From fe4f54a3be49a9e9759bee02b24ac193ee6fae21 Mon Sep 17 00:00:00 2001
From: Tobias Boege <taboege@gmail.com>
Date: Sat, 16 Sep 2017 23:52:47 +0200
Subject: [PATCH] [GB.OPENSSL] * BUG: Cipher.DecryptSalted() doesn't return
 rubbish after the decrypted text anymore

---
 gb.openssl/src/c_cipher.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/gb.openssl/src/c_cipher.c b/gb.openssl/src/c_cipher.c
index 370d54281..1bd03b98d 100644
--- a/gb.openssl/src/c_cipher.c
+++ b/gb.openssl/src/c_cipher.c
@@ -327,6 +327,9 @@ BEGIN_METHOD(CipherMethod_EncryptSalted, GB_STRING plain; GB_STRING passwd;
 		memcpy(salt, STRING(salt), MIN(sizeof(salt), LENGTH(salt)));
 	}
 
+// "openssl enc" >= 1.1.0 uses SHA256 by default instead of MD5
+//	EVP_BytesToKey(_method, EVP_sha256(), salt, (uchar *) STRING(passwd),
+//		       LENGTH(passwd), ITER, key, iv);
 	EVP_BytesToKey(_method, EVP_md5(), salt, (uchar *) STRING(passwd),
 		       LENGTH(passwd), ITER, key, iv);
 	cipher = do_cipher((uchar *) STRING(plain), LENGTH(plain), key, iv,
@@ -364,6 +367,9 @@ BEGIN_METHOD(CipherMethod_DecryptSalted, GB_STRING cipher; GB_STRING passwd)
 	/* salt begins at STRING(cipher) + strlen("Salted__") */
 	memcpy(salt, STRING(cipher) + 8, sizeof(salt));
 
+// "openssl enc" >= 1.1.0 uses SHA256 by default instead of MD5
+//	EVP_BytesToKey(_method, EVP_sha256(), salt, (uchar *) STRING(passwd),
+//		       LENGTH(passwd), ITER, key, iv);
 	EVP_BytesToKey(_method, EVP_md5(), salt, (uchar *) STRING(passwd),
 		       LENGTH(passwd), ITER, key, iv);
 	cipher = (uchar *) STRING(cipher) + 8 + sizeof(salt);
@@ -373,10 +379,8 @@ BEGIN_METHOD(CipherMethod_DecryptSalted, GB_STRING cipher; GB_STRING passwd)
 		GB.Error(errmsg ? errmsg : "Decryption failed");
 		return;
 	}
-	GB.ReturnString(plain);
-	GB.ReturnBorrow();
+	GB.ReturnNewString(plain, length);
 	GB.FreeString(&plain);
-	GB.ReturnRelease();
 
 END_METHOD