X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_gssapi.git;a=blobdiff_plain;f=src%2Fcrypto.c;h=a902d63a2a450afd144eff87ffa4a154b134a68d;hp=584bf1631d9ecd8fe1aadd276bc6b0a2d383845e;hb=1bd0ed87c79f4e80df3024fb1e1441255d517c3c;hpb=6e86569afd4812f5674810ab66ee67fd5251d538

diff --git a/src/crypto.c b/src/crypto.c
index 584bf16..a902d63 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -57,13 +57,13 @@ apr_status_t SEAL_KEY_CREATE(apr_pool_t *p, struct seal_key **skey,
         memcpy(n->ekey, keys->value, keylen);
         memcpy(n->hkey, keys->value + keylen, keylen);
     } else {
-        ret = RAND_bytes(n->ekey, keylen);
+        ret = apr_generate_random_bytes(n->ekey, keylen);
         if (ret == 0) {
             ret = EFAULT;
             goto done;
         }
 
-        ret = RAND_bytes(n->hkey, keylen);
+        ret = apr_generate_random_bytes(n->hkey, keylen);
         if (ret == 0) {
             ret = EFAULT;
             goto done;
@@ -85,10 +85,11 @@ done:
 apr_status_t SEAL_BUFFER(apr_pool_t *p, struct seal_key *skey,
                          struct databuf *plain, struct databuf *cipher)
 {
+    int blksz = skey->cipher->block_size;
     apr_status_t err = EFAULT;
     EVP_CIPHER_CTX ctx = { 0 };
     HMAC_CTX hmac_ctx = { 0 };
-    uint8_t rbuf[16];
+    uint8_t rbuf[blksz];
     unsigned int len;
     int outlen, totlen;
     int ret;
@@ -97,12 +98,12 @@ apr_status_t SEAL_BUFFER(apr_pool_t *p, struct seal_key *skey,
 
     /* confounder to avoid exposing random numbers directly to clients
      * as IVs */
-    ret = RAND_bytes(rbuf, 16);
+    ret = apr_generate_random_bytes(rbuf, sizeof(rbuf));
     if (ret == 0) goto done;
 
     if (cipher->length == 0) {
         /* add space for confounder and padding and MAC */
-        cipher->length = (plain->length / 16 + 2) * 16;
+        cipher->length = (plain->length / blksz + 2) * blksz;
         cipher->value = apr_palloc(p, cipher->length + skey->md->md_size);
         if (!cipher->value) {
             err = ENOMEM;
@@ -115,7 +116,7 @@ apr_status_t SEAL_BUFFER(apr_pool_t *p, struct seal_key *skey,
     totlen = 0;
 
     outlen = cipher->length;
-    ret = EVP_EncryptUpdate(&ctx, cipher->value, &outlen, rbuf, 16);
+    ret = EVP_EncryptUpdate(&ctx, cipher->value, &outlen, rbuf, sizeof(rbuf));
     if (ret == 0) goto done;
     totlen += outlen;
 
@@ -214,8 +215,8 @@ apr_status_t UNSEAL_BUFFER(apr_pool_t *p, struct seal_key *skey,
 
     totlen += outlen;
     /* now remove the confounder */
-    totlen -= 16;
-    memmove(plain->value, plain->value + 16, totlen);
+    totlen -= skey->cipher->block_size;
+    memmove(plain->value, plain->value + skey->cipher->block_size, totlen);
 
     plain->length = totlen;
     err = 0;