CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/06/06 01:41:01
Modified files:
lib/libcrypto/evp: e_aes.c
Log message:
Fix EVP_DecryptFinal() for CCM ciphers
There is an old trap that you must not call EVP_*Final() when
using AES-CCM. While encrypting this happens to be a noop and
succeeds, but when decrypting, the call fails. This behavior
changed in OpenSSL and BoringSSL, making the trap even worse
since we now fail when the others succeed.
This is an adaptation of OpenSSL commit 197421b1 to fix this.
See also
https://github.com/sfackler/rust-openssl/pull/1805#issuecomment-2734788336
ok beck kenjiro
