crypto: x86/aesni-gcm - fix crash on empty plaintext

commit 3af349639597fea582a93604734d717e59a0e223 upstream.

gcmaes_crypt_by_sg() dereferences the NULL pointer returned by
scatterwalk_ffwd() when encrypting an empty plaintext and the source
scatterlist ends immediately after the associated data.

Fix it by only fast-forwarding to the src/dst data scatterlists if the
data length is nonzero.

This bug is reproduced by the "rfc4543(gcm(aes))" test vectors when run
with the new AEAD test manager.

Fixes: e845520707 ("crypto: aesni - Update aesni-intel_glue to use scatter/gather")
Cc: <stable@vger.kernel.org> # v4.17+
Cc: Dave Watson <davejwatson@fb.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Eric Biggers 2019-01-31 23:51:40 -08:00 committed by Greg Kroah-Hartman
parent 5d2a5172ca
commit 8a9fcf4a9f

View file

@ -830,11 +830,14 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,
scatterwalk_map_and_copy(assoc, req->src, 0, assoclen, 0); scatterwalk_map_and_copy(assoc, req->src, 0, assoclen, 0);
} }
src_sg = scatterwalk_ffwd(src_start, req->src, req->assoclen); if (left) {
scatterwalk_start(&src_sg_walk, src_sg); src_sg = scatterwalk_ffwd(src_start, req->src, req->assoclen);
if (req->src != req->dst) { scatterwalk_start(&src_sg_walk, src_sg);
dst_sg = scatterwalk_ffwd(dst_start, req->dst, req->assoclen); if (req->src != req->dst) {
scatterwalk_start(&dst_sg_walk, dst_sg); dst_sg = scatterwalk_ffwd(dst_start, req->dst,
req->assoclen);
scatterwalk_start(&dst_sg_walk, dst_sg);
}
} }
kernel_fpu_begin(); kernel_fpu_begin();