Browse Source

Fix a NULL dereference in chacha20_poly1305_init_key()

chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
master
Kazuki Yamaguchi 6 years ago
committed by Richard Levitte
parent
commit
d2dfd4820b
1 changed files with 13 additions and 9 deletions
  1. +13
    -9
      crypto/evp/e_chacha20_poly1305.c

+ 13
- 9
crypto/evp/e_chacha20_poly1305.c View File

@ -164,7 +164,6 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *iv, int enc)
{
EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
unsigned char temp[CHACHA_CTR_SIZE];
if (!inkey && !iv)
return 1;
@ -175,16 +174,21 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
actx->mac_inited = 0;
actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
/* pad on the left */
memset(temp, 0, sizeof(temp));
if (actx->nonce_len <= CHACHA_CTR_SIZE)
memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);
if (iv != NULL) {
unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
chacha_init_key(ctx, inkey, temp, enc);
/* pad on the left */
if (actx->nonce_len <= CHACHA_CTR_SIZE)
memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);
actx->nonce[0] = actx->key.counter[1];
actx->nonce[1] = actx->key.counter[2];
actx->nonce[2] = actx->key.counter[3];
chacha_init_key(ctx, inkey, temp, enc);
actx->nonce[0] = actx->key.counter[1];
actx->nonce[1] = actx->key.counter[2];
actx->nonce[2] = actx->key.counter[3];
} else {
chacha_init_key(ctx, inkey, NULL, enc);
}
return 1;
}


Loading…
Cancel
Save