Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix a NULL dereference in chacha20_poly1305_init_key() #1049

Closed
wants to merge 1 commit into from
Closed

Fix a NULL dereference in chacha20_poly1305_init_key() #1049

wants to merge 1 commit into from
+13 −9

Conversation

rhenium
Copy link
Contributor

@rhenium rhenium commented May 10, 2016

chacha20_poly1305_init_key() dereferences NULL when called with inkey != NULL && iv == NULL. This function is called by EVP_EncryptInit_ex() family, whose documentation allows setting key and iv in separate calls.

@rhenium
Fix a NULL dereference in chacha20_poly1305_init_key()
c149a78 
chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.
@levitte
Copy link
Member

levitte commented May 12, 2016

+1

@levitte levitte added this to the 1.1.0 milestone May 12, 2016
ghedo
ghedo reviewed May 13, 2016
View reviewed changes
crypto/evp/e_chacha20_poly1305.c
/* pad on the left */
memset(temp, 0, sizeof(temp));
if (actx->nonce_len <= CHACHA_CTR_SIZE)
memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of reindenting everything, a more minimal change would be:

if (iv == NULL) {
  chacha_init_key(ctx, inkey, NULL, enc);
  return 1;
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but I wanted to limit the scope of temp. If smaller diff is preferred I can change this :)

@mattcaswell
Copy link
Member

+1

@mattcaswell mattcaswell added the approval: done This pull request has the required number of approvals label May 18, 2016
@levitte
Copy link
Member

levitte commented May 18, 2016

Merged

@levitte levitte closed this May 18, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
approval: done This pull request has the required number of approvals
Projects
None yet
Milestone
1.1.0 - initial release
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@rhenium @levitte @mattcaswell @ghedo