]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blame - releases/4.19.31/crypto-pcbc-remove-bogus-memcpy-s-with-src-dest.patch
Linux 4.19.31
[thirdparty/kernel/stable-queue.git] / releases / 4.19.31 / crypto-pcbc-remove-bogus-memcpy-s-with-src-dest.patch
CommitLineData
128027b5
GKH
1From 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 Mon Sep 17 00:00:00 2001
2From: Eric Biggers <ebiggers@google.com>
3Date: Thu, 3 Jan 2019 20:16:13 -0800
4Subject: crypto: pcbc - remove bogus memcpy()s with src == dest
5
6From: Eric Biggers <ebiggers@google.com>
7
8commit 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 upstream.
9
10The memcpy()s in the PCBC implementation use walk->iv as both the source
11and destination, which has undefined behavior. These memcpy()'s are
12actually unneeded, because walk->iv is already used to hold the previous
13plaintext block XOR'd with the previous ciphertext block. Thus,
14walk->iv is already updated to its final value.
15
16So remove the broken and unnecessary memcpy()s.
17
18Fixes: 91652be5d1b9 ("[CRYPTO] pcbc: Add Propagated CBC template")
19Cc: <stable@vger.kernel.org> # v2.6.21+
20Cc: David Howells <dhowells@redhat.com>
21Signed-off-by: Eric Biggers <ebiggers@google.com>
22Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
23Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
24
25---
26 crypto/pcbc.c | 14 ++++----------
27 1 file changed, 4 insertions(+), 10 deletions(-)
28
29--- a/crypto/pcbc.c
30+++ b/crypto/pcbc.c
31@@ -51,7 +51,7 @@ static int crypto_pcbc_encrypt_segment(s
32 unsigned int nbytes = walk->nbytes;
33 u8 *src = walk->src.virt.addr;
34 u8 *dst = walk->dst.virt.addr;
35- u8 *iv = walk->iv;
36+ u8 * const iv = walk->iv;
37
38 do {
39 crypto_xor(iv, src, bsize);
40@@ -72,7 +72,7 @@ static int crypto_pcbc_encrypt_inplace(s
41 int bsize = crypto_cipher_blocksize(tfm);
42 unsigned int nbytes = walk->nbytes;
43 u8 *src = walk->src.virt.addr;
44- u8 *iv = walk->iv;
45+ u8 * const iv = walk->iv;
46 u8 tmpbuf[MAX_CIPHER_BLOCKSIZE];
47
48 do {
49@@ -84,8 +84,6 @@ static int crypto_pcbc_encrypt_inplace(s
50 src += bsize;
51 } while ((nbytes -= bsize) >= bsize);
52
53- memcpy(walk->iv, iv, bsize);
54-
55 return nbytes;
56 }
57
58@@ -121,7 +119,7 @@ static int crypto_pcbc_decrypt_segment(s
59 unsigned int nbytes = walk->nbytes;
60 u8 *src = walk->src.virt.addr;
61 u8 *dst = walk->dst.virt.addr;
62- u8 *iv = walk->iv;
63+ u8 * const iv = walk->iv;
64
65 do {
66 crypto_cipher_decrypt_one(tfm, dst, src);
67@@ -132,8 +130,6 @@ static int crypto_pcbc_decrypt_segment(s
68 dst += bsize;
69 } while ((nbytes -= bsize) >= bsize);
70
71- memcpy(walk->iv, iv, bsize);
72-
73 return nbytes;
74 }
75
76@@ -144,7 +140,7 @@ static int crypto_pcbc_decrypt_inplace(s
77 int bsize = crypto_cipher_blocksize(tfm);
78 unsigned int nbytes = walk->nbytes;
79 u8 *src = walk->src.virt.addr;
80- u8 *iv = walk->iv;
81+ u8 * const iv = walk->iv;
82 u8 tmpbuf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(u32));
83
84 do {
85@@ -156,8 +152,6 @@ static int crypto_pcbc_decrypt_inplace(s
86 src += bsize;
87 } while ((nbytes -= bsize) >= bsize);
88
89- memcpy(walk->iv, iv, bsize);
90-
91 return nbytes;
92 }
93