|
 |
657a57 |
From 74fd6dc6c3ba65e48c625d4724878721c46a5e6f Mon Sep 17 00:00:00 2001
|
|
|
657a57 |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
657a57 |
Date: Tue, 24 Aug 2021 15:04:13 -0400
|
|
|
657a57 |
Subject: [PATCH] crypto: Handle EVP changes in OpenSSL 3
|
|
|
657a57 |
MIME-Version: 1.0
|
|
|
657a57 |
Content-Type: text/plain; charset=UTF-8
|
|
|
657a57 |
Content-Transfer-Encoding: 8bit
|
|
|
657a57 |
|
|
|
657a57 |
OpenSSL 3 changes the padding behavior of EVP_DecryptFinal_ex(), which
|
|
|
657a57 |
causes our decryption to fail. It is the opnion of the OpenSSL
|
|
|
657a57 |
developers that mod_auth_gssapi's use of this function was incorrect.
|
|
|
657a57 |
|
|
|
657a57 |
Patch suggested by Tomáš Mráz.
|
|
|
657a57 |
|
|
|
657a57 |
Related: https://github.com/openssl/openssl/issues/16351
|
|
|
657a57 |
|
|
|
657a57 |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
|
|
657a57 |
(cherry picked from commit 06d1f7d36d2455747e6e8231d28e6524ea1181f1)
|
|
|
657a57 |
(cherry picked from commit 915a3d7fca3beefadd751562abe2d481354a2a9c)
|
|
|
657a57 |
---
|
|
|
657a57 |
src/crypto.c | 2 +-
|
|
|
657a57 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
657a57 |
|
|
|
657a57 |
diff --git a/src/crypto.c b/src/crypto.c
|
|
|
657a57 |
index 3f372a0..b3f7fd9 100644
|
|
|
657a57 |
--- a/src/crypto.c
|
|
|
657a57 |
+++ b/src/crypto.c
|
|
|
657a57 |
@@ -262,7 +262,7 @@ apr_status_t UNSEAL_BUFFER(apr_pool_t *p, struct seal_key *skey,
|
|
|
657a57 |
|
|
|
657a57 |
totlen += outlen;
|
|
|
657a57 |
outlen = plain->length - totlen;
|
|
|
657a57 |
- ret = EVP_DecryptFinal_ex(ctx, plain->value, &outlen);
|
|
|
657a57 |
+ ret = EVP_DecryptFinal_ex(ctx, plain->value + totlen, &outlen);
|
|
|
657a57 |
if (ret == 0) goto done;
|
|
|
657a57 |
|
|
|
657a57 |
totlen += outlen;
|