From: Alain Spineux <alain@baculasystems.com>
Date: Fri, 17 Nov 2023 13:34:48 +0000 (+0100)
Subject: Fix openssl 3.x don't tolerate to call EVP_CipherFinal_ex() twice
X-Git-Tag: Beta-15.0.1~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3497fced36438bea6112cd59978ebd981567a2ca;p=thirdparty%2Fbacula.git

Fix openssl 3.x don't tolerate to call EVP_CipherFinal_ex() twice

- tests/encrypt-bug-test fail with openssl 3.0
- the problem is to restore a 64K+1bytes file backed up using encryption
- was working with openssl 1.0 & 1.1
- When using TLS this can block the restore
- get Error: restore.c:1736 Decryption error. buf_len=5 decrypt_len=0 on file xxx/encrypt-bug.jpg
- OPENSSL give ERR=error:1C80006B:Provider routines::wrong final block length
---

diff --git a/bacula/src/filed/restore.c b/bacula/src/filed/restore.c
index ebe204f1d..8f014d108 100644
--- a/bacula/src/filed/restore.c
+++ b/bacula/src/filed/restore.c
@@ -1727,7 +1727,6 @@ bool flush_cipher(r_ctx &rctx, BFILE *bfd, uint64_t *addr, int flags, int32_t st
    char ec1[50];                      /* Buffer printing huge values */
    bool second_pass = false;
 
-again:
    /* Write out the remaining block and free the cipher context */
    cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
                         cipher_ctx->buf_len + cipher_ctx->block_size);
@@ -1747,6 +1746,7 @@ again:
 
    cipher_ctx->buf_len += decrypted_len;
 
+again:
    unser_crypto_packet_len(cipher_ctx);
    Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
    wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;