diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2002-12-20 15:47:16 +0300 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2002-12-20 15:47:16 +0300 |
commit | 214b8b998a59de6afb99830432906cdce32e98a8 (patch) | |
tree | 606659a7c0cb8db90806e9cba22516b2b1f8e64f /ssl | |
parent | 2ef9e7efe6e5a98022fd42fe31e4b9ae35c37ab5 (diff) |
Fix Kerberos5/SSL interaction
Submitted by: "Kenneth R. Robinette" <support@securenetterm.com>
Reviewed by:
PR:
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/kssl.c | 55 |
1 files changed, 17 insertions, 38 deletions
diff --git a/ssl/kssl.c b/ssl/kssl.c index 1a49f43a83..2b82ef60f7 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -2029,44 +2029,23 @@ krb5_error_code kssl_check_authent( */ goto err; } - if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_DecryptInit_ex error decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - if (!EVP_DecryptUpdate(&ciph_ctx, unenc_authent, &outl, - dec_authent->cipher->data, dec_authent->cipher->length)) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_DecryptUpdate error decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - if (outl > unencbufsize) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Buffer overflow decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - if (!EVP_DecryptFinal_ex(&ciph_ctx, &(unenc_authent[outl]), &padl)) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_DecryptFinal_ex error decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - outl += padl; - if (outl > unencbufsize) - { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Buffer overflow decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); + + if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0)) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, + "EVP_DecryptInit_ex error decrypting authenticator.\n"); + krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; + goto err; + } + outl = dec_authent->cipher->length; + if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl)) + { + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, + "EVP_Cipher error decrypting authenticator.\n"); + krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; + goto err; + } + EVP_CIPHER_CTX_cleanup(&ciph_ctx); #ifdef KSSL_DEBUG printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl); |