[PATCH v2 05/15] crypto: x86/aesni-gcm - fix crash on empty plaintext

Thu, 31 Jan 2019 23:52:29 -0800 

From: Eric Biggers <ebigg...@google.com>

gcmaes_crypt_by_sg() dereferences the NULL pointer returned by
scatterwalk_ffwd() when encrypting an empty plaintext and the source
scatterlist ends immediately after the associated data.

Fix it by only fast-forwarding to the src/dst data scatterlists if the
data length is nonzero.

This bug is reproduced by the "rfc4543(gcm(aes))" test vectors when run
with the new AEAD test manager.

Fixes: e845520707f8 ("crypto: aesni - Update aesni-intel_glue to use 
scatter/gather")
Cc: <sta...@vger.kernel.org> # v4.17+
Cc: Dave Watson <davejwat...@fb.com>
Signed-off-by: Eric Biggers <ebigg...@google.com>
---
 arch/x86/crypto/aesni-intel_glue.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/arch/x86/crypto/aesni-intel_glue.c 
b/arch/x86/crypto/aesni-intel_glue.c
index 9b5ccde3ef315..1e3d2102033a0 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -813,11 +813,14 @@ static int gcmaes_crypt_by_sg(bool enc, struct 
aead_request *req,
                scatterwalk_map_and_copy(assoc, req->src, 0, assoclen, 0);
        }
 
-       src_sg = scatterwalk_ffwd(src_start, req->src, req->assoclen);
-       scatterwalk_start(&src_sg_walk, src_sg);
-       if (req->src != req->dst) {
-               dst_sg = scatterwalk_ffwd(dst_start, req->dst, req->assoclen);
-               scatterwalk_start(&dst_sg_walk, dst_sg);
+       if (left) {
+               src_sg = scatterwalk_ffwd(src_start, req->src, req->assoclen);
+               scatterwalk_start(&src_sg_walk, src_sg);
+               if (req->src != req->dst) {
+                       dst_sg = scatterwalk_ffwd(dst_start, req->dst,
+                                                 req->assoclen);
+                       scatterwalk_start(&dst_sg_walk, dst_sg);
+               }
        }
 
        kernel_fpu_begin();
-- 
2.20.1

Reply via email to