diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-10 19:46:08 +0900 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2016-05-18 11:08:55 +0200 |
commit | d2dfd4820bf03b958bc9c3adafe0d3f112e54b2a (patch) | |
tree | 198395600c2857b2b1687a8187876079aa912ae4 | |
parent | b6cff313cbb1d0381b329fe4f6a8f009cdb270e4 (diff) | |
download | openssl-d2dfd4820bf03b958bc9c3adafe0d3f112e54b2a.tar.gz |
Fix a NULL dereference in chacha20_poly1305_init_key()
chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
-rw-r--r-- | crypto/evp/e_chacha20_poly1305.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index e3a0bef8c5..26fefd9781 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -164,7 +164,6 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *iv, int enc) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - unsigned char temp[CHACHA_CTR_SIZE]; if (!inkey && !iv) return 1; @@ -175,16 +174,21 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, actx->mac_inited = 0; actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; - /* pad on the left */ - memset(temp, 0, sizeof(temp)); - if (actx->nonce_len <= CHACHA_CTR_SIZE) - memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); + if (iv != NULL) { + unsigned char temp[CHACHA_CTR_SIZE] = { 0 }; - chacha_init_key(ctx, inkey, temp, enc); + /* pad on the left */ + if (actx->nonce_len <= CHACHA_CTR_SIZE) + memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); - actx->nonce[0] = actx->key.counter[1]; - actx->nonce[1] = actx->key.counter[2]; - actx->nonce[2] = actx->key.counter[3]; + chacha_init_key(ctx, inkey, temp, enc); + + actx->nonce[0] = actx->key.counter[1]; + actx->nonce[1] = actx->key.counter[2]; + actx->nonce[2] = actx->key.counter[3]; + } else { + chacha_init_key(ctx, inkey, NULL, enc); + } return 1; } |