artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 05846bc) | patch
Fix in-place decryption for EVP_chacha20_poly1305()
authortb <tb@openbsd.org>
Wed, 22 May 2024 14:02:08 +0000 (14:02 +0000)
committertb <tb@openbsd.org>
Wed, 22 May 2024 14:02:08 +0000 (14:02 +0000)
commitd14f0dd0aa560c1c4c1ffbea19af4276bceb036c
tree966bf161f857336e712b2840dbd71fd9781cda3ctree | snapshot
parent05846bc708c68e8d9ca86e3af689bc751d1ddb95commit | diff
Fix in-place decryption for EVP_chacha20_poly1305()

Take the MAC before clobbering the input value on decryption. Fixes hangs
during the QUIC handshake with HAProxy using TLS_CHACHA20_POLY1305_SHA256.

Found, issue pinpointed, and initial fix tested by Lucas Gabriel Vuotto:
Let me take this opportunity to thank the HAProxy team for going out of
their way to keep supporting LibreSSL. It's much appreciated.

See https://github.com/haproxy/haproxy/issues/2569

tweak/ok jsing
lib/libcrypto/evp/e_chacha20poly1305.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim