svn rev #22842: branches/enc-perf/src/ include/ lib/crypto/krb/ lib/crypto/krb/dk/
ghudson@MIT.EDU
ghudson at MIT.EDU
Sat Oct 3 17:02:45 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22842
Commit By: ghudson
Log Message:
Merge trunk changes from r22833 to r22841 to enc-perf branch.
Changed Files:
U branches/enc-perf/src/include/k5-int.h
U branches/enc-perf/src/lib/crypto/krb/aead.c
U branches/enc-perf/src/lib/crypto/krb/block_size.c
U branches/enc-perf/src/lib/crypto/krb/cf2.c
U branches/enc-perf/src/lib/crypto/krb/checksum_length.c
U branches/enc-perf/src/lib/crypto/krb/cksumtype_to_string.c
U branches/enc-perf/src/lib/crypto/krb/cksumtypes.c
U branches/enc-perf/src/lib/crypto/krb/cksumtypes.h
U branches/enc-perf/src/lib/crypto/krb/coll_proof_cksum.c
U branches/enc-perf/src/lib/crypto/krb/combine_keys.c
U branches/enc-perf/src/lib/crypto/krb/crypto_length.c
U branches/enc-perf/src/lib/crypto/krb/decrypt.c
U branches/enc-perf/src/lib/crypto/krb/decrypt_iov.c
U branches/enc-perf/src/lib/crypto/krb/dk/checksum.c
U branches/enc-perf/src/lib/crypto/krb/dk/derive.c
U branches/enc-perf/src/lib/crypto/krb/dk/dk.h
U branches/enc-perf/src/lib/crypto/krb/dk/dk_aead.c
U branches/enc-perf/src/lib/crypto/krb/dk/dk_decrypt.c
U branches/enc-perf/src/lib/crypto/krb/dk/dk_encrypt.c
U branches/enc-perf/src/lib/crypto/krb/dk/stringtokey.c
U branches/enc-perf/src/lib/crypto/krb/encrypt.c
U branches/enc-perf/src/lib/crypto/krb/encrypt_iov.c
U branches/enc-perf/src/lib/crypto/krb/encrypt_length.c
U branches/enc-perf/src/lib/crypto/krb/enctype_compare.c
U branches/enc-perf/src/lib/crypto/krb/enctype_to_string.c
U branches/enc-perf/src/lib/crypto/krb/etypes.c
U branches/enc-perf/src/lib/crypto/krb/etypes.h
U branches/enc-perf/src/lib/crypto/krb/keyblocks.c
U branches/enc-perf/src/lib/crypto/krb/keyed_checksum_types.c
U branches/enc-perf/src/lib/crypto/krb/keyed_cksum.c
U branches/enc-perf/src/lib/crypto/krb/keylengths.c
U branches/enc-perf/src/lib/crypto/krb/make_checksum.c
U branches/enc-perf/src/lib/crypto/krb/make_checksum_iov.c
U branches/enc-perf/src/lib/crypto/krb/make_random_key.c
U branches/enc-perf/src/lib/crypto/krb/mandatory_sumtype.c
U branches/enc-perf/src/lib/crypto/krb/old_api_glue.c
U branches/enc-perf/src/lib/crypto/krb/prf.c
U branches/enc-perf/src/lib/crypto/krb/prng.c
U branches/enc-perf/src/lib/crypto/krb/random_to_key.c
U branches/enc-perf/src/lib/crypto/krb/state.c
U branches/enc-perf/src/lib/crypto/krb/string_to_cksumtype.c
U branches/enc-perf/src/lib/crypto/krb/string_to_enctype.c
U branches/enc-perf/src/lib/crypto/krb/string_to_key.c
U branches/enc-perf/src/lib/crypto/krb/valid_cksumtype.c
U branches/enc-perf/src/lib/crypto/krb/valid_enctype.c
U branches/enc-perf/src/lib/crypto/krb/verify_checksum.c
U branches/enc-perf/src/lib/crypto/krb/verify_checksum_iov.c
Modified: branches/enc-perf/src/include/k5-int.h
===================================================================
--- branches/enc-perf/src/include/k5-int.h 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/include/k5-int.h 2009-10-03 21:02:44 UTC (rev 22842)
@@ -781,6 +781,16 @@
#endif /* WIN32 */
#define zap(p,l) krb5int_zap_data(p,l)
+/* Convenience function: zap and free ptr if it is non-NULL. */
+static inline void
+zapfree(void *ptr, size_t len)
+{
+ if (ptr != NULL) {
+ zap(ptr, len);
+ free(ptr);
+ }
+}
+
/* A definition of init_state for DES based encryption systems.
* sets up an 8-byte IV of all zeros
*/
@@ -2833,6 +2843,17 @@
&& !memcmp(a1.contents, a2.contents, a1.length));
}
+/* Allocate zeroed memory; set *code to 0 on success or ENOMEM on failure. */
+static inline void *
+k5alloc(size_t size, krb5_error_code *code)
+{
+ void *ptr;
+
+ ptr = calloc(size, 1);
+ *code = (ptr == NULL) ? ENOMEM : 0;
+ return ptr;
+}
+
krb5_error_code KRB5_CALLCONV
krb5int_pac_sign(krb5_context context,
krb5_pac pac,
Modified: branches/enc-perf/src/lib/crypto/krb/aead.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/aead.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/aead.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -72,8 +72,8 @@
num_sign_data++;
}
- /* XXX cleanup to avoid alloc */
- sign_data = (krb5_data *)calloc(num_sign_data, sizeof(krb5_data));
+ /* XXX cleanup to avoid alloc. */
+ sign_data = calloc(num_sign_data, sizeof(krb5_data));
if (sign_data == NULL)
return ENOMEM;
@@ -84,7 +84,7 @@
sign_data[j++] = iov->data;
}
- ret = hash_provider->hash(num_sign_data, sign_data, output);
+ ret = (*hash_provider->hash)(num_sign_data, sign_data, output);
free(sign_data);
@@ -99,36 +99,26 @@
size_t num_data,
krb5_data *cksum_data)
{
- int e1, e2;
+ const struct krb5_keytypes *e1, *e2;
krb5_error_code ret;
if (cksum_type->keyhash != NULL) {
- /* check if key is compatible */
+ /* Check if key is compatible. */
if (cksum_type->keyed_etype) {
- for (e1=0; e1<krb5_enctypes_length; e1++)
- if (krb5_enctypes_list[e1].etype ==
- cksum_type->keyed_etype)
- break;
-
- for (e2=0; e2<krb5_enctypes_length; e2++)
- if (krb5_enctypes_list[e2].etype == key->enctype)
- break;
-
- if ((e1 == krb5_enctypes_length) ||
- (e2 == krb5_enctypes_length) ||
- (krb5_enctypes_list[e1].enc != krb5_enctypes_list[e2].enc)) {
+ e1 = find_enctype(cksum_type->keyed_etype);
+ e2 = find_enctype(key->enctype);
+ if (e1 == NULL || e2 == NULL || e1->enc != e2->enc) {
ret = KRB5_BAD_ENCTYPE;
goto cleanup;
}
}
- if (cksum_type->keyhash->hash_iov == NULL) {
+ if (cksum_type->keyhash->hash_iov == NULL)
return KRB5_BAD_ENCTYPE;
- }
- ret = (*(cksum_type->keyhash->hash_iov))(key, usage, 0,
- data, num_data, cksum_data);
+ ret = (*cksum_type->keyhash->hash_iov)(key, usage, 0, data, num_data,
+ cksum_data);
} else if (cksum_type->flags & KRB5_CKSUMFLAG_DERIVE) {
ret = krb5int_dk_make_checksum_iov(cksum_type->hash,
key, usage, data, num_data,
@@ -364,22 +354,25 @@
stream = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM);
assert(stream != NULL);
- ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER, &header_len);
+ ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
+ &header_len);
if (ret != 0)
return ret;
- ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, &trailer_len);
+ ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
+ &trailer_len);
if (ret != 0)
return ret;
- ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &padding_len);
+ ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
+ &padding_len);
if (ret != 0)
return ret;
if (stream->data.length < header_len + trailer_len)
return KRB5_BAD_MSIZE;
- iov = (krb5_crypto_iov *)calloc(num_data + 2, sizeof(krb5_crypto_iov));
+ iov = calloc(num_data + 2, sizeof(krb5_crypto_iov));
if (iov == NULL)
return ENOMEM;
@@ -400,14 +393,18 @@
got_data++;
data[j].data.data = stream->data.data + header_len;
- data[j].data.length = stream->data.length - header_len - trailer_len;
+ data[j].data.length = stream->data.length - header_len
+ - trailer_len;
}
if (data[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY ||
data[j].flags == KRB5_CRYPTO_TYPE_DATA)
iov[i++] = data[j];
}
- /* XXX not self-describing with respect to length, this is the best we can do */
+ /*
+ * XXX not self-describing with respect to length, this is the best
+ * we can do.
