[PATCH 0/2] Fixes for gcry_cipher_gettag crashes

Peter Wu peter at lekensteyn.nl
Wed Mar 23 03:45:19 CET 2016


As reported earlier[1], some modes can result in a buffer overrun when
improperly used. These patches avoid relying on the user-supplied input.

Poly1305 was introduced this cycle (1.7.0), but GCM was introduced in 1.6.0.
Maybe a backport is appropriate?

One crash is not fixed, that is the crash when setkey is not invoked before
using the GCM ciphers (introduced in the 1.7.0 cycle). Either these functions
should check that the key is present, or they should initialize the ghash table
earlier. Affected functions:

    (via _gcry_cipher_gcm_setiv)
    (via _gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag)

Kind regards,

 [1]: https://lists.gnupg.org/pipermail/gcrypt-devel/2016-March/003753.html

Peter Wu (2):
  Fix buffer overrun in gettag for GCM
  Fix buffer overrun in gettag for Poly1305

 cipher/cipher-gcm.c      | 4 ++--
 cipher/cipher-poly1305.c | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)


More information about the Gcrypt-devel mailing list