FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- ChaCha20-Poly1305 nonce vulnerability

Affected packages
openssl111 < 1.1.1b_1


VuXML ID e56f2f7c-410e-11e9-b95c-b499baebfeaf
Discovery 2019-03-06
Entry 2019-03-07

The OpenSSL project reports:

Low: ChaCha20-Poly1305 with long nonces (CVE-2019-1543)

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored.


CVE Name CVE-2019-1543