From: Matthias-Christian Ott Date: Tue, 30 Dec 2014 09:57:36 +0000 (+0200) Subject: Handle zero length plaintext for VIA PadLock functions X-Git-Tag: gnutls_3_4_0~423 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=33f4e67e5e9f41190f7e8e5c79e64579f400498d;p=thirdparty%2Fgnutls.git Handle zero length plaintext for VIA PadLock functions If the plaintext is shorter than the block size of the used cipher, _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that the plaintext length (last parameter) is greater than zero and segfault otherwise. The assembler code for both functions is automatically generated and imported from OpenSSL, so to ease maintenance the length should be validated in the functions that call padlock_ecb_encrypt or padlock_cbc_encrypt. --- diff --git a/lib/accelerated/x86/aes-gcm-padlock.c b/lib/accelerated/x86/aes-gcm-padlock.c index e15afd4978..410cfc055f 100644 --- a/lib/accelerated/x86/aes-gcm-padlock.c +++ b/lib/accelerated/x86/aes-gcm-padlock.c @@ -54,7 +54,8 @@ static void padlock_aes_encrypt(const void *_ctx, pce = ALIGN16(&ctx->expanded_key); - padlock_ecb_encrypt(dst, src, pce, length); + if (length > 0) + padlock_ecb_encrypt(dst, src, pce, length); } static void padlock_aes128_set_encrypt_key(struct padlock_ctx *_ctx, diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c index 58c42638a2..3e1c4f5a14 100644 --- a/lib/accelerated/x86/aes-padlock.c +++ b/lib/accelerated/x86/aes-padlock.c @@ -132,7 +132,8 @@ padlock_aes_cbc_encrypt(void *_ctx, const void *src, size_t src_size, pce = ALIGN16(&ctx->expanded_key); - padlock_cbc_encrypt(dst, src, pce, src_size); + if (src_size > 0) + padlock_cbc_encrypt(dst, src, pce, src_size); return 0; } @@ -147,7 +148,8 @@ padlock_aes_cbc_decrypt(void *_ctx, const void *src, size_t src_size, pcd = ALIGN16(&ctx->expanded_key); - padlock_cbc_encrypt(dst, src, pcd, src_size); + if (src_size > 0) + padlock_cbc_encrypt(dst, src, pcd, src_size); return 0; }