summaryrefslogtreecommitdiffstats
path: root/doc/man7
diff options
context:
space:
mode:
authorslontis <shane.lontis@oracle.com>2023-01-27 04:18:17 +0100
committerTomas Mraz <tomas@openssl.org>2023-01-30 09:48:50 +0100
commita01152370676e7e11fb461cff8628eb50fa41b81 (patch)
treed455f9b1995ccc694a6d771701bd674dd7447bd7 /doc/man7
parentQUIC Probes Support: Minor tweaks (diff)
downloadopenssl-a01152370676e7e11fb461cff8628eb50fa41b81.tar.xz
openssl-a01152370676e7e11fb461cff8628eb50fa41b81.zip
ChaCha20-Poly1305 no longer supports truncated IV's.
Fixes #20084 In the 3.0 provider implementation the generic code that handles IV's only allows a 12 byte IV. Older code intentionally added the ability for the IV to be truncated. As this truncation is unsafe, the documentation has been updated to state that this in no longer allowed. The code has been updated to produce an error when the iv length is set to any value other than 12. NOTE: It appears that this additional padding may have originated from the code which uses a 12 byte IV, that is then passed to CHACHA which zero pads it to 16 bytes. Note that legacy behaviour in e_chacha20_poly1305.c has not been updated. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20151)
Diffstat (limited to 'doc/man7')
-rw-r--r--doc/man7/migration_guide.pod8
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index e82471370f..ddfa81e13e 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -490,6 +490,14 @@ The function code part of the error code is now always set to 0. For that
reason the ERR_GET_FUNC() macro was removed. Applications must resolve
the error codes only using the library number and the reason code.
+=head4 ChaCha20-Poly1305 cipher does not allow a truncated IV length to be used
+
+In OpenSSL 3.0 setting the IV length to any value other than 12 will result in an
+error.
+Prior to OpenSSL 3.0 the ivlen could be smaller that the required 12 byte length,
+using EVP_CIPHER_CTX_ctrl(ctx, EVP_CRTL_AEAD_SET_IVLEN, ivlen, NULL). This resulted
+in an IV that had leading zero padding.
+
=head2 Installation and Compilation
Please refer to the INSTALL.md file in the top of the distribution for