releases/4.19.31/crypto-pcbc-remove-bogus-memcpy-s-with-src-dest.patch

   1 From 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 Mon Sep 17 00:00:00 2001
   2 From: Eric Biggers <ebiggers@google.com>
   3 Date: Thu, 3 Jan 2019 20:16:13 -0800
   4 Subject: crypto: pcbc - remove bogus memcpy()s with src == dest
   5
   6 From: Eric Biggers <ebiggers@google.com>
   7
   8 commit 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 upstream.
   9
  10 The memcpy()s in the PCBC implementation use walk->iv as both the source
  11 and destination, which has undefined behavior.  These memcpy()'s are
  12 actually unneeded, because walk->iv is already used to hold the previous
  13 plaintext block XOR'd with the previous ciphertext block.  Thus,
  14 walk->iv is already updated to its final value.
  15
  16 So remove the broken and unnecessary memcpy()s.
  17
  18 Fixes: 91652be5d1b9 ("[CRYPTO] pcbc: Add Propagated CBC template")
  19 Cc: <stable@vger.kernel.org> # v2.6.21+
  20 Cc: David Howells <dhowells@redhat.com>
  21 Signed-off-by: Eric Biggers <ebiggers@google.com>
  22 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  23 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  24
  25 ---
  26  crypto/pcbc.c |   14 ++++----------
  27  1 file changed, 4 insertions(+), 10 deletions(-)
  28
  29 --- a/crypto/pcbc.c
  30 +++ b/crypto/pcbc.c
  31 @@ -51,7 +51,7 @@ static int crypto_pcbc_encrypt_segment(s
  32         unsigned int nbytes = walk->nbytes;
  33         u8 *src = walk->src.virt.addr;
  34         u8 *dst = walk->dst.virt.addr;
  35 -       u8 *iv = walk->iv;
  36 +       u8 * const iv = walk->iv;
  37
  38         do {
  39                 crypto_xor(iv, src, bsize);
  40 @@ -72,7 +72,7 @@ static int crypto_pcbc_encrypt_inplace(s
  41         int bsize = crypto_cipher_blocksize(tfm);
  42         unsigned int nbytes = walk->nbytes;
  43         u8 *src = walk->src.virt.addr;
  44 -       u8 *iv = walk->iv;
  45 +       u8 * const iv = walk->iv;
  46         u8 tmpbuf[MAX_CIPHER_BLOCKSIZE];
  47
  48         do {
  49 @@ -84,8 +84,6 @@ static int crypto_pcbc_encrypt_inplace(s
  50                 src += bsize;
  51         } while ((nbytes -= bsize) >= bsize);
  52
  53 -       memcpy(walk->iv, iv, bsize);
  54 -
  55         return nbytes;
  56  }
  57
  58 @@ -121,7 +119,7 @@ static int crypto_pcbc_decrypt_segment(s
  59         unsigned int nbytes = walk->nbytes;
  60         u8 *src = walk->src.virt.addr;
  61         u8 *dst = walk->dst.virt.addr;
  62 -       u8 *iv = walk->iv;
  63 +       u8 * const iv = walk->iv;
  64
  65         do {
  66                 crypto_cipher_decrypt_one(tfm, dst, src);
  67 @@ -132,8 +130,6 @@ static int crypto_pcbc_decrypt_segment(s
  68                 dst += bsize;
  69         } while ((nbytes -= bsize) >= bsize);
  70
  71 -       memcpy(walk->iv, iv, bsize);
  72 -
  73         return nbytes;
  74  }
  75
  76 @@ -144,7 +140,7 @@ static int crypto_pcbc_decrypt_inplace(s
  77         int bsize = crypto_cipher_blocksize(tfm);
  78         unsigned int nbytes = walk->nbytes;
  79         u8 *src = walk->src.virt.addr;
  80 -       u8 *iv = walk->iv;
  81 +       u8 * const iv = walk->iv;
  82         u8 tmpbuf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(u32));
  83
  84         do {
  85 @@ -156,8 +152,6 @@ static int crypto_pcbc_decrypt_inplace(s
  86                 src += bsize;
  87         } while ((nbytes -= bsize) >= bsize);
  88
  89 -       memcpy(walk->iv, iv, bsize);
  90 -
  91         return nbytes;
  92  }
  93