From 88de46b6ae013ad0d26337081eabf9c24090baa1 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 4 Aug 2014 20:15:07 -0700 Subject: [PATCH] Document the maximum number of bytes for crypto_stream_aes256estream*() abort() if these functions are misused. --- .../crypto_stream/aes256estream/hongjun/ecrypt-sync.h | 8 +++++++- .../include/sodium/crypto_stream_aes256estream.h | 8 +++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/libsodium/crypto_stream/aes256estream/hongjun/ecrypt-sync.h b/src/libsodium/crypto_stream/aes256estream/hongjun/ecrypt-sync.h index 23f2aeef..0e442dc6 100644 --- a/src/libsodium/crypto_stream/aes256estream/hongjun/ecrypt-sync.h +++ b/src/libsodium/crypto_stream/aes256estream/hongjun/ecrypt-sync.h @@ -3,6 +3,7 @@ #define __ECRYPT_SYNC__ #include +#include typedef uint8_t u8; typedef uint32_t u32; @@ -22,6 +23,11 @@ typedef struct ECRYPT_ctx #pragma pack(pop) #define ECRYPT_encrypt_bytes(ctx, plaintext, ciphertext, msglen) \ - ECRYPT_process_bytes(0, ctx, plaintext, ciphertext, msglen) + do { \ + if (msglen > 0xffffffff) { \ + abort(); \ + } \ + ECRYPT_process_bytes(0, ctx, plaintext, ciphertext, msglen); \ + } while(0) #endif diff --git a/src/libsodium/include/sodium/crypto_stream_aes256estream.h b/src/libsodium/include/sodium/crypto_stream_aes256estream.h index 27331d31..3fa46022 100644 --- a/src/libsodium/include/sodium/crypto_stream_aes256estream.h +++ b/src/libsodium/include/sodium/crypto_stream_aes256estream.h @@ -7,11 +7,13 @@ * provide any security against active attacks. * Furthermore, this implementation was not part of NaCl. * - * If you are looking for a stream cipher, you might consider crypto_stream_chacha20 - * or crypto_stream_(x)salsa20 which are timing-attack resistant instead. + * If you are looking for a stream cipher, you should consider crypto_stream_chacha20 + * or crypto_stream_(x)salsa20, which are timing-attacks resistant. * - * But unless you know what you're doing, what you are looking for is probably + * And unless you know what you're doing, what you are looking for is probably * the crypto_box or crypto_secretbox functions. + * + * The maximum number of bytes these functions can generate/encrypt is 2^32 - 1. */ #include