diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-10-03 18:07:44 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-10-03 18:07:44 +0000 |
commit | 228548a2afeb4075d6da16e78bb97ca44c7bfabd (patch) | |
tree | 0ae007bb1b32dc072be0e88907b6f6111d7c4453 /src/lib/crypto/krb/dk/derive.c | |
parent | 8025c33f6285b8773a927351c0b3503d878565f1 (diff) | |
download | krb5-228548a2afeb4075d6da16e78bb97ca44c7bfabd.zip krb5-228548a2afeb4075d6da16e78bb97ca44c7bfabd.tar.gz krb5-228548a2afeb4075d6da16e78bb97ca44c7bfabd.tar.bz2 |
Update the crypto derived key support code to conform to most of the
current coding practices (except lack of tabs). Use the helper
functions k5alloc, zapfree, and find_enctype to reduce code size.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22840 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/krb/dk/derive.c')
-rw-r--r-- | src/lib/crypto/krb/dk/derive.c | 157 |
1 files changed, 57 insertions, 100 deletions
diff --git a/src/lib/crypto/krb/dk/derive.c b/src/lib/crypto/krb/dk/derive.c index 77b05fa..8c8214c 100644 --- a/src/lib/crypto/krb/dk/derive.c +++ b/src/lib/crypto/krb/dk/derive.c @@ -32,33 +32,27 @@ krb5_derive_key(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, krb5_keyblock *outkey, const krb5_data *in_constant) { - size_t blocksize, keybytes, keylength, n; - unsigned char *inblockdata, *outblockdata, *rawkey; + size_t blocksize, keybytes, n; + unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL; krb5_data inblock, outblock; + krb5_error_code ret; blocksize = enc->block_size; keybytes = enc->keybytes; - keylength = enc->keylength; - if ((inkey->length != keylength) || - (outkey->length != keylength)) - return(KRB5_CRYPTO_INTERNAL); + if (inkey->length != enc->keylength || outkey->length != enc->keylength) + return KRB5_CRYPTO_INTERNAL; - /* allocate and set up buffers */ - - if ((inblockdata = (unsigned char *) malloc(blocksize)) == NULL) - return(ENOMEM); - - if ((outblockdata = (unsigned char *) malloc(blocksize)) == NULL) { - free(inblockdata); - return(ENOMEM); - } - - if ((rawkey = (unsigned char *) malloc(keybytes)) == NULL) { - free(outblockdata); - free(inblockdata); - return(ENOMEM); - } + /* Allocate and set up buffers. */ + inblockdata = k5alloc(blocksize, &ret); + if (ret) + goto cleanup; + outblockdata = k5alloc(blocksize, &ret); + if (ret) + goto cleanup; + rawkey = k5alloc(keybytes, &ret); + if (ret) + goto cleanup; inblock.data = (char *) inblockdata; inblock.length = blocksize; @@ -66,7 +60,7 @@ krb5_derive_key(const struct krb5_enc_provider *enc, outblock.data = (char *) outblockdata; outblock.length = blocksize; - /* initialize the input block */ + /* Initialize the input block. */ if (in_constant->length == inblock.length) { memcpy(inblock.data, in_constant->data, inblock.length); @@ -75,14 +69,16 @@ krb5_derive_key(const struct krb5_enc_provider *enc, inblock.length*8, (unsigned char *) inblock.data); } - /* loop encrypting the blocks until enough key bytes are generated */ + /* Loop encrypting the blocks until enough key bytes are generated */ n = 0; while (n < keybytes) { - (*(enc->encrypt))(inkey, 0, &inblock, &outblock); + ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock); + if (ret) + goto cleanup; if ((keybytes - n) <= outblock.length) { - memcpy(rawkey+n, outblock.data, (keybytes - n)); + memcpy(rawkey + n, outblock.data, (keybytes - n)); break; } @@ -96,19 +92,15 @@ krb5_derive_key(const struct krb5_enc_provider *enc, inblock.data = (char *) rawkey; inblock.length = keybytes; - (*(enc->make_key))(&inblock, outkey); - - /* clean memory, free resources and exit */ - - memset(inblockdata, 