diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2024-05-22 14:02:09 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2024-05-22 14:02:09 +0000 |
commit | 8da0e94aed59235f3ae48ebe68440549e4691e71 (patch) | |
tree | c95b6135039af343259d88dcc4cc1a0fd9e77360 /lib/libcrypto/evp | |
parent | caf8dbeaff1c2bef353357eff20f47dd59e984d2 (diff) |
Fix in-place decryption for EVP_chacha20_poly1305()
Take the MAC before clobbering the input value on decryption. Fixes hangs
during the QUIC handshake with HAProxy using TLS_CHACHA20_POLY1305_SHA256.
Found, issue pinpointed, and initial fix tested by Lucas Gabriel Vuotto:
Let me take this opportunity to thank the HAProxy team for going out of
their way to keep supporting LibreSSL. It's much appreciated.
See https://github.com/haproxy/haproxy/issues/2569
tweak/ok jsing
Diffstat (limited to 'lib/libcrypto/evp')
-rw-r--r-- | lib/libcrypto/evp/e_chacha20poly1305.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libcrypto/evp/e_chacha20poly1305.c b/lib/libcrypto/evp/e_chacha20poly1305.c index cc2e0157e68..816a8aa2182 100644 --- a/lib/libcrypto/evp/e_chacha20poly1305.c +++ b/lib/libcrypto/evp/e_chacha20poly1305.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_chacha20poly1305.c,v 1.35 2024/04/09 13:52:41 beck Exp $ */ +/* $OpenBSD: e_chacha20poly1305.c,v 1.36 2024/05/22 14:02:08 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing <jsing@openbsd.org> @@ -493,6 +493,8 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Update with AD or plaintext/ciphertext. */ if (in != NULL) { + if (!ctx->encrypt || out == NULL) + CRYPTO_poly1305_update(&cpx->poly1305, in, len); if (out == NULL) { cpx->ad_len += len; cpx->in_ad = 1; @@ -502,8 +504,6 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } if (ctx->encrypt && out != NULL) CRYPTO_poly1305_update(&cpx->poly1305, out, len); - else - CRYPTO_poly1305_update(&cpx->poly1305, in, len); return len; } |