+ */
iov[i].flags = KRB5_CRYPTO_TYPE_PADDING;
iov[i].data.data = NULL;
iov[i].data.length = 0;
@@ -420,7 +417,7 @@
assert(i <= num_data + 2);
- ret = aead->decrypt_iov(aead, enc, hash, key, keyusage, ivec, iov, i);
+ ret = (*aead->decrypt_iov)(aead, enc, hash, key, keyusage, ivec, iov, i);
free(iov);
@@ -437,7 +434,8 @@
unsigned int padding;
krb5_error_code ret;
- ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &padding);
+ ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
+ &padding);
if (ret != 0)
return ret;
@@ -463,21 +461,23 @@
unsigned int padding_len = 0;
unsigned int trailer_len = 0;
- ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
- &header_len);
+ ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
+ &header_len);
if (ret != 0)
return ret;
- ret = krb5int_c_padding_length(aead, enc, hash, input->length, &padding_len);
+ ret = krb5int_c_padding_length(aead, enc, hash, input->length,
+ &padding_len);
if (ret != 0)
return ret;
- ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
- &trailer_len);
+ ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
+ &trailer_len);
if (ret != 0)
return ret;
- if (output->length < header_len + input->length + padding_len + trailer_len)
+ if (output->length <
+ header_len + input->length + padding_len + trailer_len)
return KRB5_BAD_MSIZE;
iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
@@ -497,9 +497,8 @@
iov[3].data.data = iov[2].data.data + iov[2].data.length;
iov[3].data.length = trailer_len;
- ret = aead->encrypt_iov(aead, enc, hash, key,
- usage, ivec,
- iov, sizeof(iov)/sizeof(iov[0]));
+ ret = (*aead->encrypt_iov)(aead, enc, hash, key, usage, ivec,
+ iov, sizeof(iov) / sizeof(iov[0]));
if (ret != 0)
zap(iov[1].data.data, iov[1].data.length);
@@ -548,8 +547,7 @@
output->length = iov[1].data.length;
cleanup:
- zap(iov[0].data.data, iov[0].data.length);
- free(iov[0].data.data);
+ zapfree(iov[0].data.data, iov[0].data.length);
return ret;
}
@@ -564,9 +562,11 @@
unsigned int padding_len = 0;
unsigned int trailer_len = 0;
- aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER, &header_len);
+ (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
+ &header_len);
krb5int_c_padding_length(aead, enc, hash, inputlen, &padding_len);
- aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, &trailer_len);
+ (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
+ &trailer_len);
*length = header_len + inputlen + padding_len + trailer_len;
}
Modified: branches/enc-perf/src/lib/crypto/krb/block_size.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/block_size.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/block_size.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -31,17 +31,12 @@
krb5_c_block_size(krb5_context context, krb5_enctype enctype,
size_t *blocksize)
{
- int i;
+ const struct krb5_keytypes *ktp;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype)
- break;
- }
+ ktp = find_enctype(enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ *blocksize = ktp->enc->block_size;
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
- *blocksize = krb5_enctypes_list[i].enc->block_size;
-
- return(0);
+ return 0;
}
Modified: branches/enc-perf/src/lib/crypto/krb/cf2.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/cf2.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/cf2.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -40,8 +40,8 @@
* a count byte to get enough bits of output.
*/
static krb5_error_code
-prf_plus( krb5_context context, krb5_keyblock *k,const char *pepper,
- size_t keybytes, char **out)
+prf_plus(krb5_context context, krb5_keyblock *k, const char *pepper,
+ size_t keybytes, char **out)
{
krb5_error_code retval = 0;
size_t prflen, iterations;
@@ -49,46 +49,44 @@
krb5_data in_data;
char *buffer = NULL;
struct k5buf prf_inbuf;
+
krb5int_buf_init_dynamic(&prf_inbuf);
- krb5int_buf_add_len( &prf_inbuf, "\001", 1);
- krb5int_buf_add( &prf_inbuf, pepper);
+ krb5int_buf_add_len(&prf_inbuf, "\001", 1);
+ krb5int_buf_add(&prf_inbuf, pepper);
retval = krb5_c_prf_length( context, k->enctype, &prflen);
- if (retval != 0)
+ if (retval)
goto cleanup;
- iterations = keybytes/prflen;
- if ((keybytes%prflen) != 0)
+ iterations = keybytes / prflen;
+ if (keybytes % prflen != 0)
iterations++;
assert(iterations <= 254);
- buffer = malloc(iterations*prflen);
- if (buffer == NULL) {
- retval = ENOMEM;
+ buffer = k5alloc(iterations * prflen, &retval);
+ if (retval)
goto cleanup;
- }
- if (krb5int_buf_len( &prf_inbuf) == -1) {
+ if (krb5int_buf_len(&prf_inbuf) == -1) {
retval = ENOMEM;
goto cleanup;
}
- in_data.length = (krb5_int32) krb5int_buf_len( &prf_inbuf);
- in_data.data = krb5int_buf_data( &prf_inbuf);
+ in_data.length = (krb5_int32) krb5int_buf_len(&prf_inbuf);
+ in_data.data = krb5int_buf_data(&prf_inbuf);
out_data.length = prflen;
out_data.data = buffer;
while (iterations > 0) {
- retval = krb5_c_prf( context, k, &in_data, &out_data);
- if (retval != 0)
- goto cleanup;
- out_data.data += prflen;
- in_data.data[0]++;
- iterations--;
+ retval = krb5_c_prf(context, k, &in_data, &out_data);
+ if (retval)
+ goto cleanup;
+ out_data.data += prflen;
+ in_data.data[0]++;
+ iterations--;
}
- cleanup:
- if (retval == 0 )
- *out = buffer;
- else{
- if (buffer != NULL)
- free(buffer);
- }
- krb5int_free_buf( &prf_inbuf);
+
+ *out = buffer;
+ buffer = NULL;
+
+cleanup:
+ free(buffer);
+ krb5int_free_buf(&prf_inbuf);
return retval;
}
@@ -107,48 +105,46 @@
krb5_error_code retval = 0;
krb5_keyblock *out_key = NULL;
-
- if (k1 == NULL ||!krb5_c_valid_enctype(k1->enctype))
+ if (k1 == NULL || !krb5_c_valid_enctype(k1->enctype))
return KRB5_BAD_ENCTYPE;
if (k2 == NULL || !krb5_c_valid_enctype(k2->enctype))
return KRB5_BAD_ENCTYPE;
out_enctype_num = k1->enctype;
assert(out != NULL);
- assert ((out_enctype = find_enctype(out_enctype_num)) != NULL);
+ assert((out_enctype = find_enctype(out_enctype_num)) != NULL);
if (out_enctype->prf == NULL) {
if (context)
- krb5int_set_error(&(context->err) , KRB5_CRYPTO_INTERNAL,
- "Enctype %d has no PRF", out_enctype_num);
+ krb5int_set_error(&(context->err), KRB5_CRYPTO_INTERNAL,
+ "Enctype %d has no PRF", out_enctype_num);
return KRB5_CRYPTO_INTERNAL;
- }
+ }
keybytes = out_enctype->enc->keybytes;
keylength = out_enctype->enc->keylength;
- retval = prf_plus( context, k1, pepper1, keybytes, &prf1);
- if (retval != 0)
- goto cleanup;
- retval = prf_plus( context, k2, pepper2, keybytes, &prf2);
- if (retval != 0)
+ retval = prf_plus(context, k1, pepper1, keybytes, &prf1);
+ if (retval)
goto cleanup;
+ retval = prf_plus(context, k2, pepper2, keybytes, &prf2);
+ if (retval)
+ goto cleanup;
for (i = 0; i < keybytes; i++)
prf1[i] ^= prf2[i];
- zap(prf2, keybytes);
- retval = krb5int_c_init_keyblock( context, out_enctype_num, keylength, &out_key);
- if (retval != 0)
+ retval = krb5int_c_init_keyblock(context, out_enctype_num, keylength,
+ &out_key);
+ if (retval)
goto cleanup;
keydata.data = prf1;
keydata.length = keybytes;
- retval = out_enctype->enc->make_key( &keydata, out_key);
+ retval = (*out_enctype->enc->make_key)(&keydata, out_key);
+ if (retval)
+ goto cleanup;
- cleanup:
- if (retval == 0)
- *out = out_key;
- else krb5int_c_free_keyblock( context, out_key);
- if (prf1 != NULL) {
- zap(prf1, keybytes);
- free(prf1);
- }
- if (prf2 != NULL)
- free(prf2);
+ *out = out_key;
+ out_key = NULL;
+
+cleanup:
+ krb5int_c_free_keyblock( context, out_key);
+ zapfree(prf1, keybytes);
+ zapfree(prf2, keybytes);
return retval;
}
Modified: branches/enc-perf/src/lib/crypto/krb/checksum_length.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/checksum_length.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/checksum_length.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -39,7 +39,7 @@
}
if (i == krb5_cksumtypes_length)
- return(KRB5_BAD_ENCTYPE);
+ return KRB5_BAD_ENCTYPE;
if (krb5_cksumtypes_list[i].keyhash)
*length = krb5_cksumtypes_list[i].keyhash->hashsize;
@@ -48,6 +48,6 @@
else
*length = krb5_cksumtypes_list[i].hash->hashsize;
- return(0);
+ return 0;
}
Modified: branches/enc-perf/src/lib/crypto/krb/cksumtype_to_string.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/cksumtype_to_string.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/cksumtype_to_string.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -32,14 +32,14 @@
{
unsigned int i;
- for (i=0; i<krb5_cksumtypes_length; i++) {
+ for (i = 0; i < krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == cksumtype) {
if (strlcpy(buffer, krb5_cksumtypes_list[i].out_string,
buflen) >= buflen)
- return(ENOMEM);
- return(0);
+ return ENOMEM;
+ return 0;
}
}
- return(EINVAL);
+ return EINVAL;
}
Modified: branches/enc-perf/src/lib/crypto/krb/cksumtypes.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/cksumtypes.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/cksumtypes.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -88,4 +88,4 @@
};
const unsigned int krb5_cksumtypes_length =
-sizeof(krb5_cksumtypes_list)/sizeof(struct krb5_cksumtypes);
+ sizeof(krb5_cksumtypes_list) / sizeof(struct krb5_cksumtypes);
Modified: branches/enc-perf/src/lib/crypto/krb/cksumtypes.h
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/cksumtypes.h 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/cksumtypes.h 2009-10-03 21:02:44 UTC (rev 22842)
@@ -34,23 +34,29 @@
char *name;
char *aliases[2];
char *out_string;
- /* if the hash is keyed, this is the etype it is keyed with.
- Actually, it can be keyed by any etype which has the same
- enc_provider as the specified etype. DERIVE checksums can
- be keyed with any valid etype. */
+ /*
+ * If the hash is keyed, this is the etype it is keyed with.
+ * Actually, it can be keyed by any etype which has the same
+ * enc_provider as the specified etype. DERIVE checksums can
+ * be keyed with any valid etype.
+ */
krb5_enctype keyed_etype;
- /* I can't statically initialize a union, so I'm just going to use
- two pointers here. The keyhash is used if non-NULL. If NULL,
- then HMAC/hash with derived keys is used if the relevant flag
- is set. Otherwise, a non-keyed hash is computed. This is all
- kind of messy, but so is the krb5 api. */
+ /*
+ * I can't statically initialize a union, so I'm just going to use
+ * two pointers here. The keyhash is used if non-NULL. If NULL,
+ * then HMAC/hash with derived keys is used if the relevant flag
+ * is set. Otherwise, a non-keyed hash is computed. This is all
+ * kind of messy, but so is the krb5 api.
+ */
const struct krb5_keyhash_provider *keyhash;
const struct krb5_hash_provider *hash;
- /* This just gets uglier and uglier. In the key derivation case,
- we produce an hmac. To make the hmac code work, we can't hack
- the output size indicated by the hash provider, but we may want
- a truncated hmac. If we want truncation, this is the number of
- bytes we truncate to; it should be 0 otherwise. */
+ /*
+ * This just gets uglier and uglier. In the key derivation case,
+ * we produce an hmac. To make the hmac code work, we can't hack
+ * the output size indicated by the hash provider, but we may want
+ * a truncated hmac. If we want truncation, this is the number of
+ * bytes we truncate to; it should be 0 otherwise.
+ */
unsigned int trunc_size;
};
Modified: branches/enc-perf/src/lib/crypto/krb/coll_proof_cksum.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/coll_proof_cksum.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/coll_proof_cksum.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -32,19 +32,19 @@
{
unsigned int i;
- for (i=0; i<krb5_cksumtypes_length; i++) {
+ for (i = 0; i < krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == ctype)
return((krb5_cksumtypes_list[i].flags &
- KRB5_CKSUMFLAG_NOT_COLL_PROOF)?0:1);
+ KRB5_CKSUMFLAG_NOT_COLL_PROOF) ? FALSE : TRUE);
}
/* ick, but it's better than coredumping, which is what the
old code would have done */
- return(0);
+ return FALSE;
}
krb5_boolean KRB5_CALLCONV
is_coll_proof_cksum(krb5_cksumtype ctype)
{
- return krb5_c_is_coll_proof_cksum (ctype);
+ return krb5_c_is_coll_proof_cksum(ctype);
}
Modified: branches/enc-perf/src/lib/crypto/krb/combine_keys.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/combine_keys.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/combine_keys.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -46,9 +46,9 @@
#include "etypes.h"
#include "dk.h"
-static krb5_error_code dr
-(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
- unsigned char *outdata, const krb5_data *in_constant);
+static krb5_error_code dr(const struct krb5_enc_provider *enc,
+ const krb5_keyblock *inkey, unsigned char *outdata,
+ const krb5_data *in_constant);
/*
* We only support this combine_keys algorithm for des and 3des keys.
@@ -56,86 +56,66 @@
* We don't implement that yet.
*/
-static krb5_boolean enctype_ok (krb5_enctype e)
+static krb5_boolean
+enctype_ok(krb5_enctype e)
{
switch (e) {
case ENCTYPE_DES_CBC_CRC:
case ENCTYPE_DES_CBC_MD4:
case ENCTYPE_DES_CBC_MD5:
case ENCTYPE_DES3_CBC_SHA1:
- return 1;
+ return TRUE;
default:
- return 0;
+ return FALSE;
}
}
-krb5_error_code krb5int_c_combine_keys
-(krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, krb5_keyblock *outkey)
+krb5_error_code
+krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
+ krb5_keyblock *key2, krb5_keyblock *outkey)
{
- unsigned char *r1, *r2, *combined, *rnd, *output;
+ unsigned char *r1 = NULL, *r2 = NULL, *combined = NULL, *rnd = NULL;
+ unsigned char *output = NULL;
size_t keybytes, keylength;
const struct krb5_enc_provider *enc;
krb5_data input, randbits;
krb5_keyblock tkey;
krb5_error_code ret;
- int i, myalloc = 0;
- if (!(enctype_ok(key1->enctype)&&enctype_ok(key2->enctype)))
- return (KRB5_CRYPTO_INTERNAL);
-
+ const struct krb5_keytypes *ktp;
+ krb5_boolean myalloc = FALSE;
+ if (!enctype_ok(key1->enctype) || !enctype_ok(key2->enctype))
+ return KRB5_CRYPTO_INTERNAL;
+
if (key1->length != key2->length || key1->enctype != key2->enctype)
- return (KRB5_CRYPTO_INTERNAL);
+ return KRB5_CRYPTO_INTERNAL;
- /*
- * Find our encryption algorithm
- */
+ /* Find our encryption algorithm. */
+ ktp = find_enctype(key1->enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ enc = ktp->enc;
- for (i = 0; i < krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == key1->enctype)
- break;
- }
-
- if (i == krb5_enctypes_length)
- return (KRB5_BAD_ENCTYPE);
-
- enc = krb5_enctypes_list[i].enc;
-
keybytes = enc->keybytes;
keylength = enc->keylength;
- /*
- * Allocate and set up buffers
- */
+ /* Allocate and set up buffers. */
+ r1 = k5alloc(keybytes, &ret);
+ if (ret)
+ goto cleanup;
+ r2 = k5alloc(keybytes, &ret);
+ if (ret)
+ goto cleanup;
+ rnd = k5alloc(keybytes, &ret);
+ if (ret)
+ goto cleanup;
+ combined = k5alloc(keybytes * 2, &ret);
+ if (ret)
+ goto cleanup;
+ output = k5alloc(keylength, &ret);
+ if (ret)
+ goto cleanup;
- if ((r1 = (unsigned char *) malloc(keybytes)) == NULL)
- return (ENOMEM);
-
- if ((r2 = (unsigned char *) malloc(keybytes)) == NULL) {
- free(r1);
- return (ENOMEM);
- }
-
- if ((rnd = (unsigned char *) malloc(keybytes)) == NULL) {
- free(r1);
- free(r2);
- return (ENOMEM);
- }
-
- if ((combined = (unsigned char *) malloc(keybytes * 2)) == NULL) {
- free(r1);
- free(r2);
- free(rnd);
- return (ENOMEM);
- }
-
- if ((output = (unsigned char *) malloc(keylength)) == NULL) {
- free(r1);
- free(r2);
- free(rnd);
- free(combined);
- return (ENOMEM);
- }
-
/*
* Get R1 and R2 (by running the input keys through the DR algorithm.
* Note this is most of derive-key, but not all.
