From: Matt Caswell <matt@openssl.org>
Date: Fri, 19 Jun 2020 16:26:49 +0000 (+0100)
Subject: Change ChaCha20-Poly1305 to be consistent with out ciphers
X-Git-Tag: openssl-3.0.0-alpha5~75
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27d4c840fc399fe0d4550a5b88e91ecca887d1a4;p=thirdparty%2Fopenssl.git

Change ChaCha20-Poly1305 to be consistent with out ciphers

Other ciphers return the length of the Payload for TLS as a result of an
EVP_DecryptUpdate() operation - but  ChaCha20-Poly1305 did not. We change
it so that it does.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
---

diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305.c b/providers/implementations/ciphers/cipher_chacha20_poly1305.c
index c34ef320ab7..3fa4684125e 100644
--- a/providers/implementations/ciphers/cipher_chacha20_poly1305.c
+++ b/providers/implementations/ciphers/cipher_chacha20_poly1305.c
@@ -275,7 +275,6 @@ static int chacha20_poly1305_cipher(void *vctx, unsigned char *out,
     if (!hw->aead_cipher(ctx, out, outl, in, inl))
         return 0;
 
-    *outl = inl;
     return 1;
 }
 
diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
index 74b8fb65860..70ffaf1588b 100644
--- a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
+++ b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
@@ -252,6 +252,8 @@ static int chacha20_poly1305_tls_cipher(PROV_CIPHER_CTX *bctx,
                        len - POLY1305_BLOCK_SIZE);
             return 0;
         }
+        /* Strip the tag */
+        len -= POLY1305_BLOCK_SIZE;
     }
 
     *out_padlen = len;