Commit 99d97842 authored by Richard Levitte's avatar Richard Levitte Committed by Matt Caswell
Browse files

chacha20/poly1305: make sure to clear the buffer at correct position 



The offset to the memory to clear was incorrect, causing a heap buffer
overflow.

CVE-2016-7054

Thanks to Robert Święcki for reporting this

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(cherry picked from commit b8e4011fb26364e44230946b87ab38cc1c719aae)
parent 53c6cbf6

crypto/evp/e_chacha20_poly1305.c

+1 −1
Original line number Diff line number Diff line
@@ -299,7 +299,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
                memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);

            } else {

                if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {

                    memset(out, 0, plen);

                    memset(out - plen, 0, plen);

                    return -1;

                }

            }