From: tb <tb@openbsd.org>
Date: Fri, 15 Dec 2023 13:48:59 +0000 (+0000)
Subject: Fix a return value confusion in chacha20_poly1305_cipher()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=01dc8a7301f5a8645d65c588dcd1143874d9dc26;p=openbsd

Fix a return value confusion in chacha20_poly1305_cipher()

On overlong input, chacha20_poly1305_cipher() would return 0, which in
EVP_CipherUpdate() and EVP_CipherFinal() signals success with no data
written since EVP_CIPH_FLAG_CUSTOM_CIPHER is set. In order to signal an
error, we need to return -1. Obviously.

ok jsing
---

diff --git a/lib/libcrypto/evp/e_chacha20poly1305.c b/lib/libcrypto/evp/e_chacha20poly1305.c
index 4a393c2458d..362e68dc99c 100644
--- a/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.32 2023/09/28 11:29:10 tb Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.33 2023/12/15 13:48:59 tb Exp $ */
 
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
@@ -477,7 +477,7 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 	if (len > SIZE_MAX - cpx->in_len) {
 		EVPerror(EVP_R_TOO_LARGE);
-		return 0;
+		return -1;
 	}
 
 	/* Disallow authenticated data after plaintext/ciphertext. */