From: Andreas Rammhold <andreas@rammhold.de>
Date: Thu, 28 Feb 2019 19:38:14 +0000 (+0100)
Subject: fix: use EVP_DecryptUpdate while decrypting
X-Git-Tag: release-1.1pre18~29
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=2b0aeec02d64bb4724da9ff1dbc19b7d35d7c904

fix: use EVP_DecryptUpdate while decrypting

With OpenSSL versions 1.0.2r & 1.1.1b there were changes in regards to
how OpenSSL treats misuse of Encrypt/Decrypt EVP methods in the opposite
case. E.g. using the encrypt methods in a decrypt context. OpenSSL now
returns an error in these situations. [1]
Since tinc used the EVP_EncryptUpdate function in the cipher_decrypt
function the new sanity check was triggered causing tinc to be unusable
with said OpenSSL versions.

[1] https://github.com/openssl/openssl/pull/7852
---

diff --git a/src/openssl/cipher.c b/src/openssl/cipher.c
index d51ec0d5..974fbeb2 100644
--- a/src/openssl/cipher.c
+++ b/src/openssl/cipher.c
@@ -189,7 +189,7 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 	} else {
 		int len;
 
-		if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
+		if(EVP_DecryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
 			if(outlen) {
 				*outlen = len;
 			}