aboutsummaryrefslogtreecommitdiff
path: root/src/lib/crypto/krb/dk/derive.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/crypto/krb/dk/derive.c')
-rw-r--r--src/lib/crypto/krb/dk/derive.c157
1 files changed, 57 insertions, 100 deletions
diff --git a/src/lib/crypto/krb/dk/derive.c b/src/lib/crypto/krb/dk/derive.c
index 77b05fa..8c8214c 100644
--- a/src/lib/crypto/krb/dk/derive.c
+++ b/src/lib/crypto/krb/dk/derive.c
@@ -32,33 +32,27 @@ krb5_derive_key(const struct krb5_enc_provider *enc,
const krb5_keyblock *inkey, krb5_keyblock *outkey,
const krb5_data *in_constant)
{
- size_t blocksize, keybytes, keylength, n;
- unsigned char *inblockdata, *outblockdata, *rawkey;
+ size_t blocksize, keybytes, n;
+ unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL;
krb5_data inblock, outblock;
+ krb5_error_code ret;
blocksize = enc->block_size;
keybytes = enc->keybytes;
- keylength = enc->keylength;
- if ((inkey->length != keylength) ||
- (outkey->length != keylength))
- return(KRB5_CRYPTO_INTERNAL);
+ if (inkey->length != enc->keylength || outkey->length != enc->keylength)
+ return KRB5_CRYPTO_INTERNAL;
- /* allocate and set up buffers */
-
- if ((inblockdata = (unsigned char *) malloc(blocksize)) == NULL)
- return(ENOMEM);
-
- if ((outblockdata = (unsigned char *) malloc(blocksize)) == NULL) {
- free(inblockdata);
- return(ENOMEM);
- }
-
- if ((rawkey = (unsigned char *) malloc(keybytes)) == NULL) {
- free(outblockdata);
- free(inblockdata);
- return(ENOMEM);
- }
+ /* Allocate and set up buffers. */
+ inblockdata = k5alloc(blocksize, &ret);
+ if (ret)
+ goto cleanup;
+ outblockdata = k5alloc(blocksize, &ret);
+ if (ret)
+ goto cleanup;
+ rawkey = k5alloc(keybytes, &ret);
+ if (ret)
+ goto cleanup;
inblock.data = (char *) inblockdata;
inblock.length = blocksize;
@@ -66,7 +60,7 @@ krb5_derive_key(const struct krb5_enc_provider *enc,
outblock.data = (char *) outblockdata;
outblock.length = blocksize;
- /* initialize the input block */
+ /* Initialize the input block. */
if (in_constant->length == inblock.length) {
memcpy(inblock.data, in_constant->data, inblock.length);
@@ -75,14 +69,16 @@ krb5_derive_key(const struct krb5_enc_provider *enc,
inblock.length*8, (unsigned char *) inblock.data);
}
- /* loop encrypting the blocks until enough key bytes are generated */
+ /* Loop encrypting the blocks until enough key bytes are generated */
n = 0;
while (n < keybytes) {
- (*(enc->encrypt))(inkey, 0, &inblock, &outblock);
+ ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
+ if (ret)
+ goto cleanup;
if ((keybytes - n) <= outblock.length) {
- memcpy(rawkey+n, outblock.data, (keybytes - n));
+ memcpy(rawkey + n, outblock.data, (keybytes - n));
break;
}
@@ -96,19 +92,15 @@ krb5_derive_key(const struct krb5_enc_provider *enc,
inblock.data = (char *) rawkey;
inblock.length = keybytes;
- (*(enc->make_key))(&inblock, outkey);
-
- /* clean memory, free resources and exit */
-
- memset(inblockdata, 0, blocksize);
- memset(outblockdata, 0, blocksize);
- memset(rawkey, 0, keybytes);
+ ret = (*enc->make_key)(&inblock, outkey);
+ if (ret)
+ goto cleanup;
- free(rawkey);
- free(outblockdata);
- free(inblockdata);
-
- return(0);
+cleanup:
+ zapfree(inblockdata, blocksize);
+ zapfree(outblockdata, blocksize);
+ zapfree(rawkey, keybytes);
+ return ret;
}
