summaryrefslogtreecommitdiff
path: root/lib/libcrypto/evp
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2024-05-22 14:02:09 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2024-05-22 14:02:09 +0000
commit8da0e94aed59235f3ae48ebe68440549e4691e71 (patch)
treec95b6135039af343259d88dcc4cc1a0fd9e77360 /lib/libcrypto/evp
parentcaf8dbeaff1c2bef353357eff20f47dd59e984d2 (diff)
Fix in-place decryption for EVP_chacha20_poly1305()
Take the MAC before clobbering the input value on decryption. Fixes hangs during the QUIC handshake with HAProxy using TLS_CHACHA20_POLY1305_SHA256. Found, issue pinpointed, and initial fix tested by Lucas Gabriel Vuotto: Let me take this opportunity to thank the HAProxy team for going out of their way to keep supporting LibreSSL. It's much appreciated. See https://github.com/haproxy/haproxy/issues/2569 tweak/ok jsing
Diffstat (limited to 'lib/libcrypto/evp')
-rw-r--r--lib/libcrypto/evp/e_chacha20poly1305.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libcrypto/evp/e_chacha20poly1305.c b/lib/libcrypto/evp/e_chacha20poly1305.c
index cc2e0157e68..816a8aa2182 100644
--- a/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.35 2024/04/09 13:52:41 beck Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.36 2024/05/22 14:02:08 tb Exp $ */
/*
* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
@@ -493,6 +493,8 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Update with AD or plaintext/ciphertext. */
if (in != NULL) {
+ if (!ctx->encrypt || out == NULL)
+ CRYPTO_poly1305_update(&cpx->poly1305, in, len);
if (out == NULL) {
cpx->ad_len += len;
cpx->in_ad = 1;
@@ -502,8 +504,6 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
if (ctx->encrypt && out != NULL)
CRYPTO_poly1305_update(&cpx->poly1305, out, len);
- else
- CRYPTO_poly1305_update(&cpx->poly1305, in, len);
return len;
}