From 632249f81a60f3741d7c13a96e3c7e0d368519f6 Mon Sep 17 00:00:00 2001
From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
Date: Sat, 18 Jul 2020 00:13:38 +0000
Subject: [PATCH] Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by
 PKCS11. r=jcj,kjacobs,rrelyea

Differential Revision: https://phabricator.services.mozilla.com/D74801

--HG--
branch : NSS_3_53_BRANCH
extra : transplant_source : %A5%E8.%40%F0%3E%24%94%1EX%90%FB%B0%05n%E9%0C%0A%40%26
---
 gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc | 11 +++++++++--
 lib/freebl/chacha20poly1305.c                       |  2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
index 41f9da71d6..3ea17678d9 100644
--- a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+++ b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
@@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test
     SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
                       sizeof(aead_params)};
 
-    // Encrypt with bad parameters.
+    // Encrypt with bad parameters (TagLen is too long).
     unsigned int encrypted_len = 0;
     std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
     aead_params.ulTagLen = 158072;
@@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test
                      &encrypted_len, encrypted.size(), data, data_len);
     EXPECT_EQ(SECFailure, rv);
     EXPECT_EQ(0U, encrypted_len);
-    aead_params.ulTagLen = 16;
+
+    // Encrypt with bad parameters (TagLen is too short).
+    aead_params.ulTagLen = 2;
+    rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
+                      &encrypted_len, encrypted.size(), data, data_len);
+    EXPECT_EQ(SECFailure, rv);
+    EXPECT_EQ(0U, encrypted_len);
 
     // Encrypt.
+    aead_params.ulTagLen = 16;
     rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
                       &encrypted_len, encrypted.size(), data, data_len);
 
diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c
index 970c6436da..5c294a9eaf 100644
--- a/lib/freebl/chacha20poly1305.c
+++ b/lib/freebl/chacha20poly1305.c
@@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
         PORT_SetError(SEC_ERROR_BAD_KEY);
         return SECFailure;
     }
-    if (tagLen == 0 || tagLen > 16) {
+    if (tagLen != 16) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }