]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a07dc81)
Fix TLS1.2 CHACHA20-POLY1305 ciphersuites with OPENSSL_SMALL_FOOTPRINT
authorMatt Caswell <matt@openssl.org>
Wed, 25 Nov 2020 15:18:15 +0000 (15:18 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 30 Nov 2020 10:37:14 +0000 (10:37 +0000)
If OPENSSL_SMALL_FOOTPRINT was defined then the CHACHA20-POLY1305
implementation for TLS went down a different codepath that failed to
adjust the payload length to remove the tag.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13513)

providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c patch | blob | blame | history

diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
index 8bbae6529a9dc41810a7924dd0d7e55a812796a5..65f0fe1ee88016febfac484c1b92a80d1ca9cb7d 100644 (file)
--- a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
+++ b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
@@ -120,9 +120,6 @@ static int chacha20_poly1305_tls_cipher(PROV_CIPHER_CTX *bctx,
 
     DECLARE_IS_ENDIAN;
 
-    if (len != plen + POLY1305_BLOCK_SIZE)
-        return 0;
-
     buf = storage + ((0 - (size_t)storage) & 15);   /* align */
     ctr = buf + CHACHA_BLK_SIZE;
     tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE;
@@ -274,11 +271,14 @@ static int chacha20_poly1305_aead_cipher(PROV_CIPHER_CTX *bctx,
     DECLARE_IS_ENDIAN;
 
     if (!ctx->mac_inited) {
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
         if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL) {
+            if (inl != plen + POLY1305_BLOCK_SIZE)
+                return 0;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
             return chacha20_poly1305_tls_cipher(bctx, out, outl, in, inl);
-        }
 #endif
+        }
+
         ctx->chacha.counter[0] = 0;
         ChaCha20_ctr32(ctx->chacha.buf, zero, CHACHA_BLK_SIZE,
                        ctx->chacha.key.d, ctx->chacha.counter);
@@ -375,6 +375,8 @@ static int chacha20_poly1305_aead_cipher(PROV_CIPHER_CTX *bctx,
                     memset(out - plen, 0, plen);
                     goto err;
                 }
+                /* Strip the tag */
+                inl -= POLY1305_BLOCK_SIZE;
             }
         }
         else if (!bctx->enc) {
Mirror of https://github.com/openssl/openssl.git