@@ -143,34 +123,16 @@
input.length = key2->length;
input.data = (char *) key2->contents;
- if ((ret = dr(enc, key1, r1, &input)))
+ ret = dr(enc, key1, r1, &input);
+ if (ret)
goto cleanup;
-#if 0
- {
- int i;
- printf("R1 =");
- for (i = 0; i < keybytes; i++)
- printf(" %02x", (unsigned char) r1[i]);
- printf("\n");
- }
-#endif
-
input.length = key1->length;
input.data = (char *) key1->contents;
- if ((ret = dr(enc, key2, r2, &input)))
+ ret = dr(enc, key2, r2, &input);
+ if (ret)
goto cleanup;
-#if 0
- {
- int i;
- printf("R2 =");
- for (i = 0; i < keybytes; i++)
- printf(" %02x", (unsigned char) r2[i]);
- printf("\n");
- }
-#endif
-
/*
* Concatenate the two keys together, and then run them through
* n-fold to reduce them to a length appropriate for the random-to-key
@@ -183,16 +145,6 @@
krb5_nfold((keybytes * 2) * 8, combined, keybytes * 8, rnd);
-#if 0
- {
- int i;
- printf("rnd =");
- for (i = 0; i < keybytes; i++)
- printf(" %02x", (unsigned char) rnd[i]);
- printf("\n");
- }
-#endif
-
/*
* Run the "random" bits through random-to-key to produce a encryption
* key.
@@ -203,25 +155,16 @@
tkey.length = keylength;
tkey.contents = output;
- if ((ret = (*(enc->make_key))(&randbits, &tkey)))
+ ret = (*enc->make_key)(&randbits, &tkey);
+ if (ret)
goto cleanup;
-#if 0
- {
- int i;
- printf("tkey =");
- for (i = 0; i < tkey.length; i++)
- printf(" %02x", (unsigned char) tkey.contents[i]);
- printf("\n");
- }
-#endif
-
/*
* Run through derive-key one more time to produce the final key.
* Note that the input to derive-key is the ASCII string "combine".
*/
- input.length = 7; /* Note; change this if string length changes */
+ input.length = 7;
input.data = "combine";
/*
@@ -234,17 +177,16 @@
*/
if (outkey->length == 0 || outkey->contents == NULL) {
- outkey->contents = (krb5_octet *) malloc(keylength);
- if (!outkey->contents) {
- ret = ENOMEM;
+ outkey->contents = k5alloc(keylength, &ret);
+ if (ret)
goto cleanup;
- }
outkey->length = keylength;
outkey->enctype = key1->enctype;
- myalloc = 1;
+ myalloc = TRUE;
}
- if ((ret = krb5_derive_key(enc, &tkey, outkey, &input))) {
+ ret = krb5_derive_key(enc, &tkey, outkey, &input);
+ if (ret) {
if (myalloc) {
free(outkey->contents);
outkey->contents = NULL;
@@ -252,59 +194,39 @@
goto cleanup;
}
-#if 0
- {
- int i;
- printf("output =");
- for (i = 0; i < outkey->length; i++)
- printf(" %02x", (unsigned char) outkey->contents[i]);
- printf("\n");
- }
-#endif
-
- ret = 0;
-
cleanup:
- memset(r1, 0, keybytes);
- memset(r2, 0, keybytes);
- memset(rnd, 0, keybytes);
- memset(combined, 0, keybytes * 2);
- memset(output, 0, keylength);
-
- free(r1);
- free(r2);
- free(rnd);
- free(combined);
- free(output);
-
- return (ret);
+ zapfree(r1, keybytes);
+ zapfree(r2, keybytes);
+ zapfree(rnd, keybytes);
+ zapfree(combined, keybytes * 2);
+ zapfree(output, keylength);
+ return ret;
}
/*
* Our DR function; mostly taken from derive.c
*/
-static krb5_error_code dr
-(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, unsigned char *out, const krb5_data *in_constant)
+static krb5_error_code
+dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
+ unsigned char *out, const krb5_data *in_constant)
{
- size_t blocksize, keybytes, keylength, n;
- unsigned char *inblockdata, *outblockdata;
+ size_t blocksize, keybytes, n;
+ unsigned char *inblockdata = NULL, *outblockdata = NULL;
krb5_data inblock, outblock;
+ krb5_error_code ret;
blocksize = enc->block_size;
keybytes = enc->keybytes;
- keylength = enc->keylength;
- /* allocate and set up buffers */
+ /* Allocate and set up buffers. */
+ inblockdata = k5alloc(blocksize, &ret);
+ if (ret)
+ goto cleanup;
+ outblockdata = k5alloc(blocksize, &ret);
+ if (ret)
+ goto cleanup;
- if ((inblockdata = (unsigned char *) malloc(blocksize)) == NULL)
- return(ENOMEM);
-
- if ((outblockdata = (unsigned char *) malloc(blocksize)) == NULL) {
- free(inblockdata);
- return(ENOMEM);
- }
-
inblock.data = (char *) inblockdata;
inblock.length = blocksize;
@@ -324,26 +246,23 @@
n = 0;
while (n < keybytes) {
- (*(enc->encrypt))(inkey, 0, &inblock, &outblock);
+ ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
+ if (ret)
+ goto cleanup;
if ((keybytes - n) <= outblock.length) {
- memcpy(out+n, outblock.data, (keybytes - n));
+ memcpy(out + n, outblock.data, (keybytes - n));
break;
}
- memcpy(out+n, outblock.data, outblock.length);
+ memcpy(out + n, outblock.data, outblock.length);
memcpy(inblock.data, outblock.data, outblock.length);
n += outblock.length;
}
- /* clean memory, free resources and exit */
-
- memset(inblockdata, 0, blocksize);
- memset(outblockdata, 0, blocksize);
-
- free(outblockdata);
- free(inblockdata);
-
- return(0);
+cleanup:
+ zapfree(inblockdata, blocksize);
+ zapfree(outblockdata, blocksize);
+ return ret;
}
Modified: branches/enc-perf/src/lib/crypto/krb/crypto_length.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/crypto_length.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/crypto_length.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -29,25 +29,15 @@
#include "aead.h"
krb5_error_code KRB5_CALLCONV
-krb5_c_crypto_length(krb5_context context,
- krb5_enctype enctype,
- krb5_cryptotype type,
- unsigned int *size)
+krb5_c_crypto_length(krb5_context context, krb5_enctype enctype,
+ krb5_cryptotype type, unsigned int *size)
{
- int i;
- const struct krb5_keytypes *ktp = NULL;
+ const struct krb5_keytypes *ktp;
krb5_error_code ret;
- for (i = 0; i < krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype) {
- ktp = &krb5_enctypes_list[i];
- break;
- }
- }
-
- if (ktp == NULL || ktp->aead == NULL) {
+ ktp = find_enctype(enctype);
+ if (ktp == NULL || ktp->aead == NULL)
return KRB5_BAD_ENCTYPE;
- }
switch (type) {
case KRB5_CRYPTO_TYPE_EMPTY:
@@ -63,7 +53,8 @@
case KRB5_CRYPTO_TYPE_PADDING:
case KRB5_CRYPTO_TYPE_TRAILER:
case KRB5_CRYPTO_TYPE_CHECKSUM:
- ret = ktp->aead->crypto_length(ktp->aead, ktp->enc, ktp->hash, type, size);
+ ret = (*ktp->aead->crypto_length)(ktp->aead, ktp->enc, ktp->hash,
+ type, size);
break;
default:
ret = EINVAL;
@@ -74,55 +65,37 @@
}
krb5_error_code KRB5_CALLCONV
-krb5_c_padding_length(krb5_context context,
- krb5_enctype enctype,
- size_t data_length,
- unsigned int *pad_length)
+krb5_c_padding_length(krb5_context context, krb5_enctype enctype,
+ size_t data_length, unsigned int *pad_length)
{
- int i;
- const struct krb5_keytypes *ktp = NULL;
+ const struct krb5_keytypes *ktp;
- for (i = 0; i < krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype) {
- ktp = &krb5_enctypes_list[i];
- break;
- }
- }
-
- if (ktp == NULL || ktp->aead == NULL) {
+ ktp = find_enctype(enctype);
+ if (ktp == NULL || ktp->aead == NULL)
return KRB5_BAD_ENCTYPE;
- }
- return krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash, data_length, pad_length);
+ return krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash,
+ data_length, pad_length);
}
krb5_error_code KRB5_CALLCONV
-krb5_c_crypto_length_iov(krb5_context context,
- krb5_enctype enctype,
- krb5_crypto_iov *data,
- size_t num_data)
+krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype,
+ krb5_crypto_iov *data, size_t num_data)
{
krb5_error_code ret = 0;
size_t i;
- const struct krb5_keytypes *ktp = NULL;
+ const struct krb5_keytypes *ktp;
unsigned int data_length = 0, pad_length;
krb5_crypto_iov *padding = NULL;
/*
* XXX need to rejig internal interface so we can accurately
- * report variable header lengths
+ * report variable header lengths.
