diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c
index 97e0022ee..9d3b51203 100644
--- a/lib/krb5/get_cred.c
+++ b/lib/krb5/get_cred.c
@@ -375,17 +375,18 @@ decrypt_tkt_with_subkey (krb5_context context,
     if (ret)
 	return ret;
 
-    ret = krb5_decode_EncASRepPart(context,
-				   data.data,
+    ret = decode_EncASRepPart(data.data,
+			      data.length,
+			      &dec_rep->enc_part,
+			      &size);
+    if (ret)
+	ret = decode_EncTGSRepPart(data.data,
 				   data.length,
 				   &dec_rep->enc_part,
 				   &size);
     if (ret)
-	ret = krb5_decode_EncTGSRepPart(context,
-					data.data,
-					data.length,
-					&dec_rep->enc_part,
-					&size);
+      krb5_set_error_message(context, ret, 
+			     N_("Failed to decode encpart in ticket", ""));
     krb5_data_free (&data);
     return ret;
 }
diff --git a/lib/krb5/rd_cred.c b/lib/krb5/rd_cred.c
index dc5103301..30e82d8de 100644
--- a/lib/krb5/rd_cred.c
+++ b/lib/krb5/rd_cred.c
@@ -149,15 +149,18 @@ krb5_rd_cred(krb5_context context,
 	    goto out;
     }
 
-    ret = krb5_decode_EncKrbCredPart (context,
-				      enc_krb_cred_part_data.data,
-				      enc_krb_cred_part_data.length,
-				      &enc_krb_cred_part,
-				      &len);
+    ret = decode_EncKrbCredPart(enc_krb_cred_part_data.data,
+				enc_krb_cred_part_data.length,
+				&enc_krb_cred_part,
+				&len);
     if (enc_krb_cred_part_data.data != cred.enc_part.cipher.data)
 	krb5_data_free(&enc_krb_cred_part_data);
-    if (ret)
+    if (ret) {
+	krb5_set_error_message(context, ret,
+			       N_("Failed to decode "
+				  "encrypte credential part", ""));
 	goto out;
+    }
 
     /* check sender address */
 
diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c
index 057e95d5d..aa035844d 100644
--- a/lib/krb5/rd_req.c
+++ b/lib/krb5/rd_req.c
@@ -58,8 +58,11 @@ decrypt_tkt_enc_part (krb5_context context,
     if (ret)
 	return ret;
 
-    ret = krb5_decode_EncTicketPart(context, plain.data, plain.length,
-				    decr_part, &len);
+    ret = decode_EncTicketPart(plain.data, plain.length, decr_part, &len);
+    if (ret)
+        krb5_set_error_message(context, ret, 
+			       N_("Failed to decode encrypted "
+				  "ticket part", ""));
     krb5_data_free (&plain);
     return ret;
 }
@@ -881,8 +884,8 @@ krb5_rd_req_ctx(krb5_context context,
 	    krb5_pac_free(context, pac);
 	    if (ret)
 		goto out;
-	}
-	ret = 0;
+	} else
+	  ret = 0;
     }
 out:
     if (ret || outctx == NULL) {