chacha20/poly1305: make sure to clear the buffer at correct position

author Richard Levitte <levitte@openssl.org>

Fri, 4 Nov 2016 13:21:46 +0000 (14:21 +0100)

committer Matt Caswell <matt@openssl.org>

Thu, 10 Nov 2016 13:04:05 +0000 (13:04 +0000)
author Richard Levitte <levitte@openssl.org>
Fri, 4 Nov 2016 13:21:46 +0000 (14:21 +0100)
committer Matt Caswell <matt@openssl.org>
Thu, 10 Nov 2016 13:04:05 +0000 (13:04 +0000)
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c

index cf4097ba5daf1e231b2e75d8d8c32aa0de9df4fe..952bd3fca781196a595e43d70fb9a76c3fd072a7 100644 (file)
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -299,7 +299,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                  memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
              } else {
                  if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {
                  memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
              } else {
                  if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {
-                    memset(out, 0, plen);
+                    memset(out - plen, 0, plen);
                      return -1;
                  }
              }
                      return -1;
                  }
              }
author	Richard Levitte <levitte@openssl.org>
	Fri, 4 Nov 2016 13:21:46 +0000 (14:21 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 10 Nov 2016 13:04:05 +0000 (13:04 +0000)