From ec0035c9b8e0690f3bc21f3de089c39eae660916 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 3 Jul 2007 08:00:08 +0000
Subject: r23678: Update to current lorikeet-heimdal (-r 767), which should fix
 the panics on hosts without /dev/random.

Andrew Bartlett
(This used to be commit 14a4ddb131993fec72316f7e8e371638749e6f1f)
---
 source4/heimdal/lib/hx509/crypto.c | 66 ++++++++++++++++++++++++++------------
 1 file changed, 46 insertions(+), 20 deletions(-)

(limited to 'source4/heimdal/lib/hx509/crypto.c')

diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c
index 96d9693cc2..d86300bd58 100644
--- a/source4/heimdal/lib/hx509/crypto.c
+++ b/source4/heimdal/lib/hx509/crypto.c
@@ -32,7 +32,7 @@
  */
 
 #include "hx_locl.h"
-RCSID("$Id: crypto.c 20939 2007-06-06 20:53:02Z lha $");
+RCSID("$Id: crypto.c 21318 2007-06-25 19:46:32Z lha $");
 
 struct hx509_crypto;
 
@@ -362,6 +362,7 @@ rsa_create_signature(hx509_context context,
     sig->length = RSA_size(signer->private_key.rsa);
     sig->data = malloc(sig->length);
     if (sig->data == NULL) {
+	der_free_octet_string(&indata);
 	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
 	return ENOMEM;
     }
@@ -1761,15 +1762,17 @@ CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
 	p->maximum_effective_key = 128;
 	break;
     default:
+	free(p);
 	free_CMSRC2CBCParameter(&rc2param);
 	return HX509_CRYPTO_SIG_INVALID_FORMAT;
     }
     if (ivec)
 	ret = der_copy_octet_string(&rc2param.iv, ivec);
     free_CMSRC2CBCParameter(&rc2param);
-    if (ret)
+    if (ret) {
+	free(p);
 	hx509_clear_error_string(context);
-    else
+    } else
 	crypto->param = p;
 
     return ret;
@@ -2008,11 +2011,30 @@ hx509_crypto_get_params(hx509_context context,
     return (*crypto->cipher->get_params)(context, crypto, ivec, param);
 }
 
+int
+hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
+{
+    ivec->length = EVP_CIPHER_iv_length(crypto->c);
+    ivec->data = malloc(ivec->length);
+    if (ivec->data == NULL) {
+	ivec->length = 0;
+	return ENOMEM;
+    }
+
+    if (RAND_bytes(ivec->data, ivec->length) <= 0) {
+	free(ivec->data);
+	ivec->data = NULL;
+	ivec->length = 0;
+	return HX509_CRYPTO_INTERNAL_ERROR;
+    }
+    return 0;
+}
+
 int
 hx509_crypto_encrypt(hx509_crypto crypto,
 		     const void *data,
 		     const size_t length,
-		     heim_octet_string *ivec,
+		     const heim_octet_string *ivec,
 		     heim_octet_string **ciphertext)
 {
     EVP_CIPHER_CTX evp;
@@ -2021,19 +2043,9 @@ hx509_crypto_encrypt(hx509_crypto crypto,
 
     *ciphertext = NULL;
 
-    EVP_CIPHER_CTX_init(&evp);
-
-    ivec->length = EVP_CIPHER_iv_length(crypto->c);
-    ivec->data = malloc(ivec->length);
-    if (ivec->data == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
+    assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
 
-    if (RAND_bytes(ivec->data, ivec->length) <= 0) {
-	ret = HX509_CRYPTO_INTERNAL_ERROR;
-	goto out;
-    }
+    EVP_CIPHER_CTX_init(&evp);
 
     ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
 			    crypto->key.data, ivec->data, 1);
@@ -2082,10 +2094,6 @@ hx509_crypto_encrypt(hx509_crypto crypto,
 
  out:
     if (ret) {
-	if (ivec->data) {
-	    free(ivec->data);
-	    memset(ivec, 0, sizeof(*ivec));
-	}
 	if (*ciphertext) {
 	    if ((*ciphertext)->data) {
 		free((*ciphertext)->data);
@@ -2286,6 +2294,24 @@ find_string2key(const heim_oid *oid,
     return NULL;
 }
 
+/*
+ *
+ */
+
+int
+_hx509_pbe_encrypt(hx509_context context,
+		   hx509_lock lock,
+		   const AlgorithmIdentifier *ai,
+		   const heim_octet_string *content,
+		   heim_octet_string *econtent)
+{
+    hx509_clear_error_string(context);
+    return EINVAL;
+}
+
+/*
+ *
+ */
 
 int
 _hx509_pbe_decrypt(hx509_context context,
-- 
cgit