Skip to content

Commit

Permalink
libckteec: one shot encryption/decryption may have no input data
Browse files Browse the repository at this point in the history
Change the one shot encryption and decryption handler function to
allow input buffer reference to be NULL. This may happen for example
with AES GCM operation where encryption of a NULL buffer is expected to
produce an AES GCM authentication tag. Before this change, providing a
NULL buffer to C_Encrypt() made ckteec_register_shm() to fail and
ckteec_register_shm() to return CKR_HOST_MEMORY error code.

Fixes: aa3dd58 ("libckteec: Allow 0 length input buffer  for update operations.")
Acked-by: Jerome Forissier <[email protected]>
Signed-off-by: Etienne Carriere <[email protected]>
  • Loading branch information
etienne-lms authored and jforissier committed Feb 14, 2024
1 parent afbd31d commit c5b3920
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions libckteec/src/pkcs11_processing.c
Original file line number Diff line number Diff line change
Expand Up @@ -262,10 +262,12 @@ CK_RV ck_encdecrypt_oneshot(CK_SESSION_HANDLE session,
memcpy(ctrl->buffer, &session_handle, sizeof(session_handle));

/* Shm io1: input data buffer */
in_shm = ckteec_register_shm(in, in_len, CKTEEC_SHM_IN);
if (!in_shm) {
rv = CKR_HOST_MEMORY;
goto bail;
if (in) {
in_shm = ckteec_register_shm(in, in_len, CKTEEC_SHM_IN);
if (!in_shm) {
rv = CKR_HOST_MEMORY;
goto bail;
}
}

/* Shm io2: output data buffer */
Expand Down

0 comments on commit c5b3920

Please sign in to comment.