SUBMISSION TYPE: "TSU"
SUBMITTED BY: Jeffrey Altman
SUBMITTED FOR:
POINT OF CONTACT:[EMAIL PROTECTED]
PHONE and/or FAX:
MANUFACTURER: (if relevant)
PRODUCT NAME/MODEL #: openssl 0.9.7
ECCN: 5D002
NOTIFICATION: The attached patch is against the 20021220 snapshot of
openssl, version 0.9.7. The sourcecode is available at
ftp.openssl.org and its worldwide mirrors. Patch submitted to the
openssl-dev mailing list.
*** \temp\kssl.c Fri Dec 20 10:53:06 2002
--- kssl.c Fri Dec 20 10:56:22 2002
***************
*** 1961,1967 ****
const EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char *p, *unenc_authent;
! int padl, outl, unencbufsize;
struct tm tm_time, *tm_l, *tm_g;
time_t now, tl, tg, tr, tz_offset;
--- 1961,1967 ----
const EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char *p, *unenc_authent;
! int outl, unencbufsize;
struct tm tm_time, *tm_l, *tm_g;
time_t now, tl, tg, tr, tz_offset;
***************
*** 2033,2039 ****
if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0))
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
! "EVP_DecryptInit_ex error decrypting authenticator.\n");
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
--- 2033,2039 ----
if ( !EVP_CipherInit(&ciph_ctx, enc, kssl_ctx->key,iv,0 ))
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
! "EVP_CipherInit error decrypting authenticator.\n");
krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto err;
}
***************
*** 2094,2099 ****
--- 2094,2100 ----
if (auth) KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);
if (dec_authent) KRB5_ENCDATA_free(dec_authent);
if (unenc_authent) free(unenc_authent);
+ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
return krb5rc;
}
Lutz Jaenicke wrote:
Jeffrey, Kenneth, can one of you kindly provide a corresponding patch?
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]