Cast nonce bytes to avoid undefined behaviour when left shifting.

Reported by oss-fuzz, really fixes issue #13805. ok beck@ tb@
author: jsing <jsing@openbsd.org> 2019-03-27 15:34:01 +0000
committer: jsing <jsing@openbsd.org> 2019-03-27 15:34:01 +0000
commit: 24705918ca6c60dc1a511a81379fccc60fc46b6c (patch)
tree: 4eca4ce6cf857c409ff18b1edb3c6e1d38d46d9a
parent: Only perform position and memory checks on short form encoding (i.e. short (diff)
download: wireguard-openbsd-24705918ca6c60dc1a511a81379fccc60fc46b6c.tar.xz
wireguard-openbsd-24705918ca6c60dc1a511a81379fccc60fc46b6c.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libcrypto/evp/e_chacha20poly1305.c b/lib/libcrypto/evp/e_chacha20poly1305.c
index 2b9e7b11884..4fd92eb04e1 100644
--- a/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.20 2019/03/24 12:04:12 jsing Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.21 2019/03/27 15:34:01 jsing Exp $ */
 
 /*
  * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -221,8 +221,8 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
 		return 0;
 	}
 
-	ctr = (uint64_t)(nonce[0] | nonce[1] << 8 |
-	    nonce[2] << 16 | nonce[3] << 24) << 32;
+	ctr = (uint64_t)((uint32_t)(nonce[0]) | (uint32_t)(nonce[1]) << 8 |
+	    (uint32_t)(nonce[2]) << 16 | (uint32_t)(nonce[3]) << 24) << 32;
 	iv = nonce + CHACHA20_CONSTANT_LEN;
 
 	memset(poly1305_key, 0, sizeof(poly1305_key));
author	jsing <jsing@openbsd.org>	2019-03-27 15:34:01 +0000
committer	jsing <jsing@openbsd.org>	2019-03-27 15:34:01 +0000
commit	24705918ca6c60dc1a511a81379fccc60fc46b6c (patch)
tree	4eca4ce6cf857c409ff18b1edb3c6e1d38d46d9a
parent	Only perform position and memory checks on short form encoding (i.e. short (diff)
download	wireguard-openbsd-24705918ca6c60dc1a511a81379fccc60fc46b6c.tar.xz wireguard-openbsd-24705918ca6c60dc1a511a81379fccc60fc46b6c.zip