Use the correct iv and counter when decrypting the ciphertext for

EVP_aead_chacha20_poly1305_ietf().
author: jsing <> 2016-04-13 13:25:05 +0000
committer: jsing <> 2016-04-13 13:25:05 +0000
commit: 2f38dbc6c741464b154dec17667a8abf7324e215 (patch)
tree: 7d92f7ef2c53bbc8eea86320825718ef38641177 /src
parent: 71026828638d42825ee60eebdd9136548b30d56c (diff)
download: openbsd-2f38dbc6c741464b154dec17667a8abf7324e215.tar.gz
openbsd-2f38dbc6c741464b154dec17667a8abf7324e215.tar.bz2
openbsd-2f38dbc6c741464b154dec17667a8abf7324e215.zip
2 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c
index 2eb9ab8c0e..f512837c32 100644
--- a/src/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.12 2015/11/02 15:43:55 reyk Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.13 2016/04/13 13:25:05 jsing Exp $ */
 /*
 * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -209,11 +209,11 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
        const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
        unsigned char mac[POLY1305_TAG_LEN];
        unsigned char poly1305_key[32];
-        const unsigned char *iv;
+        const unsigned char *iv = nonce;
        poly1305_state poly1305;
        const uint64_t in_len_64 = in_len;
        size_t plaintext_len;
-        uint64_t ctr;
+        uint64_t ctr = 0;
        if (in_len < c20_ctx->tag_len) {
                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
@@ -280,7 +280,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
                return 0;
        }
-        CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, nonce, 1);
+        CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, iv, ctr + 1);
        *out_len = plaintext_len;
        return 1;
 }
diff --git a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
index 2eb9ab8c0e..f512837c32 100644
--- a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.12 2015/11/02 15:43:55 reyk Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.13 2016/04/13 13:25:05 jsing Exp $ */
 /*
 * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -209,11 +209,11 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
        const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
        unsigned char mac[POLY1305_TAG_LEN];
        unsigned char poly1305_key[32];
-        const unsigned char *iv;
+        const unsigned char *iv = nonce;
        poly1305_state poly1305;
        const uint64_t in_len_64 = in_len;
        size_t plaintext_len;
-        uint64_t ctr;
+        uint64_t ctr = 0;
        if (in_len < c20_ctx->tag_len) {
                EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
@@ -280,7 +280,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
                return 0;
        }
-        CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, nonce, 1);
+        CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, iv, ctr + 1);
        *out_len = plaintext_len;
        return 1;
 }
author	jsing <>	2016-04-13 13:25:05 +0000
committer	jsing <>	2016-04-13 13:25:05 +0000
commit	2f38dbc6c741464b154dec17667a8abf7324e215 (patch)
tree	7d92f7ef2c53bbc8eea86320825718ef38641177 /src
parent	71026828638d42825ee60eebdd9136548b30d56c (diff)
download	openbsd-2f38dbc6c741464b154dec17667a8abf7324e215.tar.gz openbsd-2f38dbc6c741464b154dec17667a8abf7324e215.tar.bz2 openbsd-2f38dbc6c741464b154dec17667a8abf7324e215.zip

diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c index 2eb9ab8c0e..f512837c32 100644 --- a/src/lib/libcrypto/evp/e_chacha20poly1305.c +++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_chacha20poly1305.c,v 1.12 2015/11/02 15:43:55 reyk Exp $ */	1	/* $OpenBSD: e_chacha20poly1305.c,v 1.13 2016/04/13 13:25:05 jsing Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>	4	* Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -209,11 +209,11 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX ctx, unsigned char out,
209	const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;	209	const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
210	unsigned char mac[POLY1305_TAG_LEN];	210	unsigned char mac[POLY1305_TAG_LEN];
211	unsigned char poly1305_key[32];	211	unsigned char poly1305_key[32];
212	const unsigned char *iv;	212	const unsigned char *iv = nonce;
213	poly1305_state poly1305;	213	poly1305_state poly1305;
214	const uint64_t in_len_64 = in_len;	214	const uint64_t in_len_64 = in_len;
215	size_t plaintext_len;	215	size_t plaintext_len;
216	uint64_t ctr;	216	uint64_t ctr = 0;
217		217
218	if (in_len < c20_ctx->tag_len) {	218	if (in_len < c20_ctx->tag_len) {
219	EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);	219	EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
@@ -280,7 +280,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX ctx, unsigned char out,
280	return 0;	280	return 0;
281	}	281	}
282		282
283	CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, nonce, 1);	283	CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, iv, ctr + 1);
284	*out_len = plaintext_len;	284	*out_len = plaintext_len;
285	return 1;	285	return 1;
286	}	286	}


diff --git a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c index 2eb9ab8c0e..f512837c32 100644 --- a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c +++ b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_chacha20poly1305.c,v 1.12 2015/11/02 15:43:55 reyk Exp $ */	1	/* $OpenBSD: e_chacha20poly1305.c,v 1.13 2016/04/13 13:25:05 jsing Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>	4	* Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -209,11 +209,11 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX ctx, unsigned char out,
209	const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;	209	const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
210	unsigned char mac[POLY1305_TAG_LEN];	210	unsigned char mac[POLY1305_TAG_LEN];
211	unsigned char poly1305_key[32];	211	unsigned char poly1305_key[32];
212	const unsigned char *iv;	212	const unsigned char *iv = nonce;
213	poly1305_state poly1305;	213	poly1305_state poly1305;
214	const uint64_t in_len_64 = in_len;	214	const uint64_t in_len_64 = in_len;
215	size_t plaintext_len;	215	size_t plaintext_len;
216	uint64_t ctr;	216	uint64_t ctr = 0;
217		217
218	if (in_len < c20_ctx->tag_len) {	218	if (in_len < c20_ctx->tag_len) {
219	EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);	219	EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT);
@@ -280,7 +280,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX ctx, unsigned char out,
280	return 0;	280	return 0;
281	}	281	}
282		282
283	CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, nonce, 1);	283	CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, iv, ctr + 1);
284	*out_len = plaintext_len;	284	*out_len = plaintext_len;
285	return 1;	285	return 1;
286	}	286	}