*/
- for (i = 0; i < (size_t)krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype) {
- ktp = &krb5_enctypes_list[i];
- break;
- }
- }
-
- if (ktp == NULL || ktp->aead == NULL) {
+ ktp = find_enctype(enctype);
+ if (ktp == NULL || ktp->aead == NULL)
return KRB5_BAD_ENCTYPE;
- }
for (i = 0; i < num_data; i++) {
krb5_crypto_iov *iov = &data[i];
@@ -140,7 +113,8 @@
case KRB5_CRYPTO_TYPE_HEADER:
case KRB5_CRYPTO_TYPE_TRAILER:
case KRB5_CRYPTO_TYPE_CHECKSUM:
- ret = ktp->aead->crypto_length(ktp->aead, ktp->enc, ktp->hash, iov->flags, &iov->data.length);
+ ret = (*ktp->aead->crypto_length)(ktp->aead, ktp->enc, ktp->hash,
+ iov->flags, &iov->data.length);
break;
case KRB5_CRYPTO_TYPE_EMPTY:
case KRB5_CRYPTO_TYPE_SIGN_ONLY:
@@ -155,7 +129,8 @@
if (ret != 0)
return ret;
- ret = krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash, data_length, &pad_length);
+ ret = krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash,
+ data_length, &pad_length);
if (ret != 0)
return ret;
Modified: branches/enc-perf/src/lib/crypto/krb/decrypt.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/decrypt.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/decrypt.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -33,35 +33,23 @@
krb5_keyusage usage, const krb5_data *ivec,
const krb5_enc_data *input, krb5_data *output)
{
- int i;
+ const struct krb5_keytypes *ktp;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == key->enctype)
- break;
- }
+ ktp = find_enctype(key->enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
- if (i == krb5_enctypes_length) {
- krb5int_set_error(&context->err, KRB5_BAD_ENCTYPE,
- "Bad encryption type (type %d unknown)",
- key->enctype);
- return(KRB5_BAD_ENCTYPE);
- }
+ if (input->enctype != ENCTYPE_UNKNOWN && ktp->etype != input->enctype)
+ return KRB5_BAD_ENCTYPE;
- if ((input->enctype != ENCTYPE_UNKNOWN) &&
- (krb5_enctypes_list[i].etype != input->enctype))
- return(KRB5_BAD_ENCTYPE);
+ if (ktp->decrypt == NULL) {
+ assert(ktp->aead != NULL);
- if (krb5_enctypes_list[i].decrypt == NULL) {
- assert(krb5_enctypes_list[i].aead != NULL);
-
- return krb5int_c_decrypt_aead_compat(krb5_enctypes_list[i].aead,
- krb5_enctypes_list[i].enc,
- krb5_enctypes_list[i].hash,
+ return krb5int_c_decrypt_aead_compat(ktp->aead, ktp->enc, ktp->hash,
key, usage, ivec,
&input->ciphertext, output);
}
- return((*(krb5_enctypes_list[i].decrypt))
- (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash,
- key, usage, ivec, &input->ciphertext, output));
+ return (*ktp->decrypt)(ktp->enc, ktp->hash, key, usage, ivec,
+ &input->ciphertext, output);
}
Modified: branches/enc-perf/src/lib/crypto/krb/decrypt_iov.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/decrypt_iov.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/decrypt_iov.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -36,26 +36,20 @@
krb5_crypto_iov *data,
size_t num_data)
{
- int i;
- const struct krb5_keytypes *ktp = NULL;
+ const struct krb5_keytypes *ktp;
- for (i = 0; i < krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == key->enctype) {
- ktp = &krb5_enctypes_list[i];
- break;
- }
- }
-
- if (ktp == NULL || ktp->aead == NULL) {
+ ktp = find_enctype(key->enctype);
+ if (ktp == NULL || ktp->aead == NULL)
return KRB5_BAD_ENCTYPE;
- }
- if (krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM) != NULL) {
+ if (krb5int_c_locate_iov(data, num_data,
+ KRB5_CRYPTO_TYPE_STREAM) != NULL) {
return krb5int_c_iov_decrypt_stream(ktp->aead, ktp->enc, ktp->hash,
- key, usage, cipher_state, data, num_data);
+ key, usage, cipher_state, data,
+ num_data);
}
- return ktp->aead->decrypt_iov(ktp->aead, ktp->enc, ktp->hash,
- key, usage, cipher_state, data, num_data);
+ return (*ktp->aead->decrypt_iov)(ktp->aead, ktp->enc, ktp->hash, key,
+ usage, cipher_state, data, num_data);
}
Modified: branches/enc-perf/src/lib/crypto/krb/dk/checksum.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/dk/checksum.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/dk/checksum.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -36,41 +36,35 @@
const krb5_keyblock *key, krb5_keyusage usage,
const krb5_data *input, krb5_data *output)
{
- int i;
+ const struct krb5_keytypes *ktp;
const struct krb5_enc_provider *enc;
- size_t blocksize, keybytes, keylength;
+ size_t keylength;
krb5_error_code ret;
unsigned char constantdata[K5CLENGTH];
krb5_data datain;
unsigned char *kcdata;
krb5_keyblock kc;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == key->enctype)
- break;
- }
+ ktp = find_enctype(key->enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ enc = ktp->enc;
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
+ /*
+ * key->length will be tested in enc->encrypt.
+ * output->length will be tested in krb5_hmac.
+ */
- enc = krb5_enctypes_list[i].enc;
-
- /* allocate and set to-be-derived keys */
-
- blocksize = enc->block_size;
- keybytes = enc->keybytes;
+ /* Allocate and set to-be-derived keys. */
keylength = enc->keylength;
+ kcdata = malloc(keylength);
+ if (kcdata == NULL)
+ return ENOMEM;
- /* key->length will be tested in enc->encrypt
- output->length will be tested in krb5_hmac */
-
- if ((kcdata = (unsigned char *) malloc(keylength)) == NULL)
- return(ENOMEM);
-
kc.contents = kcdata;
kc.length = keylength;
- /* derive the key */
+ /* Derive the key. */
datain.data = (char *) constantdata;
datain.length = K5CLENGTH;
@@ -79,24 +73,21 @@
datain.data[4] = (char) 0x99;
- if ((ret = krb5_derive_key(enc, key, &kc, &datain)) != 0)
+ ret = krb5_derive_key(enc, key, &kc, &datain);
+ if (ret)
goto cleanup;
/* hash the data */
datain = *input;
- if ((ret = krb5_hmac(hash, &kc, 1, &datain, output)) != 0)
+ ret = krb5_hmac(hash, &kc, 1, &datain, output);
+ if (ret)
memset(output->data, 0, output->length);
- /* ret is set correctly by the prior call */
-
cleanup:
- memset(kcdata, 0, keylength);
-
- free(kcdata);
-
- return(ret);
+ zapfree(kcdata, keylength);
+ return ret;
}
krb5_error_code
@@ -105,41 +96,36 @@
const krb5_crypto_iov *data, size_t num_data,
krb5_data *output)
{
- int i;
+ const struct krb5_keytypes *ktp;
const struct krb5_enc_provider *enc;
- size_t blocksize, keybytes, keylength;
+ size_t keylength;
krb5_error_code ret;
unsigned char constantdata[K5CLENGTH];
krb5_data datain;
unsigned char *kcdata;
krb5_keyblock kc;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == key->enctype)
- break;
- }
+ ktp = find_enctype(key->enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ enc = ktp->enc;
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
+ /*
+ * key->length will be tested in enc->encrypt.
+ * output->length will be tested in krb5_hmac.
