generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix Kerberos5/SSL interaction

Browse Source 
Submitted by: "Kenneth R. Robinette" <support@securenetterm.com>
Reviewed by:
PR:
This commit is contained in:
Lutz Jänicke 2002-12-20 12:47:16 +00:00
parent 2ef9e7efe6
commit 214b8b998a
1 changed files with 17 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
ssl/kssl.c
View File

@ -2029,44 +2029,23 @@ krb5_error_code kssl_check_authent(
*/ */
goto err; goto err;
} }
if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv))
{ if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0))
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, {
"EVP_DecryptInit_ex error decrypting authenticator.\n"); kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; "EVP_DecryptInit_ex error decrypting authenticator.\n");
goto err; krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
} goto err;
if (!EVP_DecryptUpdate(&ciph_ctx, unenc_authent, &outl, }
dec_authent->cipher->data, dec_authent->cipher->length)) outl = dec_authent->cipher->length;
{ if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl))
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, {
"EVP_DecryptUpdate error decrypting authenticator.\n"); kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; "EVP_Cipher error decrypting authenticator.\n");
goto err; krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
} goto err;
if (outl > unencbufsize) }
{ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
"Buffer overflow decrypting authenticator.\n");
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
if (!EVP_DecryptFinal_ex(&ciph_ctx, &(unenc_authent[outl]), &padl))
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
"EVP_DecryptFinal_ex error decrypting authenticator.\n");
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
outl += padl;
if (outl > unencbufsize)
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
"Buffer overflow decrypting authenticator.\n");
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
#ifdef KSSL_DEBUG #ifdef KSSL_DEBUG
printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl); printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);