diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2021-01-12 16:53:33 +0100 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2021-01-13 18:04:28 +0100 |
commit | 8bc5b0a570c8a2c9886a3cae9dea2016d510578d (patch) | |
tree | b6bc6585b820c310478687eb38357948960cfa2f /providers | |
parent | 2ed63033e46953d0d95ff100c1334da7cc32c49b (diff) |
chacha20: Properly reinitialize the cipher context with NULL key
Same for chacha20-poly1305.
The test_cipher_reinit and test_cipher_reinit_partialupdate is modified
to test this case of cipher context reinitialization.
Fixes #13064
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13850)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/ciphers/cipher_chacha20_hw.c | 1 | ||||
-rw-r--r-- | providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/providers/implementations/ciphers/cipher_chacha20_hw.c b/providers/implementations/ciphers/cipher_chacha20_hw.c index 06cb6b12d3..4ce4af0906 100644 --- a/providers/implementations/ciphers/cipher_chacha20_hw.c +++ b/providers/implementations/ciphers/cipher_chacha20_hw.c @@ -34,6 +34,7 @@ static int chacha20_initiv(PROV_CIPHER_CTX *bctx) for (i = 0; i < CHACHA_CTR_SIZE; i += 4) ctx->counter[i / 4] = CHACHA_U8TOU32(bctx->oiv + i); } + ctx->partial_len = 0; return 1; } diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c index 65f0fe1ee8..55a57de726 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c @@ -79,6 +79,12 @@ static int chacha20_poly1305_initiv(PROV_CIPHER_CTX *bctx) unsigned char tempiv[CHACHA_CTR_SIZE] = { 0 }; int ret = 1; + ctx->len.aad = 0; + ctx->len.text = 0; + ctx->aad = 0; + ctx->mac_inited = 0; + ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + /* pad on the left */ if (ctx->nonce_len <= CHACHA_CTR_SIZE) { memcpy(tempiv + CHACHA_CTR_SIZE - ctx->nonce_len, bctx->oiv, |