Closed Bug 1528174 Opened 4 years ago Closed 4 years ago

ChaCha20Poly1305 modifies output length on failure

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mt, Assigned: mt)

Details

Attachments

(1 file)

Bug 1528174 - Don't modify lengths if decryption/encryption fails, r?jcj
47 bytes, text/x-phabricator-request
Details | Review

I know that we make no promises about the state of outparams when operations fail, but generally we try to avoid touching outparam values unless things work.

CKM_NSS_CHACHA20_POLY1305 touches the length of the output when it fails. It probably shouldn't.

This modifies the encrypt/decrypt paths to only modify their outparams
when the operation succeeds. I wasn't thorough, but the tests pass.

As it happens, all of the encrypt/decrypt routines touched the outparam on failure. I've tweaked the code so that they don't.

Assignee: nobody → martin.thomson
Status: NEW → ASSIGNED
Priority: -- → P1

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:mt, could you have a look please?
For more information, please visit auto_nag documentation.

Flags: needinfo?(mt)

https://hg.mozilla.org/projects/nss/rev/a5f68e995e1e7c5be3bdc301d5caf949a694925f

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Flags: needinfo?(mt)
Resolution: --- → FIXED
Target Milestone: --- → 3.45
You need to log in before you can comment on or make changes to this bug.