@@ -117,33 +109,28 @@ krb5_derive_random(const struct krb5_enc_provider *enc,
const krb5_keyblock *inkey, krb5_data *outrnd,
const krb5_data *in_constant)
{
- size_t blocksize, keybytes, keylength, n;
- unsigned char *inblockdata, *outblockdata, *rawkey;
+ size_t blocksize, keybytes, n;
+ unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL;
krb5_data inblock, outblock;
+ krb5_error_code ret;
blocksize = enc->block_size;
keybytes = enc->keybytes;
- keylength = enc->keylength;
-
- if ((inkey->length != keylength) ||
- (outrnd->length != keybytes))
- return(KRB5_CRYPTO_INTERNAL);
- /* allocate and set up buffers */
+ if (inkey->length != enc->keylength || outrnd->length != keybytes)
+ return KRB5_CRYPTO_INTERNAL;
- if ((inblockdata = (unsigned char *) malloc(blocksize)) == NULL)
- return(ENOMEM);
+ /* Allocate and set up buffers. */
- if ((outblockdata = (unsigned char *) malloc(blocksize)) == NULL) {
- free(inblockdata);
- return(ENOMEM);
- }
-
- if ((rawkey = (unsigned char *) malloc(keybytes)) == NULL) {
- free(outblockdata);
- free(inblockdata);
- return(ENOMEM);
- }
+ inblockdata = k5alloc(blocksize, &ret);
+ if (ret)
+ goto cleanup;
+ outblockdata = k5alloc(blocksize, &ret);
+ if (ret)
+ goto cleanup;
+ rawkey = k5alloc(keybytes, &ret);
+ if (ret)
+ goto cleanup;
inblock.data = (char *) inblockdata;
inblock.length = blocksize;
@@ -151,8 +138,7 @@ krb5_derive_random(const struct krb5_enc_provider *enc,
outblock.data = (char *) outblockdata;
outblock.length = blocksize;
- /* initialize the input block */
-
+ /* Initialize the input block. */
if (in_constant->length == inblock.length) {
memcpy(inblock.data, in_constant->data, inblock.length);
} else {
@@ -160,14 +146,15 @@ krb5_derive_random(const struct krb5_enc_provider *enc,
inblock.length*8, (unsigned char *) inblock.data);
}
- /* loop encrypting the blocks until enough key bytes are generated */
-
+ /* Loop encrypting the blocks until enough key bytes are generated. */
n = 0;
while (n < keybytes) {
- (*(enc->encrypt))(inkey, 0, &inblock, &outblock);
+ ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
+ if (ret)
+ goto cleanup;
if ((keybytes - n) <= outblock.length) {
- memcpy(rawkey+n, outblock.data, (keybytes - n));
+ memcpy(rawkey + n, outblock.data, (keybytes - n));
break;
}
@@ -176,42 +163,12 @@ krb5_derive_random(const struct krb5_enc_provider *enc,
n += outblock.length;
}
- /* postprocess the key */
-
- memcpy (outrnd->data, rawkey, keybytes);
-
- /* clean memory, free resources and exit */
-
- memset(inblockdata, 0, blocksize);
- memset(outblockdata, 0, blocksize);
- memset(rawkey, 0, keybytes);
-
- free(rawkey);
- free(outblockdata);
- free(inblockdata);
-
- return(0);
-}
-
-#if 0
-#include "etypes.h"
-void
-krb5_random2key (krb5_enctype enctype, krb5_data *inblock,
- krb5_keyblock *outkey)
-{
- int i;
- const struct krb5_enc_provider *enc;
-
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype)
- break;
- }
-
- if (i == krb5_enctypes_length)
- abort ();
-
- enc = krb5_enctypes_list[i].enc;
+ /* Postprocess the key. */
+ memcpy(outrnd->data, rawkey, keybytes);
- enc->make_key (inblock, outkey);
+cleanup:
+ zapfree(inblockdata, blocksize);
+ zapfree(outblockdata, blocksize);
+ zapfree(rawkey, keybytes);
+ return ret;
}
-#endif
generated by cgit v1.1 at 2024-07-09 06:28:40 +0000