lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Fri, 25 Oct 2013 12:27:35 +0100
From:	Michal Nazarewicz <mpn@...gle.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>,
	"David S. Miller" <davem@...emloft.net>
Cc:	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
	Michal Nazarewicz <mina86@...a86.com>
Subject: [PATCH] crypto: blkcipher: do not read unutialised walk->flags

From: Michal Nazarewicz <mina86@...a86.com>

blkcipher_walk_virt, blkcipher_walk_virt_block and
blkcipher_walk_phys functions modify the walk->flags by using
a binary “&=” or “|=” operator.  This translate to read followed by
a write.  However, the walk->flags is usually not initialised so the
read returns garbage.

At the same time, those functions call blkcipher_walk_first which
then calls blkcipher_walk_next function which zeroes all flags
except for BLKCIPHER_WALK_PHYS.  This means, that the read done in
the virt, virt_block and phys functions is completely meaningless.

Dropping the read and changing “&=”/“|=” with a plain assignment
clears the confusion without changing any functionality of the API.

Signed-off-by: Michal Nazarewicz <mina86@...a86.com>
---

 Admittedly, I'm not familiar with the crypto API, but I believe
 this to be a valid change.  This has actually been prompted by
 Coverity scan which detects the read of initialised data.

 crypto/blkcipher.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index a79e7e9..3fb99d8 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -305,7 +305,7 @@ static inline int blkcipher_copy_iv(struct blkcipher_walk *walk,
 int blkcipher_walk_virt(struct blkcipher_desc *desc,
 			struct blkcipher_walk *walk)
 {
-	walk->flags &= ~BLKCIPHER_WALK_PHYS;
+	walk->flags = 0;
 	walk->blocksize = crypto_blkcipher_blocksize(desc->tfm);
 	return blkcipher_walk_first(desc, walk);
 }
@@ -314,7 +314,7 @@ EXPORT_SYMBOL_GPL(blkcipher_walk_virt);
 int blkcipher_walk_phys(struct blkcipher_desc *desc,
 			struct blkcipher_walk *walk)
 {
-	walk->flags |= BLKCIPHER_WALK_PHYS;
+	walk->flags = BLKCIPHER_WALK_PHYS;
 	walk->blocksize = crypto_blkcipher_blocksize(desc->tfm);
 	return blkcipher_walk_first(desc, walk);
 }
@@ -352,7 +352,7 @@ int blkcipher_walk_virt_block(struct blkcipher_desc *desc,
 			      struct blkcipher_walk *walk,
 			      unsigned int blocksize)
 {
-	walk->flags &= ~BLKCIPHER_WALK_PHYS;
+	walk->flags = 0;
 	walk->blocksize = blocksize;
 	return blkcipher_walk_first(desc, walk);
 }
-- 
1.8.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