From c525bb791873ecdcce59c0da4ceafc8f5f557b2f Mon Sep 17 00:00:00 2001 From: Kevin Jacobs Date: Thu, 24 Oct 2019 16:47:28 +0200 Subject: Add length checks for cryptographic primitives This rollup patch adds additional length checks around cryptographic primitives. --- security/nss/lib/freebl/chacha20poly1305.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'security/nss/lib/freebl/chacha20poly1305.c') diff --git a/security/nss/lib/freebl/chacha20poly1305.c b/security/nss/lib/freebl/chacha20poly1305.c index 302f0db9e..8fdaf3fec 100644 --- a/security/nss/lib/freebl/chacha20poly1305.c +++ b/security/nss/lib/freebl/chacha20poly1305.c @@ -234,6 +234,11 @@ ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, unsigned char *output, PORT_SetError(SEC_ERROR_OUTPUT_LEN); return SECFailure; } + // ChaCha has a 64 octet block, with a 32-bit block counter. + if (inputLen >= (1ULL << (6 + 32)) + ctx->tagLen) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } PORT_Memset(block, 0, sizeof(block)); // Generate a block of keystream. The first 32 bytes will be the poly1305 -- cgit v1.2.3