mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
47d905fdc6
openssl/providers/implementations/ciphers/cipher_chacha20_poly1305.h
slontis a011523706 ChaCha20-Poly1305 no longer supports truncated IV's. 
Fixes #20084

In the 3.0 provider implementation the generic code that handles IV's
only allows a 12 byte IV. Older code intentionally added the ability for
the IV to be truncated.
As this truncation is unsafe, the documentation has been updated to
state that this in no longer allowed. The code has been updated to
produce an error when the iv length is set to any value other than 12.

NOTE: It appears that this additional padding may have originated from the code
which uses a 12 byte IV, that is then passed to CHACHA which zero pads it to 16 bytes.

Note that legacy behaviour in e_chacha20_poly1305.c has not been
updated.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20151)
2023-01-30 09:48:50 +01:00

44 lines
1.5 KiB
C
Raw Blame History

/*
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Dispatch functions for chacha20_poly1305 cipher */
#include "include/crypto/poly1305.h"
#include "cipher_chacha20.h"
#define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
#define CHACHA20_POLY1305_IVLEN 12
typedef struct {
PROV_CIPHER_CTX base; /* must be first */
PROV_CHACHA20_CTX chacha;
POLY1305 poly1305;
unsigned int nonce[12 / 4];
unsigned char tag[POLY1305_BLOCK_SIZE];
unsigned char tls_aad[POLY1305_BLOCK_SIZE];
struct { uint64_t aad, text; } len;
unsigned int aad : 1;
unsigned int mac_inited : 1;
size_t tag_len;
size_t tls_payload_length;
size_t tls_aad_pad_sz;
} PROV_CHACHA20_POLY1305_CTX;
typedef struct prov_cipher_hw_chacha_aead_st {
PROV_CIPHER_HW base; /* must be first */
int (*aead_cipher)(PROV_CIPHER_CTX *dat, unsigned char *out, size_t *outl,
const unsigned char *in, size_t len);
int (*initiv)(PROV_CIPHER_CTX *ctx);
int (*tls_init)(PROV_CIPHER_CTX *ctx, unsigned char *aad, size_t alen);
int (*tls_iv_set_fixed)(PROV_CIPHER_CTX *ctx, unsigned char *fixed,
size_t flen);
} PROV_CIPHER_HW_CHACHA20_POLY1305;
const PROV_CIPHER_HW *ossl_prov_cipher_hw_chacha20_poly1305(size_t keybits);
Reference in New Issue View Git Blame Copy Permalink