On Fri, Dec 20, 2002 at 09:52:22AM -0500, Jeffrey Altman wrote:
> comments inline:
>
...
> > + if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0))
> > + {
> > + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
> > + "EVP_DecryptInit_ex error decrypting
> > authenticator.\n");
> >
> This error message should be updated to describe the new function being
> called.
>
> > + krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
> > + goto err;
> > + }
> > + outl = dec_authent->cipher->length;
> > + if
> > (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl))
> > + {
> > + kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
> > + "EVP_Cipher error decrypting authenticator.\n");
> > + krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
> > + goto err;
> > + }
> > + EVP_CIPHER_CTX_cleanup(&ciph_ctx);
> >
> The cleanup function is only being called on successful completion.
> Shouldn't we be calling it on error as well?
>
> I suggest adding after the err: label:
>
> if (ciph_ctx) EVP_CIPHER_CTX_cleanup(&ciph_ctx);
Jeffrey, Kenneth, can one of you kindly provide a corresponding patch?
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
