diff options
| author | Benjamin Beurdouche <bbeurdouche@mozilla.com> | 2020-07-18 00:13:38 +0000 |
|---|---|---|
| committer | Benjamin Beurdouche <bbeurdouche@mozilla.com> | 2020-07-18 00:13:38 +0000 |
| commit | 6bfe896064abb065e8202b79105ef174e89484ec (patch) | |
| tree | 94a2d4a87898b063e4e131f75602890b071f0a0a | |
| parent | 7554bfbd7e9f442eb95709f3b7df0c02086730be (diff) | |
| download | nss-hg-NSS_3_53_BRANCH.tar.gz | |
Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyeaNSS_3_53_BRANCH
Differential Revision: https://phabricator.services.mozilla.com/D74801
| -rw-r--r-- | gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc | 11 | ||||
| -rw-r--r-- | lib/freebl/chacha20poly1305.c | 2 |
2 files changed, 10 insertions, 3 deletions
diff --git a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc index 41f9da71d..3ea17678d 100644 --- a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc +++ b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc @@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params), sizeof(aead_params)}; - // Encrypt with bad parameters. + // Encrypt with bad parameters (TagLen is too long). unsigned int encrypted_len = 0; std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen); aead_params.ulTagLen = 158072; @@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test &encrypted_len, encrypted.size(), data, data_len); EXPECT_EQ(SECFailure, rv); EXPECT_EQ(0U, encrypted_len); - aead_params.ulTagLen = 16; + + // Encrypt with bad parameters (TagLen is too short). + aead_params.ulTagLen = 2; + rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), + &encrypted_len, encrypted.size(), data, data_len); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, encrypted_len); // Encrypt. + aead_params.ulTagLen = 16; rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), &encrypted_len, encrypted.size(), data, data_len); diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c index 970c6436d..5c294a9ea 100644 --- a/lib/freebl/chacha20poly1305.c +++ b/lib/freebl/chacha20poly1305.c @@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, PORT_SetError(SEC_ERROR_BAD_KEY); return SECFailure; } - if (tagLen == 0 || tagLen > 16) { + if (tagLen != 16) { PORT_SetError(SEC_ERROR_INPUT_LEN); return SECFailure; } |