The branch OpenSSL_1_1_1-stable has been updated
via d4f094a04a3a89319f5bf9277e79bd8d77ba10fa (commit)
from 40d422fd3a685c3e1e62ab37eda1189567d000b5 (commit)
- Log -----------------------------------------------------------------
commit d4f094a04a3a89319f5bf9277e79bd8d77ba10fa
Author: Richard Levitte <levi...@openssl.org>
Date: Tue Nov 26 12:40:16 2019 +0100
i2b_PVK(): Use Encrypt, not Decrypt
We used EVP_EncryptInit_ex() to initialise, but EVP_DecryptUpdate()
and EVP_DecryptFinal_ex() to actually perform encryption. This worked
long ago, when the Encrypt and Decrypt variants were the same, but
doesn't now (actually haven't for a very long time).
This shows how seldom PVK is actually used.
Fixes #9338
Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10521)
-----------------------------------------------------------------------
Summary of changes:
crypto/pem/pvkfmt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 2bbee4a306..1fc19c17f9 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -844,9 +844,9 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int
enclevel,
if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto error;
OPENSSL_cleanse(keybuf, 20);
- if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
+ if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
goto error;
- if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
+ if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen))
goto error;
}
