From d2dfd4820bf03b958bc9c3adafe0d3f112e54b2a Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Tue, 10 May 2016 19:46:08 +0900 Subject: [PATCH] Fix a NULL dereference in chacha20_poly1305_init_key() chacha20_poly1305_init_key() dereferences NULL when called with inkey != NULL && iv == NULL. This function is called by EVP_EncryptInit_ex() family, whose documentation allows setting key and iv in separate calls. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte --- crypto/evp/e_chacha20_poly1305.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index e3a0bef8c5..26fefd9781 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -164,7 +164,6 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *iv, int enc) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - unsigned char temp[CHACHA_CTR_SIZE]; if (!inkey && !iv) return 1; @@ -175,16 +174,21 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, actx->mac_inited = 0; actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; - /* pad on the left */ - memset(temp, 0, sizeof(temp)); - if (actx->nonce_len <= CHACHA_CTR_SIZE) - memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); + if (iv != NULL) { + unsigned char temp[CHACHA_CTR_SIZE] = { 0 }; - chacha_init_key(ctx, inkey, temp, enc); + /* pad on the left */ + if (actx->nonce_len <= CHACHA_CTR_SIZE) + memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); - actx->nonce[0] = actx->key.counter[1]; - actx->nonce[1] = actx->key.counter[2]; - actx->nonce[2] = actx->key.counter[3]; + chacha_init_key(ctx, inkey, temp, enc); + + actx->nonce[0] = actx->key.counter[1]; + actx->nonce[1] = actx->key.counter[2]; + actx->nonce[2] = actx->key.counter[3]; + } else { + chacha_init_key(ctx, inkey, NULL, enc); + } return 1; } -- 2.25.1