Cast nonce bytes to avoid undefined behaviour when left shifting.

Reported by oss-fuzz, fixes issue #13805. ok beck@ tb@
author: jsing <> 2019-03-24 12:04:12 +0000
committer: jsing <> 2019-03-24 12:04:12 +0000
commit: 66f0e9952ce2ad50c63a44df282d6e217c1e9f84 (patch)
tree: edde61447761640e07971b6f2fd33a7bbf345548 /src
parent: d55e796350a82fa9fadd3c87685f7ed42561bdcb (diff)
download: openbsd-66f0e9952ce2ad50c63a44df282d6e217c1e9f84.tar.gz
openbsd-66f0e9952ce2ad50c63a44df282d6e217c1e9f84.tar.bz2
openbsd-66f0e9952ce2ad50c63a44df282d6e217c1e9f84.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c
index a5cf8a19f2..2b9e7b1188 100644
--- a/src/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.19 2019/01/22 00:59:21 dlg Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.20 2019/03/24 12:04:12 jsing Exp $ */
 /*
 * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -149,8 +149,8 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,
                return 0;
        }
-        ctr = (uint64_t)(nonce[0] | nonce[1] << 8 |
+        ctr = (uint64_t)((uint32_t)(nonce[0]) | (uint32_t)(nonce[1]) << 8 |
-            nonce[2] << 16 | nonce[3] << 24) << 32;
+            (uint32_t)(nonce[2]) << 16 | (uint32_t)(nonce[3]) << 24) << 32;
        iv = nonce + CHACHA20_CONSTANT_LEN;
        memset(poly1305_key, 0, sizeof(poly1305_key));
author	jsing <>	2019-03-24 12:04:12 +0000
committer	jsing <>	2019-03-24 12:04:12 +0000
commit	66f0e9952ce2ad50c63a44df282d6e217c1e9f84 (patch)
tree	edde61447761640e07971b6f2fd33a7bbf345548 /src
parent	d55e796350a82fa9fadd3c87685f7ed42561bdcb (diff)
download	openbsd-66f0e9952ce2ad50c63a44df282d6e217c1e9f84.tar.gz openbsd-66f0e9952ce2ad50c63a44df282d6e217c1e9f84.tar.bz2 openbsd-66f0e9952ce2ad50c63a44df282d6e217c1e9f84.zip

diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c index a5cf8a19f2..2b9e7b1188 100644 --- a/src/lib/libcrypto/evp/e_chacha20poly1305.c +++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_chacha20poly1305.c,v 1.19 2019/01/22 00:59:21 dlg Exp $ */	1	/* $OpenBSD: e_chacha20poly1305.c,v 1.20 2019/03/24 12:04:12 jsing Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>	4	* Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -149,8 +149,8 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX ctx, unsigned char out,
149	return 0;	149	return 0;
150	}	150	}
151		151
152	ctr = (uint64_t)(nonce[0] \| nonce[1] << 8 \|	152	ctr = (uint64_t)((uint32_t)(nonce[0]) \| (uint32_t)(nonce[1]) << 8 \|
153	nonce[2] << 16 \| nonce[3] << 24) << 32;	153	(uint32_t)(nonce[2]) << 16 \| (uint32_t)(nonce[3]) << 24) << 32;
154	iv = nonce + CHACHA20_CONSTANT_LEN;	154	iv = nonce + CHACHA20_CONSTANT_LEN;
155		155
156	memset(poly1305_key, 0, sizeof(poly1305_key));	156	memset(poly1305_key, 0, sizeof(poly1305_key));