Fix Kerberos5/SSL interaction

Submitted by: "Kenneth R. Robinette" <support@securenetterm.com> Reviewed by: PR:
author: Lutz Jänicke <jaenicke@openssl.org> 2002-12-20 12:48:00 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2002-12-20 12:48:00 +0000
commit: 1004c99c2957b8893a83d39c7d25144fdf86e9aa (patch)
tree: 84e6c6f0ceff1c6d1b9a00f767662ace128ffab1 /ssl/kssl.c
parent: c9ecb1edd88ab5fa51c2a61a5559280872f0aa3c (diff)
1 files changed, 17 insertions, 38 deletions
diff --git a/ssl/kssl.c b/ssl/kssl.c
index 1a49f43a83..2b82ef60f7 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -2029,44 +2029,23 @@ krb5_error_code  kssl_check_authent(
 		*/
 		goto err;
 		}
-	if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv))
-		{
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-			"EVP_DecryptInit_ex error decrypting authenticator.\n");
-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		goto err;
-		}
-	if (!EVP_DecryptUpdate(&ciph_ctx, unenc_authent, &outl,
-			dec_authent->cipher->data, dec_authent->cipher->length))
-		{
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-			"EVP_DecryptUpdate error decrypting authenticator.\n");
-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		goto err;
-		}
-	if (outl > unencbufsize)
-		{
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "Buffer overflow decrypting authenticator.\n");
-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		goto err;
-		}
-	if (!EVP_DecryptFinal_ex(&ciph_ctx, &(unenc_authent[outl]), &padl))
-		{
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-			"EVP_DecryptFinal_ex error decrypting authenticator.\n");
-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		goto err;
-		}
-	outl += padl;
-	if (outl > unencbufsize)
-		{
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "Buffer overflow decrypting authenticator.\n");
-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		goto err;
-		}
-	EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+        if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0))
+                {
+                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "EVP_DecryptInit_ex error decrypting authenticator.\n");
+                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+                goto err;
+                }
+        outl = dec_authent->cipher->length;
+        if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl))
+                {
+                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "EVP_Cipher error decrypting authenticator.\n");
+                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+                goto err;
+                }
+        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
 #ifdef KSSL_DEBUG
 	printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
author	Lutz Jänicke <jaenicke@openssl.org>	2002-12-20 12:48:00 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2002-12-20 12:48:00 +0000
commit	1004c99c2957b8893a83d39c7d25144fdf86e9aa (patch)
tree	84e6c6f0ceff1c6d1b9a00f767662ace128ffab1 /ssl/kssl.c
parent	c9ecb1edd88ab5fa51c2a61a5559280872f0aa3c (diff)