Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 29b37f42 authored by Herbert Xu's avatar Herbert Xu
Browse files

crypto: authenc - Fix zero-length IV crash 



As it is if an algorithm with a zero-length IV is used (e.g.,
NULL encryption) with authenc, authenc may generate an SG entry
of length zero, which will trigger a BUG check in the hash layer.

This patch fixes it by skipping the IV SG generation if the IV
size is zero.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 5393f780

crypto/authenc.c

+15 −9
Original line number Diff line number Diff line
@@ -158,16 +158,19 @@ static int crypto_authenc_genicv(struct aead_request *req, u8 *iv, 
	dstp = sg_page(dst);

	vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset;



	if (ivsize) {

		sg_init_table(cipher, 2);

		sg_set_buf(cipher, iv, ivsize);

		authenc_chain(cipher, dst, vdst == iv + ivsize);

		dst = cipher;

	}



	cryptlen = req->cryptlen + ivsize;

	hash = crypto_authenc_hash(req, flags, cipher, cryptlen);

	hash = crypto_authenc_hash(req, flags, dst, cryptlen);

	if (IS_ERR(hash))

		return PTR_ERR(hash);



	scatterwalk_map_and_copy(hash, cipher, cryptlen,

	scatterwalk_map_and_copy(hash, dst, cryptlen,

				 crypto_aead_authsize(authenc), 1);

	return 0;

}
@@ -285,11 +288,14 @@ static int crypto_authenc_iverify(struct aead_request *req, u8 *iv, 
	srcp = sg_page(src);

	vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset;



	if (ivsize) {

		sg_init_table(cipher, 2);

		sg_set_buf(cipher, iv, ivsize);

		authenc_chain(cipher, src, vsrc == iv + ivsize);

		src = cipher;

	}



	return crypto_authenc_verify(req, cipher, cryptlen + ivsize);

	return crypto_authenc_verify(req, src, cryptlen + ivsize);

}



static int crypto_authenc_decrypt(struct aead_request *req)