]>
Commit | Line | Data |
---|---|---|
fa96befc GKH |
1 | From 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 Mon Sep 17 00:00:00 2001 |
2 | From: Eric Biggers <ebiggers@google.com> | |
3 | Date: Thu, 3 Jan 2019 20:16:13 -0800 | |
4 | Subject: crypto: pcbc - remove bogus memcpy()s with src == dest | |
5 | ||
6 | From: Eric Biggers <ebiggers@google.com> | |
7 | ||
8 | commit 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 upstream. | |
9 | ||
10 | The memcpy()s in the PCBC implementation use walk->iv as both the source | |
11 | and destination, which has undefined behavior. These memcpy()'s are | |
12 | actually unneeded, because walk->iv is already used to hold the previous | |
13 | plaintext block XOR'd with the previous ciphertext block. Thus, | |
14 | walk->iv is already updated to its final value. | |
15 | ||
16 | So remove the broken and unnecessary memcpy()s. | |
17 | ||
18 | Fixes: 91652be5d1b9 ("[CRYPTO] pcbc: Add Propagated CBC template") | |
19 | Cc: <stable@vger.kernel.org> # v2.6.21+ | |
20 | Cc: David Howells <dhowells@redhat.com> | |
21 | Signed-off-by: Eric Biggers <ebiggers@google.com> | |
22 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
23 | Signed-off-by: Maxim Zhukov <mussitantesmortem@gmail.com> | |
24 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
25 | --- | |
26 | crypto/pcbc.c | 14 ++++---------- | |
27 | 1 file changed, 4 insertions(+), 10 deletions(-) | |
28 | ||
29 | --- a/crypto/pcbc.c | |
30 | +++ b/crypto/pcbc.c | |
31 | @@ -52,7 +52,7 @@ static int crypto_pcbc_encrypt_segment(s | |
32 | unsigned int nbytes = walk->nbytes; | |
33 | u8 *src = walk->src.virt.addr; | |
34 | u8 *dst = walk->dst.virt.addr; | |
35 | - u8 *iv = walk->iv; | |
36 | + u8 * const iv = walk->iv; | |
37 | ||
38 | do { | |
39 | crypto_xor(iv, src, bsize); | |
40 | @@ -76,7 +76,7 @@ static int crypto_pcbc_encrypt_inplace(s | |
41 | int bsize = crypto_cipher_blocksize(tfm); | |
42 | unsigned int nbytes = walk->nbytes; | |
43 | u8 *src = walk->src.virt.addr; | |
44 | - u8 *iv = walk->iv; | |
45 | + u8 * const iv = walk->iv; | |
46 | u8 tmpbuf[bsize]; | |
47 | ||
48 | do { | |
49 | @@ -89,8 +89,6 @@ static int crypto_pcbc_encrypt_inplace(s | |
50 | src += bsize; | |
51 | } while ((nbytes -= bsize) >= bsize); | |
52 | ||
53 | - memcpy(walk->iv, iv, bsize); | |
54 | - | |
55 | return nbytes; | |
56 | } | |
57 | ||
58 | @@ -130,7 +128,7 @@ static int crypto_pcbc_decrypt_segment(s | |
59 | unsigned int nbytes = walk->nbytes; | |
60 | u8 *src = walk->src.virt.addr; | |
61 | u8 *dst = walk->dst.virt.addr; | |
62 | - u8 *iv = walk->iv; | |
63 | + u8 * const iv = walk->iv; | |
64 | ||
65 | do { | |
66 | fn(crypto_cipher_tfm(tfm), dst, src); | |
67 | @@ -142,8 +140,6 @@ static int crypto_pcbc_decrypt_segment(s | |
68 | dst += bsize; | |
69 | } while ((nbytes -= bsize) >= bsize); | |
70 | ||
71 | - memcpy(walk->iv, iv, bsize); | |
72 | - | |
73 | return nbytes; | |
74 | } | |
75 | ||
76 | @@ -156,7 +152,7 @@ static int crypto_pcbc_decrypt_inplace(s | |
77 | int bsize = crypto_cipher_blocksize(tfm); | |
78 | unsigned int nbytes = walk->nbytes; | |
79 | u8 *src = walk->src.virt.addr; | |
80 | - u8 *iv = walk->iv; | |
81 | + u8 * const iv = walk->iv; | |
82 | u8 tmpbuf[bsize]; | |
83 | ||
84 | do { | |
85 | @@ -169,8 +165,6 @@ static int crypto_pcbc_decrypt_inplace(s | |
86 | src += bsize; | |
87 | } while ((nbytes -= bsize) >= bsize); | |
88 | ||
89 | - memcpy(walk->iv, iv, bsize); | |
90 | - | |
91 | return nbytes; | |
92 | } | |
93 |