[openssl] OpenSSL_1_1_1-stable update

Richard Levitte levitte at openssl.org
Wed Nov 27 19:35:36 UTC 2019

The branch OpenSSL_1_1_1-stable has been updated
       via  d4f094a04a3a89319f5bf9277e79bd8d77ba10fa (commit)
      from  40d422fd3a685c3e1e62ab37eda1189567d000b5 (commit)

- Log -----------------------------------------------------------------
commit d4f094a04a3a89319f5bf9277e79bd8d77ba10fa
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Nov 26 12:40:16 2019 +0100

    i2b_PVK(): Use Encrypt, not Decrypt
    We used EVP_EncryptInit_ex() to initialise, but EVP_DecryptUpdate()
    and EVP_DecryptFinal_ex() to actually perform encryption.  This worked
    long ago, when the Encrypt and Decrypt variants were the same, but
    doesn't now (actually haven't for a very long time).
    This shows how seldom PVK is actually used.
    Fixes #9338
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/10521)


Summary of changes:
 crypto/pem/pvkfmt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 2bbee4a306..1fc19c17f9 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -844,9 +844,9 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
         if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
             goto error;
         OPENSSL_cleanse(keybuf, 20);
-        if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
+        if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
             goto error;
-        if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
+        if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen))
             goto error;

More information about the openssl-commits mailing list