[PATCH 1/2] chacha20-poly1305: fix wrong en/decryption on large input buffers
Jussi Kivilinna
jussi.kivilinna at iki.fi
Tue Mar 26 18:31:08 CET 2019
* cipher/chacha20.c (_gcry_chacha20_poly1305_encrypt)
(_gcry_chacha20_poly1305_decrypt): Correctly use 'currlen' for chacha20
on the non-stitched code path.
--
This patch fixes bug which was introduced by commit:
"Add stitched ChaCha20-Poly1305 SSSE3 and AVX2 implementations"
d6330dfb4b0e9fb3f8eef65ea13146060b804a97
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
0 files changed
diff --git a/cipher/chacha20.c b/cipher/chacha20.c
index eae4979cc..48fff6250 100644
--- a/cipher/chacha20.c
+++ b/cipher/chacha20.c
@@ -714,7 +714,7 @@ _gcry_chacha20_poly1305_encrypt(gcry_cipher_hd_t c, byte *outbuf,
if (currlen > 24 * 1024)
currlen = 24 * 1024;
- nburn = do_chacha20_encrypt_stream_tail (ctx, outbuf, inbuf, length);
+ nburn = do_chacha20_encrypt_stream_tail (ctx, outbuf, inbuf, currlen);
burn = nburn > burn ? nburn : burn;
nburn = _gcry_poly1305_update_burn (&c->u_mode.poly1305.ctx, outbuf,
@@ -838,7 +838,7 @@ _gcry_chacha20_poly1305_decrypt(gcry_cipher_hd_t c, byte *outbuf,
currlen);
burn = nburn > burn ? nburn : burn;
- nburn = do_chacha20_encrypt_stream_tail (ctx, outbuf, inbuf, length);
+ nburn = do_chacha20_encrypt_stream_tail (ctx, outbuf, inbuf, currlen);
burn = nburn > burn ? nburn : burn;
outbuf += currlen;
More information about the Gcrypt-devel
mailing list