chachapoly: force correct mode for integrated API

Allowing DECRYPT with crypt_and_tag is a risk as people might fail to check the tag correctly (or at all). So force them to use auth_decrypt() instead. See also https://github.com/ARMmbed/mbedtls/pull/1668
2018-06-04 12:18:19 +02:00 · 2018-06-04 12:18:19 +02:00 · 3dc62a0a9b
commit 3dc62a0a9b
parent 26c3b0a4b1
5 changed files with 53 additions and 54 deletions
--- a/library/cipher.c
+++ b/library/cipher.c
@ -992,8 +992,7 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
        }

        *olen = ilen;
-        return( mbedtls_chachapoly_crypt_and_tag( ctx->cipher_ctx,
-                                MBEDTLS_CHACHAPOLY_ENCRYPT,
+        return( mbedtls_chachapoly_encrypt_and_tag( ctx->cipher_ctx,
                                ilen, iv, ad, ad_len, input, output, tag ) );
    }
 #endif /* MBEDTLS_CHACHAPOLY_C */