used to hold the previous plaintext block XOR'd with the previous ciphertext block. Thus, walk->iv is already updated to its final value. So remove the broken and unnecessary memcpy()s. Fixes: 91652be5d1b9 ("[CRYPTO] pcbc: Add Propagated CBC template") Cc: # v2.6.21+ Cc: David Howells Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu Signed-off-by: Maxim Zhukov Signed-off-by: Greg Kroah-Hartman --- crypto/pcbc.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) --- a/crypto/pcbc.c +++ b/crypto/pcbc.c @@ -52,7 +52,7 @@ static int crypto_pcbc_encrypt_segment(s unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *dst = walk->dst.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; do { crypto_xor(iv, src, bsize); @@ -76,7 +76,7 @@ static int crypto_pcbc_encrypt_inplace(s int bsize = crypto_cipher_blocksize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; u8 tmpbuf[bsize]; do { @@ -89,8 +89,6 @@ static int crypto_pcbc_encrypt_inplace(s src += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } @@ -130,7 +128,7 @@ static int crypto_pcbc_decrypt_segment(s unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *dst = walk->dst.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; do { fn(crypto_cipher_tfm(tfm), dst, src); @@ -142,8 +140,6 @@ static int crypto_pcbc_decrypt_segment(s dst += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } @@ -156,7 +152,7 @@ static int crypto_pcbc_decrypt_inplace(s int bsize = crypto_cipher_blocksize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; u8 tmpbuf[bsize]; do { @@ -169,8 +165,6 @@ static int crypto_pcbc_decrypt_inplace(s src += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; }