• Eric Biggers's avatar
    crypto: cfb - remove bogus memcpy() with src == dest · 1a10e6b5
    Eric Biggers authored
    commit 6c2e322b upstream.
    
    The memcpy() in crypto_cfb_decrypt_inplace() uses walk->iv as both the
    source and destination, which has undefined behavior.  It is unneeded
    because walk->iv is already used to hold the previous ciphertext block;
    thus, walk->iv is already updated to its final value.  So, remove it.
    
    Also, note that in-place decryption is the only case where the previous
    ciphertext block is not directly available.  Therefore, as a related
    cleanup I also updated crypto_cfb_encrypt_segment() to directly use the
    previous ciphertext block rather than save it into walk->iv.  This makes
    it consistent with in-place encryption and out-of-place decryption; now
    only in-place decryption is different, because it has to be.
    
    Fixes: a7d85e06 ("crypto: cfb - add support for Cipher FeedBack mode")
    Cc: <stable@vger.kernel.org> # v4.17+
    Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    1a10e6b5
cfb.c 8.85 KB