Commit 29b37f42 authored by Herbert Xu's avatar Herbert Xu

crypto: authenc - Fix zero-length IV crash

As it is if an algorithm with a zero-length IV is used (e.g.,
NULL encryption) with authenc, authenc may generate an SG entry
of length zero, which will trigger a BUG check in the hash layer.

This patch fixes it by skipping the IV SG generation if the IV
size is zero.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 5393f780
...@@ -158,16 +158,19 @@ static int crypto_authenc_genicv(struct aead_request *req, u8 *iv, ...@@ -158,16 +158,19 @@ static int crypto_authenc_genicv(struct aead_request *req, u8 *iv,
dstp = sg_page(dst); dstp = sg_page(dst);
vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset; vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset;
if (ivsize) {
sg_init_table(cipher, 2); sg_init_table(cipher, 2);
sg_set_buf(cipher, iv, ivsize); sg_set_buf(cipher, iv, ivsize);
authenc_chain(cipher, dst, vdst == iv + ivsize); authenc_chain(cipher, dst, vdst == iv + ivsize);
dst = cipher;
}
cryptlen = req->cryptlen + ivsize; cryptlen = req->cryptlen + ivsize;
hash = crypto_authenc_hash(req, flags, cipher, cryptlen); hash = crypto_authenc_hash(req, flags, dst, cryptlen);
if (IS_ERR(hash)) if (IS_ERR(hash))
return PTR_ERR(hash); return PTR_ERR(hash);
scatterwalk_map_and_copy(hash, cipher, cryptlen, scatterwalk_map_and_copy(hash, dst, cryptlen,
crypto_aead_authsize(authenc), 1); crypto_aead_authsize(authenc), 1);
return 0; return 0;
} }
...@@ -285,11 +288,14 @@ static int crypto_authenc_iverify(struct aead_request *req, u8 *iv, ...@@ -285,11 +288,14 @@ static int crypto_authenc_iverify(struct aead_request *req, u8 *iv,
srcp = sg_page(src); srcp = sg_page(src);
vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset; vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset;
if (ivsize) {
sg_init_table(cipher, 2); sg_init_table(cipher, 2);
sg_set_buf(cipher, iv, ivsize); sg_set_buf(cipher, iv, ivsize);
authenc_chain(cipher, src, vsrc == iv + ivsize); authenc_chain(cipher, src, vsrc == iv + ivsize);
src = cipher;
}
return crypto_authenc_verify(req, cipher, cryptlen + ivsize); return crypto_authenc_verify(req, src, cryptlen + ivsize);
} }
static int crypto_authenc_decrypt(struct aead_request *req) static int crypto_authenc_decrypt(struct aead_request *req)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment