From 7a188b601ab20e8f980cef8751e89cde324e77c1 Mon Sep 17 00:00:00 2001 From: Zhanna Tsitkov Date: Thu, 1 Oct 2009 18:39:42 +0000 Subject: Cleanup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22819 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/builtin/hash_provider/Makefile.in | 24 +++-- src/lib/crypto/openssl/enc_provider/des.c | 107 ++++++++------------ src/lib/crypto/openssl/enc_provider/des3.c | 118 ++++++++++------------- src/lib/crypto/openssl/enc_provider/rc4.c | 10 +- 4 files changed, 116 insertions(+), 143 deletions(-) diff --git a/src/lib/crypto/builtin/hash_provider/Makefile.in b/src/lib/crypto/builtin/hash_provider/Makefile.in index 75b3d1b..a901d11 100644 --- a/src/lib/crypto/builtin/hash_provider/Makefile.in +++ b/src/lib/crypto/builtin/hash_provider/Makefile.in @@ -13,13 +13,23 @@ DEFS= PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) -STLIBOBJS= hash_crc32.o hash_md4.o hash_md5.o hash_sha1.o - -OBJS= $(OUTPRE)hash_crc32.$(OBJEXT) $(OUTPRE)hash_md4.$(OBJEXT) \ - $(OUTPRE)hash_md5.$(OBJEXT) $(OUTPRE)hash_sha1.$(OBJEXT) - -SRCS= $(srcdir)/hash_crc32.c $(srcdir)/hash_md4.c \ - $(srcdir)/hash_md5.c $(srcdir)/hash_sha1.c +CIMPL = @CRYPTO_IMPL@/hash_provider + +STLIBOBJS= \ + ../../$(CIMPL)/hash_crc32.o \ + ../../$(CIMPL)/hash_md4.o \ + ../../$(CIMPL)/hash_md5.o \ + ../../$(CIMPL)/hash_sha1.o + +OBJS= $(OUTPRE)../../$(CIMPL)/hash_crc32.$(OBJEXT) \ + $(OUTPRE)../../$(CIMPL)/hash_md4.$(OBJEXT) \ + $(OUTPRE)../../$(CIMPL)/hash_md5.$(OBJEXT) \ + $(OUTPRE)../../$(CIMPL)/hash_sha1.$(OBJEXT) + +SRCS= $(srcdir)/../../$(CIMPL)/hash_crc32.c \ + $(srcdir)/../../$(CIMPL)/hash_md4.c \ + $(srcdir)/../../$(CIMPL)/hash_md5.c \ + $(srcdir)/../../$(CIMPL)/hash_sha1.c ##DOS##LIBOBJS = $(OBJS) diff --git a/src/lib/crypto/openssl/enc_provider/des.c b/src/lib/crypto/openssl/enc_provider/des.c index b7a05db..4965c6e 100644 --- a/src/lib/crypto/openssl/enc_provider/des.c +++ b/src/lib/crypto/openssl/enc_provider/des.c @@ -35,7 +35,6 @@ validate_iov(const krb5_keyblock *key, const krb5_data *ivec, for (i = 0, input_length = 0; i < num_data; i++) { const krb5_crypto_iov *iov = &data[i]; - if (ENCRYPT_IOV(iov)) input_length += iov->data.length; } @@ -54,12 +53,11 @@ static krb5_error_code k5_des_encrypt(const krb5_keyblock *key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) { - int ret = 0, tmp_len = 0; - unsigned int tmp_buf_len = 0; + int ret = 0, tmp_len = 0; + unsigned int tmp_buf_len = 0; unsigned char *keybuf = NULL; unsigned char *tmp_buf = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - EVP_CIPHER_CTX ciph_ctx; + EVP_CIPHER_CTX ciph_ctx; ret = validate(key, ivec, input, output); if (ret) @@ -68,11 +66,6 @@ k5_des_encrypt(const krb5_keyblock *key, const krb5_data *ivec, keybuf=key->contents; keybuf[key->length] = '\0'; - if ( ivec && ivec->data ) { - memset(iv,0,sizeof(iv)); - memcpy(iv,ivec->data,ivec->length); - } - tmp_buf_len = output->length*2; tmp_buf=OPENSSL_malloc(tmp_buf_len); if (!tmp_buf) @@ -82,13 +75,13 @@ k5_des_encrypt(const krb5_keyblock *key, const krb5_data *ivec, EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, keybuf, - (ivec && ivec->data) ? iv : NULL); + (ivec) ? (unsigned char*)ivec->data : NULL); if (ret) { EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len, (unsigned char *)input->data, input->length); if (!ret || output->length < (unsigned int)tmp_len) { - return KRB5_CRYPTO_INTERNAL; + ret = KRB5_CRYPTO_INTERNAL; } else { output->length = tmp_len; ret = EVP_EncryptFinal_ex(&ciph_ctx, tmp_buf + tmp_len, &tmp_len); @@ -97,13 +90,13 @@ k5_des_encrypt(const krb5_keyblock *key, const krb5_data *ivec, EVP_CIPHER_CTX_cleanup(&ciph_ctx); - if (ret) + if (ret == 1) memcpy(output->data,tmp_buf, output->length); memset(tmp_buf, 0, tmp_buf_len); OPENSSL_free(tmp_buf); - if (!ret) + if (ret != 1) return KRB5_CRYPTO_INTERNAL; return 0; } @@ -114,10 +107,9 @@ k5_des_decrypt(const krb5_keyblock *key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) { /* key->enctype was checked by the caller */ - int ret = 0, tmp_len = 0; + int ret = 0, tmp_len = 0; unsigned char *keybuf = NULL; unsigned char *tmp_buf; - unsigned char iv[EVP_MAX_IV_LENGTH]; EVP_CIPHER_CTX ciph_ctx; ret = validate(key, ivec, input, output); @@ -127,10 +119,6 @@ k5_des_decrypt(const krb5_keyblock *key, const krb5_data *ivec, keybuf=key->contents; keybuf[key->length] = '\0'; - if ( ivec != NULL && ivec->data ){ - memset(iv,0,sizeof(iv)); - memcpy(iv,ivec->data,ivec->length); - } tmp_buf=OPENSSL_malloc(output->length); if (!tmp_buf) return ENOMEM; @@ -139,7 +127,7 @@ k5_des_decrypt(const krb5_keyblock *key, const krb5_data *ivec, EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, keybuf, - (ivec && ivec->data) ? iv : NULL); + (ivec) ? (unsigned char*)ivec->data : NULL); if (ret) { EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); ret = EVP_DecryptUpdate(&ciph_ctx, tmp_buf, &tmp_len, @@ -152,13 +140,13 @@ k5_des_decrypt(const krb5_keyblock *key, const krb5_data *ivec, EVP_CIPHER_CTX_cleanup(&ciph_ctx); - if (ret) + if (ret == 1) memcpy(output->data,tmp_buf, output->length); memset(tmp_buf,0,output->length); OPENSSL_free(tmp_buf); - if (!ret) + if ( ret != 1) return KRB5_CRYPTO_INTERNAL; return 0; } @@ -169,21 +157,21 @@ k5_des_encrypt_iov(const krb5_keyblock *key, krb5_crypto_iov *data, size_t num_data) { - int ret = 0, tmp_len = MIT_DES_BLOCK_LENGTH; - EVP_CIPHER_CTX ciph_ctx; - unsigned char *keybuf = NULL ; - unsigned char iv[EVP_MAX_IV_LENGTH]; - + int ret = 0, tmp_len = MIT_DES_BLOCK_LENGTH; + int oblock_len = MIT_DES_BLOCK_LENGTH * num_data; + unsigned char *iblock = NULL, *oblock = NULL; + unsigned char *keybuf = NULL ; struct iov_block_state input_pos, output_pos; - int oblock_len = MIT_DES_BLOCK_LENGTH*num_data; - unsigned char *iblock, *oblock; + EVP_CIPHER_CTX ciph_ctx; iblock = OPENSSL_malloc(MIT_DES_BLOCK_LENGTH); if (!iblock) return ENOMEM; oblock = OPENSSL_malloc(oblock_len); - if (!oblock) + if (!oblock){ + OPENSSL_free(iblock); return ENOMEM; + } IOV_BLOCK_STATE_INIT(&input_pos); IOV_BLOCK_STATE_INIT(&output_pos); @@ -195,19 +183,18 @@ k5_des_encrypt_iov(const krb5_keyblock *key, if (ret) return ret; - if (ivec && ivec->data){ - memset(iv,0,sizeof(iv)); - memcpy(iv,ivec->data,ivec->length); - } - memset(oblock, 0, oblock_len); EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, - keybuf, (ivec && ivec->data) ? iv : NULL); - if (!ret) + keybuf, (ivec && ivec->data) ? (unsigned char*)ivec->data : NULL); + if (!ret){ + EVP_CIPHER_CTX_cleanup(&ciph_ctx); + OPENSSL_free(iblock); + OPENSSL_free(oblock); return KRB5_CRYPTO_INTERNAL; + } EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); @@ -229,11 +216,6 @@ k5_des_encrypt_iov(const krb5_keyblock *key, if(ret) ret = EVP_EncryptFinal_ex(&ciph_ctx, oblock+16, &tmp_len); - if (ret) { - if (ivec != NULL) - memcpy(iv, oblock, MIT_DES_BLOCK_LENGTH); - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); memset(iblock,0,sizeof(iblock)); @@ -241,7 +223,7 @@ k5_des_encrypt_iov(const krb5_keyblock *key, OPENSSL_free(iblock); OPENSSL_free(oblock); - if (!ret) + if ( ret != 1) return KRB5_CRYPTO_INTERNAL; return 0; } @@ -252,21 +234,22 @@ k5_des_decrypt_iov(const krb5_keyblock *key, krb5_crypto_iov *data, size_t num_data) { - int ret = 0, tmp_len = MIT_DES_BLOCK_LENGTH; - EVP_CIPHER_CTX ciph_ctx; - unsigned char *keybuf = NULL ; - unsigned char iv[EVP_MAX_IV_LENGTH]; - + int ret = 0; + int tmp_len = MIT_DES_BLOCK_LENGTH; + int oblock_len = MIT_DES_BLOCK_LENGTH*num_data; + unsigned char *iblock = NULL, *oblock = NULL; + unsigned char *keybuf = NULL; struct iov_block_state input_pos, output_pos; - int oblock_len = MIT_DES_BLOCK_LENGTH*num_data; - unsigned char *iblock, *oblock; + EVP_CIPHER_CTX ciph_ctx; iblock = OPENSSL_malloc(MIT_DES_BLOCK_LENGTH); if (!iblock) return ENOMEM; oblock = OPENSSL_malloc(oblock_len); - if (!oblock) + if (!oblock){ + OPENSSL_free(iblock); return ENOMEM; + } IOV_BLOCK_STATE_INIT(&input_pos); IOV_BLOCK_STATE_INIT(&output_pos); @@ -278,19 +261,18 @@ k5_des_decrypt_iov(const krb5_keyblock *key, if (ret) return ret; - if (ivec && ivec->data){ - memset(iv,0,sizeof(iv)); - memcpy(iv,ivec->data,ivec->length); - } - memset(oblock, 0, oblock_len); EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, - keybuf, (ivec && ivec->data) ? iv : NULL); - if (!ret) + keybuf, (ivec) ? (unsigned char*)ivec->data : NULL); + if (!ret){ + EVP_CIPHER_CTX_cleanup(&ciph_ctx); + OPENSSL_free(iblock); + OPENSSL_free(oblock); return KRB5_CRYPTO_INTERNAL; + } EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); @@ -315,11 +297,6 @@ k5_des_decrypt_iov(const krb5_keyblock *key, if(ret) ret = EVP_DecryptFinal_ex(&ciph_ctx, oblock+16, &tmp_len); - if (ret) { - if (ivec != NULL) - memcpy(iv, oblock, MIT_DES_BLOCK_LENGTH); - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); memset(iblock,0,sizeof(iblock)); @@ -327,7 +304,7 @@ k5_des_decrypt_iov(const krb5_keyblock *key, OPENSSL_free(iblock); OPENSSL_free(oblock); - if (!ret) + if (ret != 1) return KRB5_CRYPTO_INTERNAL; return 0; } diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c index 4445af0..1dec8e2 100644 --- a/src/lib/crypto/openssl/enc_provider/des3.c +++ b/src/lib/crypto/openssl/enc_provider/des3.c @@ -36,7 +36,6 @@ validate_iov(const krb5_keyblock *key, const krb5_data *ivec, for (i = 0, input_length = 0; i < num_data; i++) { const krb5_crypto_iov *iov = &data[i]; - if (ENCRYPT_IOV(iov)) input_length += iov->data.length; } @@ -55,12 +54,11 @@ static krb5_error_code k5_des3_encrypt(const krb5_keyblock *key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) { - int ret = 0, tmp_len = 0; - unsigned int tmp_buf_len = 0; + int ret = 0, tmp_len = 0; + unsigned int tmp_buf_len = 0; unsigned char *keybuf = NULL; unsigned char *tmp_buf = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - EVP_CIPHER_CTX ciph_ctx; + EVP_CIPHER_CTX ciph_ctx; ret = validate(key, ivec, input, output); if (ret) @@ -69,9 +67,6 @@ k5_des3_encrypt(const krb5_keyblock *key, const krb5_data *ivec, keybuf=key->contents; keybuf[key->length] = '\0'; - if (ivec && ivec->data) { - memcpy(iv,ivec->data,ivec->length); - } tmp_buf_len = output->length * 2; tmp_buf = OPENSSL_malloc(tmp_buf_len); if (!tmp_buf) @@ -80,7 +75,7 @@ k5_des3_encrypt(const krb5_keyblock *key, const krb5_data *ivec, EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, keybuf, - (ivec && ivec->data) ? iv : NULL); + (ivec) ? (unsigned char*)ivec->data : NULL); if (ret) { EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len, @@ -95,12 +90,13 @@ k5_des3_encrypt(const krb5_keyblock *key, const krb5_data *ivec, EVP_CIPHER_CTX_cleanup(&ciph_ctx); - if (ret) + if (ret == 1) memcpy(output->data,tmp_buf, output->length); + memset(tmp_buf, 0, tmp_buf_len); OPENSSL_free(tmp_buf); - if (!ret) + if (ret != 1) return KRB5_CRYPTO_INTERNAL; return 0; @@ -111,11 +107,11 @@ static krb5_error_code k5_des3_decrypt(const krb5_keyblock *key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) { - int ret = 0, tmp_len = 0; - EVP_CIPHER_CTX ciph_ctx; + int ret = 0, tmp_len = 0; + unsigned int tmp_buf_len = 0; unsigned char *keybuf = NULL; unsigned char *tmp_buf = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; + EVP_CIPHER_CTX ciph_ctx; ret = validate(key, ivec, input, output); if (ret) @@ -124,24 +120,22 @@ k5_des3_decrypt(const krb5_keyblock *key, const krb5_data *ivec, keybuf=key->contents; keybuf[key->length] = '\0'; - if (ivec && ivec->data) { - memset(iv,0,sizeof(iv)); - memcpy(iv,ivec->data,ivec->length); - } - - tmp_buf=OPENSSL_malloc(output->length); + tmp_buf_len = output->length; + tmp_buf=OPENSSL_malloc(tmp_buf_len); if (!tmp_buf) return ENOMEM; EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, keybuf, - (ivec && ivec->data) ? iv: NULL); + (ivec) ? (unsigned char*)ivec->data: NULL); if (ret) { EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); ret = EVP_DecryptUpdate(&ciph_ctx, tmp_buf, &tmp_len, (unsigned char *)input->data, input->length); - if (ret) { + if (!ret || output->length < (unsigned int)tmp_len) { + ret = KRB5_CRYPTO_INTERNAL; + } else { output->length = tmp_len; ret = EVP_DecryptFinal_ex(&ciph_ctx, tmp_buf+tmp_len, &tmp_len); } @@ -149,13 +143,13 @@ k5_des3_decrypt(const krb5_keyblock *key, const krb5_data *ivec, EVP_CIPHER_CTX_cleanup(&ciph_ctx); - if (ret) + if (ret == 1) memcpy(output->data,tmp_buf, output->length); - memset(tmp_buf,0,output->length); + memset(tmp_buf,0,tmp_buf_len); OPENSSL_free(tmp_buf); - if (!ret) + if (ret != 1) return KRB5_CRYPTO_INTERNAL; return 0; @@ -167,14 +161,13 @@ k5_des3_encrypt_iov(const krb5_keyblock *key, krb5_crypto_iov *data, size_t num_data) { - int ret = 0, tmp_len = MIT_DES_BLOCK_LENGTH; - EVP_CIPHER_CTX ciph_ctx; - unsigned char *keybuf = NULL ; - unsigned char iv[EVP_MAX_IV_LENGTH]; - + int ret = 0; + int tmp_len = MIT_DES_BLOCK_LENGTH; + int oblock_len = MIT_DES_BLOCK_LENGTH*num_data; + unsigned char *iblock = NULL, *oblock = NULL; + unsigned char *keybuf = NULL; struct iov_block_state input_pos, output_pos; - int oblock_len = MIT_DES_BLOCK_LENGTH*num_data; - unsigned char *iblock, *oblock; + EVP_CIPHER_CTX ciph_ctx; ret = validate_iov(key, ivec, data, num_data); if (ret) @@ -184,8 +177,10 @@ k5_des3_encrypt_iov(const krb5_keyblock *key, if (!iblock) return ENOMEM; oblock = OPENSSL_malloc(oblock_len); - if (!oblock) + if (!oblock){ + OPENSSL_free(iblock); return ENOMEM; + } IOV_BLOCK_STATE_INIT(&input_pos); IOV_BLOCK_STATE_INIT(&output_pos); @@ -193,19 +188,18 @@ k5_des3_encrypt_iov(const krb5_keyblock *key, keybuf=key->contents; keybuf[key->length] = '\0'; - if (ivec && ivec->data){ - memset(iv,0,sizeof(iv)); - memcpy(iv,ivec->data,ivec->length); - } - memset(oblock, 0, oblock_len); EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, - keybuf, (ivec && ivec->data) ? iv : NULL); - if (!ret) + keybuf, (ivec) ? (unsigned char*)ivec->data : NULL); + if (!ret){ + EVP_CIPHER_CTX_cleanup(&ciph_ctx); + OPENSSL_free(iblock); + OPENSSL_free(oblock); return KRB5_CRYPTO_INTERNAL; + } EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); @@ -229,11 +223,6 @@ k5_des3_encrypt_iov(const krb5_keyblock *key, if(ret) ret = EVP_EncryptFinal_ex(&ciph_ctx, oblock+input_pos.data_pos, &tmp_len); - if (ret) { - if (ivec != NULL) - memcpy(iv, oblock, MIT_DES_BLOCK_LENGTH); - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); memset(iblock,0,sizeof(iblock)); @@ -241,7 +230,7 @@ k5_des3_encrypt_iov(const krb5_keyblock *key, OPENSSL_free(iblock); OPENSSL_free(oblock); - if (!ret) + if (ret != 1) return KRB5_CRYPTO_INTERNAL; return 0; } @@ -252,14 +241,13 @@ k5_des3_decrypt_iov(const krb5_keyblock *key, krb5_crypto_iov *data, size_t num_data) { - int ret = 0, tmp_len = MIT_DES_BLOCK_LENGTH; - EVP_CIPHER_CTX ciph_ctx; - unsigned char *keybuf = NULL ; - unsigned char iv[EVP_MAX_IV_LENGTH]; - + int ret = 0; + int tmp_len = MIT_DES_BLOCK_LENGTH; + int oblock_len = MIT_DES_BLOCK_LENGTH * num_data; + unsigned char *iblock = NULL, *oblock = NULL; + unsigned char *keybuf = NULL ; struct iov_block_state input_pos, output_pos; - int oblock_len = MIT_DES_BLOCK_LENGTH*num_data; - unsigned char *iblock, *oblock; + EVP_CIPHER_CTX ciph_ctx; ret = validate_iov(key, ivec, data, num_data); if (ret) @@ -269,8 +257,10 @@ k5_des3_decrypt_iov(const krb5_keyblock *key, if (!iblock) return ENOMEM; oblock = OPENSSL_malloc(oblock_len); - if (!oblock) + if (!oblock){ + OPENSSL_free(iblock); return ENOMEM; + } IOV_BLOCK_STATE_INIT(&input_pos); IOV_BLOCK_STATE_INIT(&output_pos); @@ -278,19 +268,18 @@ k5_des3_decrypt_iov(const krb5_keyblock *key, keybuf=key->contents; keybuf[key->length] = '\0'; - if (ivec && ivec->data){ - memset(iv,0,sizeof(iv)); - memcpy(iv,ivec->data,ivec->length); - } - memset(oblock, 0, oblock_len); EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, - keybuf, (ivec && ivec->data) ? iv : NULL); - if (!ret) + keybuf, (ivec) ? (unsigned char*)ivec->data : NULL); + if (!ret){ + EVP_CIPHER_CTX_cleanup(&ciph_ctx); + OPENSSL_free(iblock); + OPENSSL_free(oblock); return KRB5_CRYPTO_INTERNAL; + } EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); @@ -315,11 +304,6 @@ k5_des3_decrypt_iov(const krb5_keyblock *key, ret = EVP_DecryptFinal_ex(&ciph_ctx, oblock + input_pos.data_pos, &tmp_len); - if (ret) { - if (ivec != NULL) - memcpy(iv, oblock, MIT_DES_BLOCK_LENGTH); - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); memset(iblock,0,sizeof(iblock)); @@ -327,7 +311,7 @@ k5_des3_decrypt_iov(const krb5_keyblock *key, OPENSSL_free(iblock); OPENSSL_free(oblock); - if (!ret) + if (ret != 1) return KRB5_CRYPTO_INTERNAL; return 0; } diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c index 455a47f..ae2f58f 100644 --- a/src/lib/crypto/openssl/enc_provider/rc4.c +++ b/src/lib/crypto/openssl/enc_provider/rc4.c @@ -62,7 +62,7 @@ k5_arcfour_docrypt(const krb5_keyblock *key, const krb5_data *state, EVP_CIPHER_CTX_cleanup(&ciph_ctx); - if (!ret) + if (ret != 1) return KRB5_CRYPTO_INTERNAL; output->length += tmp_len; @@ -90,8 +90,10 @@ k5_arcfour_docrypt_iov(const krb5_keyblock *key, EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_rc4(), NULL, keybuf, NULL); - if (!ret) - return -1; + if (!ret){ + EVP_CIPHER_CTX_cleanup(&ciph_ctx); + return KRB5_CRYPTO_INTERNAL; + } for (i = 0; i < num_data; i++) { iov = &data[i]; @@ -112,7 +114,7 @@ k5_arcfour_docrypt_iov(const krb5_keyblock *key, EVP_CIPHER_CTX_cleanup(&ciph_ctx); - if (!ret) + if (ret != 1) return KRB5_CRYPTO_INTERNAL; iov->data.length += tmp_len; -- cgit v1.1