[PATCH 1/2] chacha20-poly1305: fix wrong en/decryption on large input buffers

Jussi Kivilinna jussi.kivilinna at iki.fi
Tue Mar 26 18:31:08 CET 2019


* cipher/chacha20.c (_gcry_chacha20_poly1305_encrypt)
(_gcry_chacha20_poly1305_decrypt): Correctly use 'currlen' for chacha20
on the non-stitched code path.
--

This patch fixes bug which was introduced by commit:
  "Add stitched ChaCha20-Poly1305 SSSE3 and AVX2 implementations"
  d6330dfb4b0e9fb3f8eef65ea13146060b804a97

Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
 0 files changed

diff --git a/cipher/chacha20.c b/cipher/chacha20.c
index eae4979cc..48fff6250 100644
--- a/cipher/chacha20.c
+++ b/cipher/chacha20.c
@@ -714,7 +714,7 @@ _gcry_chacha20_poly1305_encrypt(gcry_cipher_hd_t c, byte *outbuf,
       if (currlen > 24 * 1024)
 	currlen = 24 * 1024;
 
-      nburn = do_chacha20_encrypt_stream_tail (ctx, outbuf, inbuf, length);
+      nburn = do_chacha20_encrypt_stream_tail (ctx, outbuf, inbuf, currlen);
       burn = nburn > burn ? nburn : burn;
 
       nburn = _gcry_poly1305_update_burn (&c->u_mode.poly1305.ctx, outbuf,
@@ -838,7 +838,7 @@ _gcry_chacha20_poly1305_decrypt(gcry_cipher_hd_t c, byte *outbuf,
 					  currlen);
       burn = nburn > burn ? nburn : burn;
 
-      nburn = do_chacha20_encrypt_stream_tail (ctx, outbuf, inbuf, length);
+      nburn = do_chacha20_encrypt_stream_tail (ctx, outbuf, inbuf, currlen);
       burn = nburn > burn ? nburn : burn;
 
       outbuf += currlen;




More information about the Gcrypt-devel mailing list