From: Kazuki Yamaguchi Date: Tue, 10 May 2016 10:46:08 +0000 (+0900) Subject: Fix a NULL dereference in chacha20_poly1305_init_key() X-Git-Tag: OpenSSL_1_1_0-pre6~794 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d2dfd4820bf03b958bc9c3adafe0d3f112e54b2a;p=oweals%2Fopenssl.git Fix a NULL dereference in chacha20_poly1305_init_key() chacha20_poly1305_init_key() dereferences NULL when called with inkey != NULL && iv == NULL. This function is called by EVP_EncryptInit_ex() family, whose documentation allows setting key and iv in separate calls. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte --- diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index e3a0bef8c5..26fefd9781 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -164,7 +164,6 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *iv, int enc) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - unsigned char temp[CHACHA_CTR_SIZE]; if (!inkey && !iv) return 1; @@ -175,16 +174,21 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, actx->mac_inited = 0; actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; - /* pad on the left */ - memset(temp, 0, sizeof(temp)); - if (actx->nonce_len <= CHACHA_CTR_SIZE) - memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); + if (iv != NULL) { + unsigned char temp[CHACHA_CTR_SIZE] = { 0 }; - chacha_init_key(ctx, inkey, temp, enc); + /* pad on the left */ + if (actx->nonce_len <= CHACHA_CTR_SIZE) + memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); - actx->nonce[0] = actx->key.counter[1]; - actx->nonce[1] = actx->key.counter[2]; - actx->nonce[2] = actx->key.counter[3]; + chacha_init_key(ctx, inkey, temp, enc); + + actx->nonce[0] = actx->key.counter[1]; + actx->nonce[1] = actx->key.counter[2]; + actx->nonce[2] = actx->key.counter[3]; + } else { + chacha_init_key(ctx, inkey, NULL, enc); + } return 1; }