crypto: Handle EVP changes in OpenSSL 3

frozencemetery · simo5 · commit 06d1f7d36d24 · 2021-08-24T16:03:00.000-04:00
OpenSSL 3 changes the padding behavior of EVP_DecryptFinal_ex(), which causes our decryption to fail. It is the opnion of the OpenSSL developers that mod_auth_gssapi's use of this function was incorrect. Patch suggested by Tomáš Mráz. Related: openssl/openssl#16351 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
diff --git a/src/crypto.c b/src/crypto.c
@@ -262,7 +262,7 @@ apr_status_t UNSEAL_BUFFER(apr_pool_t *p, struct seal_key *skey,
 
     totlen += outlen;
     outlen = plain->length - totlen;
-    ret = EVP_DecryptFinal_ex(ctx, plain->value, &outlen);
+    ret = EVP_DecryptFinal_ex(ctx, plain->value + totlen, &outlen);
     if (ret == 0) goto done;
 
     totlen += outlen;
