From e949ae5aa1fd25d4d11fe31e30b7d82ae7778dc2 Mon Sep 17 00:00:00 2001 From: vnugent Date: Mon, 5 Aug 2024 18:01:03 -0400 Subject: fix: Find and fix openssl encryption bug --- src/providers/bcrypt.c | 2 +- src/providers/mbedtls.c | 2 +- src/providers/monocypher.c | 2 +- src/providers/openssl.c | 21 ++++++++++++++++++--- 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/src/providers/bcrypt.c b/src/providers/bcrypt.c index 2b9ba52..b9c370b 100644 --- a/src/providers/bcrypt.c +++ b/src/providers/bcrypt.c @@ -2,7 +2,7 @@ * Copyright (c) 2024 Vaughn Nugent * * Package: noscrypt -* File: impl/bcrypt.c +* File: providers/bcrypt.c * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License diff --git a/src/providers/mbedtls.c b/src/providers/mbedtls.c index 8479380..ead3279 100644 --- a/src/providers/mbedtls.c +++ b/src/providers/mbedtls.c @@ -2,7 +2,7 @@ * Copyright (c) 2024 Vaughn Nugent * * Package: noscrypt -* File: mbedtls.c +* File: providers/mbedtls.c * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License diff --git a/src/providers/monocypher.c b/src/providers/monocypher.c index 8ffe048..c35f63e 100644 --- a/src/providers/monocypher.c +++ b/src/providers/monocypher.c @@ -2,7 +2,7 @@ * Copyright (c) 2024 Vaughn Nugent * * Package: noscrypt -* File: impl/monocypher.c +* File: providers/monocypher.c * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License diff --git a/src/providers/openssl.c b/src/providers/openssl.c index 7f405ef..90f2fa9 100644 --- a/src/providers/openssl.c +++ b/src/providers/openssl.c @@ -2,7 +2,7 @@ * Copyright (c) 2024 Vaughn Nugent * * Package: noscrypt -* File: impl/openssl.c +* File: providers/openssl.c * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -290,7 +290,10 @@ DEBUG_ASSERT2(ncSpanGetSize(output) <= ncSpanGetSizeC(input), "Output buffer must be equal or larger than the input buffer"); DEBUG_ASSERT(cipher != NULL); - result = CSTATUS_FAIL; + DEBUG_ASSERT((uint32_t)EVP_CIPHER_get_key_length(cipher) == ncSpanGetSizeC(key)); + DEBUG_ASSERT((uint32_t)EVP_CIPHER_iv_length(cipher) == ncSpanGetSizeC(iv)); + + result = CSTATUS_FAIL; ctx = EVP_CIPHER_CTX_new(); @@ -356,13 +359,25 @@ { cstatus_t result; EVP_CIPHER* cipher; + uint8_t chaChaIv[CHACHA_NONCE_SIZE + 4]; cspan_t keySpan, nonceSpan, inputSpan; span_t outputSpan; result = CSTATUS_FAIL; + /* + * RFC 7539 ChaCha20 requires a 16 byte initialization vector. A + * counter value is preprended to the nonce to make up the 16 byte + * size. + * + * The counter is always set to 0 for the nonce. + */ + + ncCryptoSecureZero(chaChaIv, sizeof(chaChaIv)); + MEMMOV(chaChaIv + 4, nonce, CHACHA_NONCE_SIZE); + ncSpanInitC(&keySpan, key, CHACHA_KEY_SIZE); - ncSpanInitC(&nonceSpan, nonce, CHACHA_NONCE_SIZE); + ncSpanInitC(&nonceSpan, chaChaIv, sizeof(chaChaIv)); ncSpanInitC(&inputSpan, input, dataLen); ncSpanInit(&outputSpan, output, dataLen); -- cgit