Skip to content

Commit

Permalink
Fix error handling in PKINIT decode_data()
Browse files Browse the repository at this point in the history 
decode_data() mixes errno values with OpenSSL return codes.  Change
its return type to int, and return 1 on success or 0 on failure.

(cherry picked from commit cc9035a)

ticket: 8525
version_fixed: 1.15.1
  • Loading branch information
@greghudson @tlyu
greghudson authored and tlyu committed Jan 9, 2017
1 parent f2bff4a commit 9bb353d
Showing 1 changed file with 7 additions and 10 deletions.
17 changes: 7 additions & 10 deletions src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4188,24 +4188,24 @@ pkinit_sign_data(krb5_context context,
}


static krb5_error_code
static int
decode_data(uint8_t **out_data, unsigned int *out_data_len,
const uint8_t *data, unsigned int data_len, EVP_PKEY *pkey,
X509 *cert)
{
krb5_error_code retval = ENOMEM;
int retval;
unsigned char *buf = NULL;
int buf_len = 0;

if (cert && !X509_check_private_key(cert, pkey)) {
pkiDebug("private key does not match certificate\n");
goto cleanup;
return 0;
}

buf_len = EVP_PKEY_size(pkey);
buf = malloc((size_t) buf_len + 10);
if (buf == NULL)
goto cleanup;
return 0;

#if OPENSSL_VERSION_NUMBER >= 0x00909000L
retval = EVP_PKEY_decrypt_old(buf, data, (int)data_len, pkey);
Expand All @@ -4214,16 +4214,13 @@ decode_data(uint8_t **out_data, unsigned int *out_data_len,
#endif
if (retval <= 0) {
pkiDebug("unable to decrypt received data (len=%d)\n", data_len);
goto cleanup;
free(buf);
return 0;
}
*out_data = buf;
*out_data_len = retval;

cleanup:
if (retval == ENOMEM)
free(buf);

return retval;
return 1;
}

static krb5_error_code
Expand Down

0 comments on commit 9bb353d

Please sign in to comment.