Fix EVP_DecryptFinal() for CCM ciphers - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2025-06-06 07:41:01 +0000
committer	tb <>	2025-06-06 07:41:01 +0000
commit	96a76161020b928e1e01f56826e2cdd5bb4adf3f (patch)
tree	8fefb7b54a21ac65b877a6d1bcf8b9221365ffb0 /src/lib/libssl/man/SSL_get_ex_new_index.3
parent	f1973c71ce2d980d7dc43c67f3dca6fac6b8c2b9 (diff)
download	openbsd-96a76161020b928e1e01f56826e2cdd5bb4adf3f.tar.gz openbsd-96a76161020b928e1e01f56826e2cdd5bb4adf3f.tar.bz2 openbsd-96a76161020b928e1e01f56826e2cdd5bb4adf3f.zip

Fix EVP_DecryptFinal() for CCM ciphers

There is an old trap that you must not call EVP_*Final() when using AES-CCM. While encrypting this happens to be a noop and succeeds, but when decrypting, the call fails. This behavior changed in OpenSSL and BoringSSL, making the trap even worse since we now fail when the others succeed. This is an adaptation of OpenSSL commit 197421b1 to fix this. See also https://github.com/sfackler/rust-openssl/pull/1805#issuecomment-2734788336 ok beck kenjiro

Diffstat (limited to 'src/lib/libssl/man/SSL_get_ex_new_index.3')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: