diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-10 19:46:08 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-10 20:40:31 +0900 |
commit | c149a787371d3cac3195ff87816b8b332b8b6d2b (patch) | |
tree | 62624be2595e2c750d17ef3f6e90e7e8357529cd | |
parent | 2e66d3d674d3a54593e0cbb4ff1f6039fd965d66 (diff) | |
download | openssl-c149a787371d3cac3195ff87816b8b332b8b6d2b.tar.gz |
Fix a NULL dereference in chacha20_poly1305_init_key()topic/evp-chacha20-poly1305-init-segv
chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.
-rw-r--r-- | crypto/evp/e_chacha20_poly1305.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index c3c72a1665..cc3927f901 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -205,7 +205,6 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *iv, int enc) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - unsigned char temp[CHACHA_CTR_SIZE]; if (!inkey && !iv) return 1; @@ -216,16 +215,21 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, actx->mac_inited = 0; actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; - /* pad on the left */ - memset(temp, 0, sizeof(temp)); - if (actx->nonce_len <= CHACHA_CTR_SIZE) - memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); + if (iv != NULL) { + unsigned char temp[CHACHA_CTR_SIZE] = { 0 }; - chacha_init_key(ctx, inkey, temp, enc); + /* pad on the left */ + if (actx->nonce_len <= CHACHA_CTR_SIZE) + memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); - actx->nonce[0] = actx->key.counter[1]; - actx->nonce[1] = actx->key.counter[2]; - actx->nonce[2] = actx->key.counter[3]; + chacha_init_key(ctx, inkey, temp, enc); + + actx->nonce[0] = actx->key.counter[1]; + actx->nonce[1] = actx->key.counter[2]; + actx->nonce[2] = actx->key.counter[3]; + } else { + chacha_init_key(ctx, inkey, NULL, enc); + } return 1; } |