0, blocksize); - memset(outblockdata, 0, blocksize); - memset(rawkey, 0, keybytes); + ret = (*enc->make_key)(&inblock, outkey); + if (ret) + goto cleanup; - free(rawkey); - free(outblockdata); - free(inblockdata); - - return(0); +cleanup: + zapfree(inblockdata, blocksize); + zapfree(outblockdata, blocksize); + zapfree(rawkey, keybytes); + return ret; } @@ -117,33 +109,28 @@ krb5_derive_random(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, krb5_data *outrnd, const krb5_data *in_constant) { - size_t blocksize, keybytes, keylength, n; - unsigned char *inblockdata, *outblockdata, *rawkey; + size_t blocksize, keybytes, n; + unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL; krb5_data inblock, outblock; + krb5_error_code ret; blocksize = enc->block_size; keybytes = enc->keybytes; - keylength = enc->keylength; - - if ((inkey->length != keylength) || - (outrnd->length != keybytes)) - return(KRB5_CRYPTO_INTERNAL); - /* allocate and set up buffers */ + if (inkey->length != enc->keylength || outrnd->length != keybytes) + return KRB5_CRYPTO_INTERNAL; - if ((inblockdata = (unsigned char *) malloc(blocksize)) == NULL) - return(ENOMEM); + /* Allocate and set up buffers. */ - if ((outblockdata = (unsigned char *) malloc(blocksize)) == NULL) { - free(inblockdata); - return(ENOMEM); - } - - if ((rawkey = (unsigned char *) malloc(keybytes)) == NULL) { - free(outblockdata); - free(inblockdata); - return(ENOMEM); - } + inblockdata = k5alloc(blocksize, &ret); + if (ret) + goto cleanup; + outblockdata = k5alloc(blocksize, &ret); + if (ret) + goto cleanup; + rawkey = k5alloc(keybytes, &ret); + if (ret) + goto cleanup; inblock.data = (char *) inblockdata; inblock.length = blocksize; @@ -151,8 +138,7 @@ krb5_derive_random(const struct krb5_enc_provider *enc, outblock.data = (char *) outblockdata; outblock.length = blocksize; - /* initialize the input block */ - + /* Initialize the input block. */ if (in_constant->length == inblock.length) { memcpy(inblock.data, in_constant->data, inblock.length); } else { @@ -160,14 +146,15 @@ krb5_derive_random(const struct krb5_enc_provider *enc, inblock.length*8, (unsigned char *) inblock.data); } - /* loop encrypting the blocks until enough key bytes are generated */ - + /* Loop encrypting the blocks until enough key bytes are generated. */ n = 0; while (n < keybytes) { - (*(enc->encrypt))(inkey, 0, &inblock, &outblock); + ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock); + if (ret) + goto cleanup; if ((keybytes - n) <= outblock.length) { - memcpy(rawkey+n, outblock.data, (keybytes - n)); + memcpy(rawkey + n, outblock.data, (keybytes - n)); break; } @@ -176,42 +163,12 @@ krb5_derive_random(const struct krb5_enc_provider *enc, n += outblock.length; } - /* postprocess the key */ - - memcpy (outrnd->data, rawkey, keybytes); - - /* clean memory, free resources and exit */ - - memset(inblockdata, 0, blocksize); - memset(outblockdata, 0, blocksize); - memset(rawkey, 0, keybytes); - - free(rawkey); - free(outblockdata); - free(inblockdata); - - return(0); -} - -#if 0 -#include "etypes.h" -void -krb5_random2key (krb5_enctype enctype, krb5_data *inblock, - krb5_keyblock *outkey) -{ - int i; - const struct krb5_enc_provider *enc; - - for (i=0; i<krb5_enctypes_length; i++) { - if (krb5_enctypes_list[i].etype == enctype) - break; - } - - if (i == krb5_enctypes_length) - abort (); - - enc = krb5_enctypes_list[i].enc; + /* Postprocess the key. */ + memcpy(outrnd->data, rawkey, keybytes); - enc->make_key (inblock, outkey); +cleanup: + zapfree(inblockdata, blocksize); + zapfree(outblockdata, blocksize); + zapfree(rawkey, keybytes); + return ret; } -#endif |