aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-04-24 03:27:13 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-04-27 23:07:42 +0900
commit42d3bc06bec665e96e6eda02d13036e524975a4b (patch)
tree5cba3e92557dbfa8a380b05707580b747f7f04bf
parent7046ca938defcf8bc11b8f053a3f70a0c3a9766c (diff)
downloadruby-42d3bc06bec665e96e6eda02d13036e524975a4b.tar.gz
ext/openssl: avoid SEGV on Cipher.new("ChaCha20-Poly1305")
A temporary workaround. EVP_CipherInit_ex() allows to specify NULL to key and/or iv, however when we use ChaCha20-Poly1305 and set only key (this case), it does memcpy(x, NULL, y) and this causes a segmentation fault.
-rw-r--r--ext/openssl/ossl_cipher.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index e25871e..2c82e65 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -108,7 +108,17 @@ ossl_cipher_initialize(VALUE self, VALUE str)
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *cipher;
char *name;
- unsigned char key[EVP_MAX_KEY_LENGTH];
+ /*
+ * EVP_CipherInit_ex() allows to specify NULL to key and iv, however some
+ * ciphers unfortunately don't handle well. [Bug #2768]
+ *
+ * The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows
+ * uninitialized key, but other EVPs (such as AES) does not allow it.
+ * Calling EVP_CipherUpdate() without initializing key causes SEGV so we
+ * set the data filled with '\0' as the key by default.
+ */
+ unsigned char dummy_key[EVP_MAX_KEY_LENGTH] = { 0 };
+ unsigned char dummy_iv[EVP_MAX_IV_LENGTH] = { 0 };
name = StringValuePtr(str);
GetCipherInit(self, ctx);
@@ -119,14 +129,8 @@ ossl_cipher_initialize(VALUE self, VALUE str)
if (!(cipher = EVP_get_cipherbyname(name))) {
ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%s)", name);
}
- /*
- * The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows
- * uninitialized key, but other EVPs (such as AES) does not allow it.
- * Calling EVP_CipherUpdate() without initializing key causes SEGV so we
- * set the data filled with "\0" as the key by default.
- */
- memset(key, 0, EVP_MAX_KEY_LENGTH);
- if (EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, -1) != 1)
+
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, dummy_key, dummy_iv, -1) != 1)
ossl_raise(eCipherError, NULL);
return self;