Commit d2dfd482 authored by Kazuki Yamaguchi's avatar Kazuki Yamaguchi Committed by Richard Levitte
Browse files

Fix a NULL dereference in chacha20_poly1305_init_key() 



chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent b6cff313

crypto/evp/e_chacha20_poly1305.c

+13 −9
Original line number Diff line number Diff line
@@ -164,7 +164,6 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, 
                                      const unsigned char *iv, int enc)

{

    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);

    unsigned char temp[CHACHA_CTR_SIZE];



    if (!inkey && !iv)

        return 1;
@@ -175,8 +174,10 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, 
    actx->mac_inited = 0;

    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;



    if (iv != NULL) {

        unsigned char temp[CHACHA_CTR_SIZE] = { 0 };



        /* pad on the left */

    memset(temp, 0, sizeof(temp));

        if (actx->nonce_len <= CHACHA_CTR_SIZE)

            memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len);
@@ -185,6 +186,9 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, 
        actx->nonce[0] = actx->key.counter[1];

        actx->nonce[1] = actx->key.counter[2];

        actx->nonce[2] = actx->key.counter[3];

    } else {

        chacha_init_key(ctx, inkey, NULL, enc);

    }



    return 1;

}