| |
| # HG changeset patch |
| # User Benjamin Beurdouche <bbeurdouche@mozilla.com> |
| # Date 1595031218 0 |
| # Node ID c25adfdfab34ddb08d3262aac3242e3399de1095 |
| # Parent f282556e6cc7715f5754aeaadda6f902590e7e38 |
| Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea |
| |
| Differential Revision: https://phabricator.services.mozilla.com/D74801 |
| |
| diff --git a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc |
| index a041947..a92c28a 100644 |
| --- a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc |
| +++ b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc |
| @@ -44,7 +44,15 @@ class Pkcs11ChaCha20Poly1305Test |
| SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params), |
| sizeof(aead_params)}; |
| |
| - // Encrypt. |
| + // Encrypt with bad parameters (TagLen is too short). |
| + aead_params.ulTagLen = 2; |
| + rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), |
| + &encrypted_len, encrypted.size(), data, data_len); |
| + EXPECT_EQ(SECFailure, rv); |
| + EXPECT_EQ(0U, encrypted_len); |
| + |
| + // Encrypt. |
| + aead_params.ulTagLen = 16; |
| unsigned int outputLen = 0; |
| std::vector<uint8_t> output(data_len + aead_params.ulTagLen); |
| SECStatus rv = PK11_Encrypt(key.get(), kMech, ¶ms, output.data(), |
| |
| diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c |
| --- a/lib/freebl/chacha20poly1305.c |
| +++ b/lib/freebl/chacha20poly1305.c |
| @@ -76,17 +76,17 @@ ChaCha20Poly1305_InitContext(ChaCha20Pol |
| { |
| #ifdef NSS_DISABLE_CHACHAPOLY |
| return SECFailure; |
| #else |
| if (keyLen != 32) { |
| PORT_SetError(SEC_ERROR_BAD_KEY); |
| return SECFailure; |
| } |
| - if (tagLen == 0 || tagLen > 16) { |
| + if (tagLen != 16) { |
| PORT_SetError(SEC_ERROR_INPUT_LEN); |
| return SECFailure; |
| } |
| |
| PORT_Memcpy(ctx->key, key, sizeof(ctx->key)); |
| ctx->tagLen = tagLen; |
| |
| return SECSuccess; |