From: Andreas Rammhold Date: Thu, 28 Feb 2019 19:38:14 +0000 (+0100) Subject: fix: use EVP_DecryptUpdate while decrypting X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2b0aeec02d64bb4724da9ff1dbc19b7d35d7c904;p=oweals%2Ftinc.git fix: use EVP_DecryptUpdate while decrypting With OpenSSL versions 1.0.2r & 1.1.1b there were changes in regards to how OpenSSL treats misuse of Encrypt/Decrypt EVP methods in the opposite case. E.g. using the encrypt methods in a decrypt context. OpenSSL now returns an error in these situations. [1] Since tinc used the EVP_EncryptUpdate function in the cipher_decrypt function the new sanity check was triggered causing tinc to be unusable with said OpenSSL versions. [1] https://github.com/openssl/openssl/pull/7852 --- diff --git a/src/openssl/cipher.c b/src/openssl/cipher.c index d51ec0d..974fbeb 100644 --- a/src/openssl/cipher.c +++ b/src/openssl/cipher.c @@ -189,7 +189,7 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou } else { int len; - if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) { + if(EVP_DecryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) { if(outlen) { *outlen = len; }