ChaCha20Poly1305 modifies output length on failure

RESOLVED FIXED in 3.45

Status

defect
P1
normal
RESOLVED FIXED
4 months ago
Last month

People

(Reporter: mt, Assigned: mt)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

Assignee

Description

4 months ago

I know that we make no promises about the state of outparams when operations fail, but generally we try to avoid touching outparam values unless things work.

CKM_NSS_CHACHA20_POLY1305 touches the length of the output when it fails. It probably shouldn't.

Assignee

Comment 1

4 months ago

This modifies the encrypt/decrypt paths to only modify their outparams
when the operation succeeds. I wasn't thorough, but the tests pass.

Assignee

Comment 2

4 months ago

As it happens, all of the encrypt/decrypt routines touched the outparam on failure. I've tweaked the code so that they don't.

Assignee: nobody → martin.thomson
Status: NEW → ASSIGNED
Priority: -- → P1

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:mt, could you have a look please?
For more information, please visit auto_nag documentation.

Flags: needinfo?(mt)
Assignee

Comment 4

Last month
Status: ASSIGNED → RESOLVED
Closed: Last month
Flags: needinfo?(mt)
Resolution: --- → FIXED
Target Milestone: --- → 3.45
You need to log in before you can comment on or make changes to this bug.