andi at notmuch.email
2019-Feb-28 19:38 UTC
[PATCH branch 1.1] fix: use EVP_DecryptUpdate while decrypting
From: Andreas Rammhold <andreas at rammhold.de>
With OpenSSL versions 1.0.2r & 1.1.1b there were changes in regards to
how OpenSSL treats misuse of Encrypt/Decrypt EVP methods in the opposite
case. E.g. using the encrypt methods in a decrypt context. OpenSSL now
returns an error in these situations. [1]
Since tinc used the EVP_EncryptUpdate function in the cipher_decrypt
function the new sanity check was triggered causing tinc to be unusable
with said OpenSSL versions.
[1] https://github.com/openssl/openssl/pull/7852
---
src/openssl/cipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openssl/cipher.c b/src/openssl/cipher.c
index d51ec0d..974fbeb 100644
--- a/src/openssl/cipher.c
+++ b/src/openssl/cipher.c
@@ -189,7 +189,7 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata,
size_t inlen, void *ou
} else {
int len;
- if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
+ if(EVP_DecryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
if(outlen) {
*outlen = len;
}
--
2.19.2
Reasonably Related Threads
Wisdom of the Ancients
