diff options
author | Matt Caswell <matt@openssl.org> | 2020-11-25 15:18:15 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-11-30 10:37:14 +0000 |
commit | 9327b5c9c9e3a1b18e5b52491dc438d1e28b5e40 (patch) | |
tree | 78963d2d5d182bea82e353f75d10f06125cb586a /providers | |
parent | a07dc8167ba79efe739fef18d7e2ef823bef16c9 (diff) |
Fix TLS1.2 CHACHA20-POLY1305 ciphersuites with OPENSSL_SMALL_FOOTPRINT
If OPENSSL_SMALL_FOOTPRINT was defined then the CHACHA20-POLY1305
implementation for TLS went down a different codepath that failed to
adjust the payload length to remove the tag.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13513)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c index 8bbae6529a..65f0fe1ee8 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c @@ -120,9 +120,6 @@ static int chacha20_poly1305_tls_cipher(PROV_CIPHER_CTX *bctx, DECLARE_IS_ENDIAN; - if (len != plen + POLY1305_BLOCK_SIZE) - return 0; - buf = storage + ((0 - (size_t)storage) & 15); /* align */ ctr = buf + CHACHA_BLK_SIZE; tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE; @@ -274,11 +271,14 @@ static int chacha20_poly1305_aead_cipher(PROV_CIPHER_CTX *bctx, DECLARE_IS_ENDIAN; if (!ctx->mac_inited) { -#if !defined(OPENSSL_SMALL_FOOTPRINT) if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL) { + if (inl != plen + POLY1305_BLOCK_SIZE) + return 0; +#if !defined(OPENSSL_SMALL_FOOTPRINT) return chacha20_poly1305_tls_cipher(bctx, out, outl, in, inl); - } #endif + } + ctx->chacha.counter[0] = 0; ChaCha20_ctr32(ctx->chacha.buf, zero, CHACHA_BLK_SIZE, ctx->chacha.key.d, ctx->chacha.counter); @@ -375,6 +375,8 @@ static int chacha20_poly1305_aead_cipher(PROV_CIPHER_CTX *bctx, memset(out - plen, 0, plen); goto err; } + /* Strip the tag */ + inl -= POLY1305_BLOCK_SIZE; } } else if (!bctx->enc) { |