From patchwork Mon Jan 16 09:16:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 91542 Delivered-To: patch@linaro.org Received: by 10.182.3.34 with SMTP id 2csp1193597obz; Mon, 16 Jan 2017 01:16:58 -0800 (PST) X-Received: by 10.99.199.69 with SMTP id v5mr38563217pgg.90.1484558218602; Mon, 16 Jan 2017 01:16:58 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w126si20994742pgb.135.2017.01.16.01.16.58; Mon, 16 Jan 2017 01:16:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750985AbdAPJQ4 (ORCPT + 1 other); Mon, 16 Jan 2017 04:16:56 -0500 Received: from mail-wm0-f41.google.com ([74.125.82.41]:34971 "EHLO mail-wm0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750864AbdAPJQq (ORCPT ); Mon, 16 Jan 2017 04:16:46 -0500 Received: by mail-wm0-f41.google.com with SMTP id r126so150706596wmr.0 for ; Mon, 16 Jan 2017 01:16:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=7cLnyMOWmfWRwbkb+UCNk2T1LR1vd9SDrCje1BC8/DY=; b=hD4F0vFZXR71CxP2rn21RFDPGpcJNf51KFvfLCilTyqH2bU8BxrZ09ZjW6WDfmjxYB lIUhpOF/T3caFwgIJUs7YMKNv87B58cdV5w9iEo6Q89QkgtdL8E54wUrAtBAdunHw5yR ZsOnMlVudrd4lxCU2oHBgcbAIYSTSV3yLH7+I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7cLnyMOWmfWRwbkb+UCNk2T1LR1vd9SDrCje1BC8/DY=; b=oS8WyB+cjSaWl/k8iAATr4IC/CR3mC3kr+Slpu2De4nA2/znuSnzfQVhXIQiK8Ox4s W7sj/f65p6o+kAVD0wAyxN6qX7SGSyOOBOpAa8u+73qpUzcDTIRRqXjQrxWxvgtGjPl9 d2LI2XME43MH/MwV/sg+DK1cjlWM/G7G4jKfmYUTT133DP5VbkxH3UJRtciWHpaXCD2j OZVuhokQAD8wHaH9/ijbWZIvHq93Ka5p/2qQ2xJBu3eYZ+R9aUcZFAnZCEwav3qFdFpa VeQDNZjDdXDryRAiT2JHqx9vl0z1ztNYdjXCX1poonGWwm2+AQceYr8lFhjlsC/u+9Dp ZQ8Q== X-Gm-Message-State: AIkVDXKMEfRUh7iDHv7KWNOVoaTVfKzuM0cyfOZ2ppaBin0A0/+bWseLuRQTSpO68fG3j02m X-Received: by 10.223.174.1 with SMTP id x1mr22374948wrc.126.1484558205509; Mon, 16 Jan 2017 01:16:45 -0800 (PST) Received: from localhost.localdomain ([160.167.203.25]) by smtp.gmail.com with ESMTPSA id d64sm27614804wmh.3.2017.01.16.01.16.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 16 Jan 2017 01:16:44 -0800 (PST) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au Cc: Ard Biesheuvel Subject: [PATCH] crypto: generic/cts - fix regression in iv handling Date: Mon, 16 Jan 2017 09:16:35 +0000 Message-Id: <1484558195-14522-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Since the skcipher conversion in commit 0605c41cc53c ("crypto: cts - Convert to skcipher"), the cts code tacitly assumes that the underlying CBC encryption transform performed on the first part of the plaintext returns an IV in req->iv that is suitable for encrypting the final bit. While this is usually the case, it is not mandated by the API, and given that the CTS code already accesses the ciphertext scatterlist to retrieve those bytes, we can simply copy them into req->iv before proceeding. Fixes: 0605c41cc53c ("crypto: cts - Convert to skcipher") Signed-off-by: Ard Biesheuvel --- crypto/cts.c | 1 + 1 file changed, 1 insertion(+) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/crypto/cts.c b/crypto/cts.c index a1335d6c35fb..3270ce8f278d 100644 --- a/crypto/cts.c +++ b/crypto/cts.c @@ -114,6 +114,7 @@ static int cts_cbc_encrypt(struct skcipher_request *req) sg = scatterwalk_ffwd(rctx->sg, req->dst, offset - bsize); scatterwalk_map_and_copy(d + bsize, sg, 0, bsize, 0); + memcpy(req->iv, d + bsize, bsize); memset(d, 0, bsize); scatterwalk_map_and_copy(d, req->src, offset, lastn, 0);