Potential Panic on Overlong Ciphertext Buffer
| Details |
|
| Package |
libcrux-chacha20poly1305 |
| Version |
0.0.7 |
| URL |
cryspen/libcrux#1386 |
| Date |
2026-03-29 |
| Patched versions |
>=0.0.8 |
An application that passes in a ciphertext buffer of length greater
than ptxt.len() + TAG_LEN to libcrux_chacha20poly1305::encrypt or
libcrux_chacha20poly1305::xchacha20_poly1305::encrypt would
experience a panic.
Impact
An application where the length of the ciphertext buffer is under
attacker control could be made to crash.
Mitigation
The fix makes it so that libcrux_chacha20poly1305::encrypt and
libcrux_chacha20poly1305::xchacha20_poly1305::encrypt no longer
panic in this case, but instead write out the ciphertext and tag into
the first ptxt.len() + TAG_LEN bytes of the provided buffer.
See advisory page for additional details.
libcrux-chacha20poly13050.0.7>=0.0.8An application that passes in a ciphertext buffer of length greater
than
ptxt.len() + TAG_LENtolibcrux_chacha20poly1305::encryptorlibcrux_chacha20poly1305::xchacha20_poly1305::encryptwouldexperience a panic.
Impact
An application where the length of the ciphertext buffer is under
attacker control could be made to crash.
Mitigation
The fix makes it so that
libcrux_chacha20poly1305::encryptandlibcrux_chacha20poly1305::xchacha20_poly1305::encryptno longerpanic in this case, but instead write out the ciphertext and tag into
the first
ptxt.len() + TAG_LENbytes of the provided buffer.See advisory page for additional details.