+ */
- enc = krb5_enctypes_list[i].enc;
+ /* Allocate and set to-be-derived keys. */
- /* allocate and set to-be-derived keys */
-
- blocksize = enc->block_size;
- keybytes = enc->keybytes;
keylength = enc->keylength;
+ kcdata = malloc(keylength);
+ if (kcdata == NULL)
+ return ENOMEM;
- /* key->length will be tested in enc->encrypt
- output->length will be tested in krb5_hmac */
-
- if ((kcdata = (unsigned char *) malloc(keylength)) == NULL)
- return(ENOMEM);
-
kc.contents = kcdata;
kc.length = keylength;
- /* derive the key */
+ /* Derive the key. */
datain.data = (char *) constantdata;
datain.length = K5CLENGTH;
@@ -148,21 +134,19 @@
datain.data[4] = (char) 0x99;
- if ((ret = krb5_derive_key(enc, key, &kc, &datain)) != 0)
+ ret = krb5_derive_key(enc, key, &kc, &datain);
+ if (ret)
goto cleanup;
- /* hash the data */
+ /* Hash the data. */
- if ((ret = krb5int_hmac_iov(hash, &kc, data, num_data, output)) != 0)
+ ret = krb5int_hmac_iov(hash, &kc, data, num_data, output);
+ if (ret)
memset(output->data, 0, output->length);
- /* ret is set correctly by the prior call */
-
cleanup:
- memset(kcdata, 0, keylength);
+ zapfree(kcdata, keylength);
- free(kcdata);
-
return(ret);
}
Modified: branches/enc-perf/src/lib/crypto/krb/dk/derive.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/dk/derive.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/dk/derive.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -32,41 +32,35 @@
const krb5_keyblock *inkey, krb5_keyblock *outkey,
const krb5_data *in_constant)
{
- size_t blocksize, keybytes, keylength, n;
- unsigned char *inblockdata, *outblockdata, *rawkey;
+ size_t blocksize, keybytes, n;
+ unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL;
krb5_data inblock, outblock;
+ krb5_error_code ret;
blocksize = enc->block_size;
keybytes = enc->keybytes;
- keylength = enc->keylength;
- if ((inkey->length != keylength) ||
- (outkey->length != keylength))
- return(KRB5_CRYPTO_INTERNAL);
+ if (inkey->length != enc->keylength || outkey->length != enc->keylength)
+ return KRB5_CRYPTO_INTERNAL;
- /* allocate and set up buffers */
+ /* Allocate and set up buffers. */
+ inblockdata = k5alloc(blocksize, &ret);
+ if (ret)
+ goto cleanup;
+ outblockdata = k5alloc(blocksize, &ret);
+ if (ret)
+ goto cleanup;
+ rawkey = k5alloc(keybytes, &ret);
+ if (ret)
+ goto cleanup;
- if ((inblockdata = (unsigned char *) malloc(blocksize)) == NULL)
- return(ENOMEM);
-
- if ((outblockdata = (unsigned char *) malloc(blocksize)) == NULL) {
- free(inblockdata);
- return(ENOMEM);
- }
-
- if ((rawkey = (unsigned char *) malloc(keybytes)) == NULL) {
- free(outblockdata);
- free(inblockdata);
- return(ENOMEM);
- }
-
inblock.data = (char *) inblockdata;
inblock.length = blocksize;
outblock.data = (char *) outblockdata;
outblock.length = blocksize;
- /* initialize the input block */
+ /* Initialize the input block. */
if (in_constant->length == inblock.length) {
memcpy(inblock.data, in_constant->data, inblock.length);
@@ -75,14 +69,16 @@
inblock.length*8, (unsigned char *) inblock.data);
}
- /* loop encrypting the blocks until enough key bytes are generated */
+ /* Loop encrypting the blocks until enough key bytes are generated */
n = 0;
while (n < keybytes) {
- (*(enc->encrypt))(inkey, 0, &inblock, &outblock);
+ ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
+ if (ret)
+ goto cleanup;
if ((keybytes - n) <= outblock.length) {
- memcpy(rawkey+n, outblock.data, (keybytes - n));
+ memcpy(rawkey + n, outblock.data, (keybytes - n));
break;
}
@@ -96,19 +92,15 @@
inblock.data = (char *) rawkey;
inblock.length = keybytes;
- (*(enc->make_key))(&inblock, outkey);
+ ret = (*enc->make_key)(&inblock, outkey);
+ if (ret)
+ goto cleanup;
- /* clean memory, free resources and exit */
-
- memset(inblockdata, 0, blocksize);
- memset(outblockdata, 0, blocksize);
- memset(rawkey, 0, keybytes);
-
- free(rawkey);
- free(outblockdata);
- free(inblockdata);
-
- return(0);
+cleanup:
+ zapfree(inblockdata, blocksize);
+ zapfree(outblockdata, blocksize);
+ zapfree(rawkey, keybytes);
+ return ret;
}
@@ -117,42 +109,36 @@
const krb5_keyblock *inkey, krb5_data *outrnd,
const krb5_data *in_constant)
{
- size_t blocksize, keybytes, keylength, n;
- unsigned char *inblockdata, *outblockdata, *rawkey;
+ size_t blocksize, keybytes, n;
+ unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL;
krb5_data inblock, outblock;
+ krb5_error_code ret;
blocksize = enc->block_size;
keybytes = enc->keybytes;
- keylength = enc->keylength;
- if ((inkey->length != keylength) ||
- (outrnd->length != keybytes))
- return(KRB5_CRYPTO_INTERNAL);
+ if (inkey->length != enc->keylength || outrnd->length != keybytes)
+ return KRB5_CRYPTO_INTERNAL;
- /* allocate and set up buffers */
+ /* Allocate and set up buffers. */
- if ((inblockdata = (unsigned char *) malloc(blocksize)) == NULL)
- return(ENOMEM);
+ inblockdata = k5alloc(blocksize, &ret);
+ if (ret)
+ goto cleanup;
+ outblockdata = k5alloc(blocksize, &ret);
+ if (ret)
+ goto cleanup;
+ rawkey = k5alloc(keybytes, &ret);
+ if (ret)
+ goto cleanup;
- if ((outblockdata = (unsigned char *) malloc(blocksize)) == NULL) {
- free(inblockdata);
- return(ENOMEM);
- }
-
- if ((rawkey = (unsigned char *) malloc(keybytes)) == NULL) {
- free(outblockdata);
- free(inblockdata);
- return(ENOMEM);
- }
-
inblock.data = (char *) inblockdata;
inblock.length = blocksize;
outblock.data = (char *) outblockdata;
outblock.length = blocksize;
- /* initialize the input block */
-
+ /* Initialize the input block. */
if (in_constant->length == inblock.length) {
memcpy(inblock.data, in_constant->data, inblock.length);
} else {
@@ -160,14 +146,15 @@
inblock.length*8, (unsigned char *) inblock.data);
}
- /* loop encrypting the blocks until enough key bytes are generated */
-
+ /* Loop encrypting the blocks until enough key bytes are generated. */
n = 0;
while (n < keybytes) {
- (*(enc->encrypt))(inkey, 0, &inblock, &outblock);
+ ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
+ if (ret)
+ goto cleanup;
if ((keybytes - n) <= outblock.length) {
- memcpy(rawkey+n, outblock.data, (keybytes - n));
+ memcpy(rawkey + n, outblock.data, (keybytes - n));
break;
}
@@ -176,42 +163,12 @@
n += outblock.length;
}
- /* postprocess the key */
+ /* Postprocess the key. */
+ memcpy(outrnd->data, rawkey, keybytes);
- memcpy (outrnd->data, rawkey, keybytes);
-
- /* clean memory, free resources and exit */
-
- memset(inblockdata, 0, blocksize);
- memset(outblockdata, 0, blocksize);
- memset(rawkey, 0, keybytes);
-
- free(rawkey);
- free(outblockdata);
- free(inblockdata);
-
- return(0);
+cleanup:
+ zapfree(inblockdata, blocksize);
+ zapfree(outblockdata, blocksize);
+ zapfree(rawkey, keybytes);
+ return ret;
}
-
-#if 0
-#include "etypes.h"
-void
-krb5_random2key (krb5_enctype enctype, krb5_data *inblock,
- krb5_keyblock *outkey)
-{
- int i;
- const struct krb5_enc_provider *enc;
-
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype)
- break;
- }
-
- if (i == krb5_enctypes_length)
- abort ();
-
- enc = krb5_enctypes_list[i].enc;
-
- enc->make_key (inblock, outkey);
-}
-#endif
Modified: branches/enc-perf/src/lib/crypto/krb/dk/dk.h
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/dk/dk.h 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/dk/dk.h 2009-10-03 21:02:44 UTC (rev 22842)
@@ -26,64 +26,64 @@
#include "k5-int.h"
-void krb5_dk_encrypt_length
-(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- size_t input, size_t *length);
+void krb5_dk_encrypt_length(const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ size_t input, size_t *length);
-krb5_error_code krb5_dk_encrypt
-(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *ivec,
- const krb5_data *input, krb5_data *output);
+krb5_error_code krb5_dk_encrypt(const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key, krb5_keyusage usage,
+ const krb5_data *ivec,
+ const krb5_data *input, krb5_data *output);
-void krb5int_aes_encrypt_length
-(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- size_t input, size_t *length);
+void krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ size_t input, size_t *length);
-krb5_error_code krb5int_aes_dk_encrypt
-(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *ivec,
- const krb5_data *input, krb5_data *output);
+krb5_error_code krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ const krb5_data *input,
+ krb5_data *output);
-krb5_error_code krb5_dk_decrypt
-(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *arg_output);
+krb5_error_code krb5_dk_decrypt(const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key, krb5_keyusage usage,
+ const krb5_data *ivec, const krb5_data *input,
+ krb5_data *arg_output);
-krb5_error_code krb5int_aes_dk_decrypt
-(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *arg_output);
+krb5_error_code krb5int_aes_dk_decrypt(const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ const krb5_data *input,
+ krb5_data *arg_output);
-krb5_error_code krb5int_dk_string_to_key
-(const struct krb5_enc_provider *enc,
- const krb5_data *string, const krb5_data *salt,
- const krb5_data *params, krb5_keyblock *key);
+krb5_error_code krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
+ const krb5_data *string,
+ const krb5_data *salt,
+ const krb5_data *params,
+ krb5_keyblock *key);
-krb5_error_code krb5_derive_key
-(const struct krb5_enc_provider *enc,
- const krb5_keyblock *inkey,
- krb5_keyblock *outkey, const krb5_data *in_constant);
+krb5_error_code krb5_derive_key(const struct krb5_enc_provider *enc,
+ const krb5_keyblock *inkey,
+ krb5_keyblock *outkey,
+ const krb5_data *in_constant);
-krb5_error_code krb5_dk_make_checksum
-(const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *input, krb5_data *output);
+krb5_error_code krb5_dk_make_checksum(const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key,
+ krb5_keyusage usage,
+ const krb5_data *input,
+ krb5_data *output);
krb5_error_code
krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_data *output);
+ const krb5_keyblock *key, krb5_keyusage usage,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output);
krb5_error_code
krb5_derive_random(const struct krb5_enc_provider *enc,
@@ -94,26 +94,3 @@
extern const struct krb5_aead_provider krb5int_aead_dk;
extern const struct krb5_aead_provider krb5int_aead_aes;
-
-/* CCM */
-
-void
-krb5int_ccm_encrypt_length(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- size_t inputlen, size_t *length);
-
-extern const struct krb5_aead_provider krb5int_aead_ccm;
-
-krb5_error_code krb5int_ccm_encrypt
-(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *arg_output);
-
-krb5_error_code krb5int_ccm_decrypt
-(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, krb5_keyusage usage,
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *arg_output);
Modified: branches/enc-perf/src/lib/crypto/krb/dk/dk_aead.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/dk/dk_aead.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/dk/dk_aead.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -8,7 +8,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -84,11 +84,13 @@
/* E(Confounder | Plaintext | Pad) | Checksum */
- ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize);
+ ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
+ &blocksize);
if (ret != 0)
return ret;
- ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, &hmacsize);
+ ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
+ &hmacsize);
if (ret != 0)
return ret;
@@ -110,7 +112,7 @@
return KRB5_BAD_MSIZE;
if (blocksize != 0) {
- /* Check that the input data is correctly padded */
+ /* Check that the input data is correctly padded. */
if (plainlen % blocksize)
padsize = blocksize - (plainlen % blocksize);
}
@@ -125,24 +127,18 @@
}
ke.length = enc->keylength;
- ke.contents = malloc(ke.length);
- if (ke.contents == NULL) {
- ret = ENOMEM;
+ ke.contents = k5alloc(ke.length, &ret);
+ if (ret != 0)
goto cleanup;
- }
ki.length = enc->keylength;
- ki.contents = malloc(ki.length);
- if (ki.contents == NULL) {
- ret = ENOMEM;
+ ki.contents = k5alloc(ki.length, &ret);
+ if (ret != 0)
goto cleanup;
- }
- cksum = (unsigned char *)malloc(hash->hashsize);
- if (cksum == NULL) {
- ret = ENOMEM;
+ cksum = k5alloc(hash->hashsize, &ret);
+ if (ret != 0)
goto cleanup;
- }
- /* derive the keys */
+ /* Derive the keys. */
d1.data = (char *)constantdata;
d1.length = K5CLENGTH;
@@ -161,7 +157,7 @@
if (ret != 0)
goto cleanup;
- /* generate confounder */
+ /* Generate confounder. */
header->data.length = enc->block_size;
@@ -169,7 +165,7 @@
if (ret != 0)
goto cleanup;
- /* hash the plaintext */
+ /* Hash the plaintext. */
d2.length = hash->hashsize;
d2.data = (char *)cksum;
@@ -177,32 +173,23 @@
if (ret != 0)
goto cleanup;
- /* encrypt the plaintext (header | data | padding) */
+ /* Encrypt the plaintext (header | data | padding) */
assert(enc->encrypt_iov != NULL);
- ret = enc->encrypt_iov(&ke, ivec, data, num_data); /* will update ivec */
+ ret = (*enc->encrypt_iov)(&ke, ivec, data, num_data); /* updates ivec */
if (ret != 0)
goto cleanup;
- /* possibly truncate the hash */
+ /* Possibly truncate the hash */
assert(hmacsize <= d2.length);
memcpy(trailer->data.data, cksum, hmacsize);
trailer->data.length = hmacsize;
cleanup:
- if (ke.contents != NULL) {
- memset(ke.contents, 0, ke.length);
- free(ke.contents);
- }
- if (ki.contents != NULL) {
- memset(ki.contents, 0, ki.length);
- free(ki.contents);
- }
- if (cksum != NULL) {
- free(cksum);
- }
-
+ zapfree(ke.contents, ke.length);
+ zapfree(ki.contents, ki.length);
+ free(cksum);
return ret;
}
@@ -222,12 +209,13 @@
krb5_crypto_iov *header, *trailer;
krb5_keyblock ke, ki;
size_t i;
- unsigned int blocksize = 0; /* careful, this is enc block size not confounder len */
+ unsigned int blocksize = 0; /* enc block size, not confounder len */
unsigned int cipherlen = 0;
unsigned int hmacsize = 0;
unsigned char *cksum = NULL;
- if (krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM) != NULL) {
+ if (krb5int_c_locate_iov(data, num_data,
+ KRB5_CRYPTO_TYPE_STREAM) != NULL) {
return krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
usage, ivec, data, num_data);
}
@@ -237,11 +225,13 @@
/* E(Confounder | Plaintext | Pad) | Checksum */
- ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize);
+ ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
+ &blocksize);
if (ret != 0)
return ret;
- ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, &hmacsize);
+ ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
+ &hmacsize);
if (ret != 0)
return ret;
@@ -273,24 +263,18 @@
return KRB5_BAD_MSIZE;
ke.length = enc->keylength;
- ke.contents = malloc(ke.length);
- if (ke.contents == NULL) {
- ret = ENOMEM;
+ ke.contents = k5alloc(ke.length, &ret);
+ if (ret != 0)
goto cleanup;
- }
ki.length = enc->keylength;
- ki.contents = malloc(ki.length);
- if (ki.contents == NULL) {
- ret = ENOMEM;
+ ki.contents = k5alloc(ki.length, &ret);
+ if (ret != 0)
goto cleanup;
- }
- cksum = (unsigned char *)malloc(hash->hashsize);
- if (cksum == NULL) {
- ret = ENOMEM;
+ cksum = k5alloc(hash->hashsize, &ret);
+ if (ret != 0)
goto cleanup;
- }
- /* derive the keys */
+ /* Derive the keys. */
d1.data = (char *)constantdata;
d1.length = K5CLENGTH;
@@ -309,14 +293,14 @@
if (ret != 0)
goto cleanup;
- /* decrypt the plaintext (header | data | padding) */
+ /* Decrypt the plaintext (header | data | padding). */
assert(enc->decrypt_iov != NULL);
- ret = enc->decrypt_iov(&ke, ivec, data, num_data); /* will update ivec */
+ ret = (*enc->decrypt_iov)(&ke, ivec, data, num_data); /* updates ivec */
if (ret != 0)
goto cleanup;
- /* verify the hash */
+ /* Verify the hash. */
d1.length = hash->hashsize; /* non-truncated length */
d1.data = (char *)cksum;
@@ -324,24 +308,16 @@
if (ret != 0)
goto cleanup;
- /* compare only the possibly truncated length */
+ /* Compare only the possibly truncated length. */
if (memcmp(cksum, trailer->data.data, hmacsize) != 0) {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto cleanup;
}
cleanup:
- if (ke.contents != NULL) {
- memset(ke.contents, 0, ke.length);
- free(ke.contents);
- }
- if (ki.contents != NULL) {
- memset(ki.contents, 0, ki.length);
- free(ki.contents);
- }
- if (cksum != NULL) {
- free(cksum);
- }
+ zapfree(ke.contents, ke.length);
+ zapfree(ki.contents, ki.length);
+ free(cksum);
return ret;
}
@@ -383,4 +359,3 @@
krb5int_dk_encrypt_iov,
krb5int_dk_decrypt_iov
};
-
Modified: branches/enc-perf/src/lib/crypto/krb/dk/dk_decrypt.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/dk/dk_decrypt.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/dk/dk_decrypt.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -71,17 +71,15 @@
int ivec_mode)
{
krb5_error_code ret;
- size_t hashsize, blocksize, keybytes, keylength, enclen, plainlen;
- unsigned char *plaindata, *kedata, *kidata, *cksum, *cn;
+ size_t hashsize, blocksize, keylength, enclen, plainlen;
+ unsigned char *plaindata = NULL, *kedata = NULL, *kidata = NULL;
+ unsigned char *cksum = NULL, *cn;
krb5_keyblock ke, ki;
krb5_data d1, d2;
unsigned char constantdata[K5CLENGTH];
- /* allocate and set up ciphertext and to-be-derived keys */
-
hashsize = hash->hashsize;
blocksize = enc->block_size;
- keybytes = enc->keybytes;
keylength = enc->keylength;
if (hmacsize == 0)
@@ -91,30 +89,26 @@
enclen = input->length - hmacsize;
- if ((kedata = (unsigned char *) malloc(keylength)) == NULL)
- return(ENOMEM);
- if ((kidata = (unsigned char *) malloc(keylength)) == NULL) {
- free(kedata);
- return(ENOMEM);
- }
- if ((plaindata = (unsigned char *) malloc(enclen)) == NULL) {
- free(kidata);
- free(kedata);
- return(ENOMEM);
- }
- if ((cksum = (unsigned char *) malloc(hashsize)) == NULL) {
- free(plaindata);
- free(kidata);
- free(kedata);
- return(ENOMEM);
- }
+ /* Allocate and set up ciphertext and to-be-derived keys. */
+ kedata = k5alloc(keylength, &ret);
+ if (ret != 0)
+ goto cleanup;
+ kidata = k5alloc(keylength, &ret);
+ if (ret != 0)
+ goto cleanup;
+ plaindata = k5alloc(enclen, &ret);
+ if (ret != 0)
+ goto cleanup;
+ cksum = k5alloc(hashsize, &ret);
+ if (ret != 0)
+ goto cleanup;
ke.contents = kedata;
ke.length = keylength;
ki.contents = kidata;
ki.length = keylength;
- /* derive the keys */
+ /* Derive the keys. */
d1.data = (char *) constantdata;
d1.length = K5CLENGTH;
@@ -123,12 +117,14 @@
d1.data[4] = (char) 0xAA;
- if ((ret = krb5_derive_key(enc, key, &ke, &d1)) != 0)
+ ret = krb5_derive_key(enc, key, &ke, &d1);
+ if (ret != 0)
goto cleanup;
d1.data[4] = 0x55;
- if ((ret = krb5_derive_key(enc, key, &ki, &d1)) != 0)
+ ret = krb5_derive_key(enc, key, &ki, &d1);
+ if (ret != 0)
goto cleanup;
/* decrypt the ciphertext */
@@ -139,7 +135,8 @@
d2.length = enclen;
d2.data = (char *) plaindata;
- if ((ret = ((*(enc->decrypt))(&ke, ivec, &d1, &d2))) != 0)
+ ret = (*enc->decrypt)(&ke, ivec, &d1, &d2);
+ if (ret != 0)
goto cleanup;
if (ivec != NULL && ivec->length == blocksize) {
@@ -147,18 +144,19 @@
cn = (unsigned char *) d1.data + d1.length - blocksize;
else if (ivec_mode == 1) {
int nblocks = (d1.length + blocksize - 1) / blocksize;
- cn = d1.data + blocksize * (nblocks - 2);
+ cn = (unsigned char *) d1.data + blocksize * (nblocks - 2);
} else
abort();
} else
cn = NULL;
- /* verify the hash */
+ /* Verify the hash. */
d1.length = hashsize;
d1.data = (char *) cksum;
- if ((ret = krb5_hmac(hash, &ki, 1, &d2, &d1)) != 0)
+ ret = krb5_hmac(hash, &ki, 1, &d2, &d1);
+ if (ret != 0)
goto cleanup;
if (memcmp(cksum, input->data+enclen, hmacsize) != 0) {
@@ -166,14 +164,16 @@
goto cleanup;
}
- /* because this encoding isn't self-describing wrt length, the
- best we can do here is to compute the length minus the
- confounder. */
+ /*
+ * Because this encoding isn't self-describing wrt length, the
+ * best we can do here is to compute the length minus the
+ * confounder.
