[PATCH 1/2] crypto: skcipher - noop for enc/dec with NULL data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The encryption / decryption operation is a noop in case the caller
provides zero input data. As this noop is a "valid" operation, the API
calls will return no error, but simply skip any processing.

This fixes a kernel crash with authenc() ciphers and zero plaintext /
ciphertext that can be triggered via AF_ALG from unprivileged user
space.

Fixes: 7a7ffe65c8c5f ("crypto: skcipher - Add top-level skcipher
interface")
CC: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
CC: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>
---
 include/crypto/skcipher.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 562001cb412b..ca27fbadbe67 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -442,6 +442,9 @@ static inline int crypto_skcipher_encrypt(struct skcipher_request *req)
 {
 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
 
+	if (!req->cryptlen)
+		return 0;
+
 	return tfm->encrypt(req);
 }
 
@@ -460,6 +463,9 @@ static inline int crypto_skcipher_decrypt(struct skcipher_request *req)
 {
 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
 
+	if (!req->cryptlen)
+		return 0;
+
 	return tfm->decrypt(req);
 }
 
-- 
2.13.5





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux