crypto: x86/aesni-gcm - fix crash on empty plaintext

gcmaes_crypt_by_sg() dereferences the NULL pointer returned by
scatterwalk_ffwd() when encrypting an empty plaintext and the source
scatterlist ends immediately after the associated data.

Fix it by only fast-forwarding to the src/dst data scatterlists if the
data length is nonzero.

This bug is reproduced by the "rfc4543(gcm(aes))" test vectors when run
with the new AEAD test manager.

Fixes: e845520707 ("crypto: aesni - Update aesni-intel_glue to use scatter/gather")
Cc: <stable@vger.kernel.org> # v4.17+
Cc: Dave Watson <davejwatson@fb.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

arch/x86/crypto/aesni-intel_glue.c

@@ -813,12 +813,15 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,
 		scatterwalk_map_and_copy(assoc, req->src, 0, assoclen, 0);
 	}
 
+	if (left) {
 		src_sg = scatterwalk_ffwd(src_start, req->src, req->assoclen);
 		scatterwalk_start(&src_sg_walk, src_sg);
 		if (req->src != req->dst) {
-		dst_sg = scatterwalk_ffwd(dst_start, req->dst, req->assoclen);
+			dst_sg = scatterwalk_ffwd(dst_start, req->dst,
+						  req->assoclen);
 			scatterwalk_start(&dst_sg_walk, dst_sg);
 		}
+	}
 
 	kernel_fpu_begin();
 	gcm_tfm->init(aes_ctx, &data, iv,