Avoid crash in ChaCha20+Salsa if set_iv called without a key set

author: Jack Lloyd <[email protected]> 2018-08-07 15:41:54 -0400
committer: Jack Lloyd <[email protected]> 2018-08-07 15:41:54 -0400
commit: a57b21d0b949ddcd88583c79bc689b90f34c563f (patch)
tree: 166c09f0baf257c9a2ceffebd0045f25c52b5e41 /src/tests/test_stream.cpp
parent: 7c7da02d9f044c09b4b91fed7f5a1e407658cb9b (diff)
1 files changed, 20 insertions, 18 deletions
diff --git a/src/tests/test_stream.cpp b/src/tests/test_stream.cpp
index 1f26a5cfd..63ea9a9bf 100644
--- a/src/tests/test_stream.cpp
+++ b/src/tests/test_stream.cpp
@@ -82,6 +82,19 @@ class Stream_Cipher_Tests final : public Text_Based_Test
                result.test_success("Trying to seek failed because not implemented");
                }
 
+            if(!cipher->valid_iv_length(nonce.size()))
+               {
+               throw Test_Error("Invalid nonce for " + algo);
+               }
+
+            bool accepted_nonce_early = false;
+            try
+               {
+               cipher->set_iv(nonce.data(), nonce.size());
+               accepted_nonce_early = true;
+               }
+            catch(Botan::Invalid_State&) {}
+
             cipher->set_key(key);
 
             /*
@@ -93,27 +106,16 @@ class Stream_Cipher_Tests final : public Text_Based_Test
             result.test_throws("Throws if invalid nonce size given",
                                [&]() { cipher->set_iv(nullptr, large_nonce_size); });
 
-            if(nonce.size())
+            /*
+            If the set_nonce call earlier succeded, then we require that it also
+            worked (ie saved the nonce for later use) even though the key was
+            not set. So, don't set the nonce now, to ensure the previous call
+            had an effect.
+            */
+            if(accepted_nonce_early == false)
                {
-               if(!cipher->valid_iv_length(nonce.size()))
-                  {
-                  throw Test_Error("Invalid nonce for " + algo);
-                  }
                cipher->set_iv(nonce.data(), nonce.size());
                }
-            else
-               {
-               /*
-               * If no nonce was set then implicitly the cipher is using a
-               * null/empty nonce. Call set_iv with such a nonce to make sure
-               * set_iv accepts it.
-               */
-               if(!cipher->valid_iv_length(0))
-                  {
-                  throw Test_Error("Stream cipher " + algo + " requires nonce but none provided");
-                  }
-               cipher->set_iv(nullptr, 0);
-               }
 
             if(seek != 0)
                {
author	Jack Lloyd <[email protected]>	2018-08-07 15:41:54 -0400
committer	Jack Lloyd <[email protected]>	2018-08-07 15:41:54 -0400
commit	a57b21d0b949ddcd88583c79bc689b90f34c563f (patch)
tree	166c09f0baf257c9a2ceffebd0045f25c52b5e41 /src/tests/test_stream.cpp
parent	7c7da02d9f044c09b4b91fed7f5a1e407658cb9b (diff)