diff options
author | slontis <shane.lontis@oracle.com> | 2023-01-27 13:18:17 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-01-30 09:48:50 +0100 |
commit | a01152370676e7e11fb461cff8628eb50fa41b81 (patch) | |
tree | d455f9b1995ccc694a6d771701bd674dd7447bd7 /test | |
parent | 2477e99f1055194902dc4864124316ea57ac3efa (diff) | |
download | openssl-new-a01152370676e7e11fb461cff8628eb50fa41b81.tar.gz |
ChaCha20-Poly1305 no longer supports truncated IV's.
Fixes #20084
In the 3.0 provider implementation the generic code that handles IV's
only allows a 12 byte IV. Older code intentionally added the ability for
the IV to be truncated.
As this truncation is unsafe, the documentation has been updated to
state that this in no longer allowed. The code has been updated to
produce an error when the iv length is set to any value other than 12.
NOTE: It appears that this additional padding may have originated from the code
which uses a 12 byte IV, that is then passed to CHACHA which zero pads it to 16 bytes.
Note that legacy behaviour in e_chacha20_poly1305.c has not been
updated.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20151)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/30-test_evp_data/evpciph_chacha.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/test/recipes/30-test_evp_data/evpciph_chacha.txt b/test/recipes/30-test_evp_data/evpciph_chacha.txt index 3315a66f33..f283b240f3 100644 --- a/test/recipes/30-test_evp_data/evpciph_chacha.txt +++ b/test/recipes/30-test_evp_data/evpciph_chacha.txt @@ -153,6 +153,16 @@ Tag = eead9d67890cbb22392336fea1851f38 Plaintext = 496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d Ciphertext = 64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b +# Test that a truncated IV is no longer allowed (since 3.0) +# This is the same test as above with the leading zeros stripped from the IV +Cipher = chacha20-poly1305 +Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 +IV = 0102030405060708 +AAD = f33388860000000000004e91 +Tag = eead9d67890cbb22392336fea1851f38 +Plaintext = 496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d +Result = INVALID_IV_LENGTH + Cipher = chacha20-poly1305 Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 IV = 000000000102030405060708 |