+ */
plainlen = enclen - blocksize;
if (output->length < plainlen)
- return(KRB5_BAD_MSIZE);
+ return KRB5_BAD_MSIZE;
output->length = plainlen;
@@ -182,19 +182,10 @@
if (cn != NULL)
memcpy(ivec->data, cn, blocksize);
- ret = 0;
-
cleanup:
- memset(kedata, 0, keylength);
- memset(kidata, 0, keylength);
- memset(plaindata, 0, enclen);
- memset(cksum, 0, hashsize);
-
- free(cksum);
- free(plaindata);
- free(kidata);
- free(kedata);
-
- return(ret);
+ zapfree(kedata, keylength);
+ zapfree(kidata, keylength);
+ zapfree(plaindata, enclen);
+ zapfree(cksum, hashsize);
+ return ret;
}
-
Modified: branches/enc-perf/src/lib/crypto/krb/dk/dk_encrypt.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/dk/dk_encrypt.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/dk/dk_encrypt.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -29,12 +29,14 @@
#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
-/* the spec says that the confounder size and padding are specific to
- the encryption algorithm. This code (dk_encrypt_length and
- dk_encrypt) assume the confounder is always the blocksize, and the
- padding is always zero bytes up to the blocksize. If these
- assumptions ever fails, the keytype table should be extended to
- include these bits of info. */
+/*
+ * The spec says that the confounder size and padding are specific to
+ * the encryption algorithm. This code (dk_encrypt_length and
+ * dk_encrypt) assume the confounder is always the blocksize, and the
+ * padding is always zero bytes up to the blocksize. If these
+ * assumptions ever fails, the keytype table should be extended to
+ * include these bits of info.
+ */
void
krb5_dk_encrypt_length(const struct krb5_enc_provider *enc,
@@ -45,7 +47,7 @@
blocksize = enc->block_size;
hashsize = hash->hashsize;
- *length = krb5_roundup(blocksize+inputlen, blocksize) + hashsize;
+ *length = krb5_roundup(blocksize + inputlen, blocksize) + hashsize;
}
krb5_error_code
@@ -55,46 +57,43 @@
const krb5_data *ivec, const krb5_data *input,
krb5_data *output)
{
- size_t blocksize, keybytes, keylength, plainlen, enclen;
+ size_t blocksize, keylength, plainlen, enclen;
krb5_error_code ret;
unsigned char constantdata[K5CLENGTH];
krb5_data d1, d2;
- unsigned char *plaintext, *kedata, *kidata;
+ unsigned char *plaintext = NULL, *kedata = NULL, *kidata = NULL;
char *cn;
krb5_keyblock ke, ki;
- /* allocate and set up plaintext and to-be-derived keys */
-
blocksize = enc->block_size;
- keybytes = enc->keybytes;
keylength = enc->keylength;
- plainlen = krb5_roundup(blocksize+input->length, blocksize);
+ plainlen = krb5_roundup(blocksize + input->length, blocksize);
krb5_dk_encrypt_length(enc, hash, input->length, &enclen);
- /* key->length, ivec will be tested in enc->encrypt */
+ /* key->length, ivec will be tested in enc->encrypt. */
if (output->length < enclen)
return(KRB5_BAD_MSIZE);
- if ((kedata = (unsigned char *) malloc(keylength)) == NULL)
- return(ENOMEM);
- if ((kidata = (unsigned char *) malloc(keylength)) == NULL) {
- free(kedata);
- return(ENOMEM);
- }
- if ((plaintext = (unsigned char *) malloc(plainlen)) == NULL) {
- free(kidata);
- free(kedata);
- return(ENOMEM);
- }
+ /* Allocate and set up plaintext and to-be-derived keys. */
+ kedata = k5alloc(keylength, &ret);
+ if (ret != 0)
+ goto cleanup;
+ kidata = k5alloc(keylength, &ret);
+ if (ret != 0)
+ goto cleanup;
+ plaintext = k5alloc(plainlen, &ret);
+ if (ret != 0)
+ goto cleanup;
+
ke.contents = kedata;
ke.length = keylength;
ki.contents = kidata;
ki.length = keylength;
- /* derive the keys */
+ /* Derive the keys. */
d1.data = (char *) constantdata;
d1.length = K5CLENGTH;
@@ -103,28 +102,31 @@
d1.data[4] = (char) 0xAA;
- if ((ret = krb5_derive_key(enc, key, &ke, &d1)))
+ ret = krb5_derive_key(enc, key, &ke, &d1);
+ if (ret != 0)
goto cleanup;
d1.data[4] = 0x55;
- if ((ret = krb5_derive_key(enc, key, &ki, &d1)))
+ ret = krb5_derive_key(enc, key, &ki, &d1);
+ if (ret != 0)
goto cleanup;
- /* put together the plaintext */
+ /* Put together the plaintext. */
d1.length = blocksize;
d1.data = (char *) plaintext;
- if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &d1)))
+ ret = krb5_c_random_make_octets(/* XXX */ 0, &d1);
+ if (ret != 0)
goto cleanup;
- memcpy(plaintext+blocksize, input->data, input->length);
+ memcpy(plaintext + blocksize, input->data, input->length);
- memset(plaintext+blocksize+input->length, 0,
- plainlen - (blocksize+input->length));
+ memset(plaintext + blocksize + input->length, 0,
+ plainlen - (blocksize + input->length));
- /* encrypt the plaintext */
+ /* Encrypt the plaintext. */
d1.length = plainlen;
d1.data = (char *) plaintext;
@@ -132,7 +134,8 @@
d2.length = plainlen;
d2.data = output->data;
- if ((ret = ((*(enc->encrypt))(&ke, ivec, &d1, &d2))))
+ ret = (*enc->encrypt)(&ke, ivec, &d1, &d2);
+ if (ret != 0)
goto cleanup;
if (ivec != NULL && ivec->length == blocksize)
@@ -140,34 +143,28 @@
else
cn = NULL;
- /* hash the plaintext */
+ /* Hash the plaintext. */
d2.length = enclen - plainlen;
d2.data = output->data+plainlen;
output->length = enclen;
- if ((ret = krb5_hmac(hash, &ki, 1, &d1, &d2))) {
+ ret = krb5_hmac(hash, &ki, 1, &d1, &d2);
+ if (ret != 0) {
memset(d2.data, 0, d2.length);
goto cleanup;
}
- /* update ivec */
+ /* Update ivec. */
if (cn != NULL)
memcpy(ivec->data, cn, blocksize);
- /* ret is set correctly by the prior call */
-
cleanup:
- memset(kedata, 0, keylength);
- memset(kidata, 0, keylength);
- memset(plaintext, 0, plainlen);
-
- free(plaintext);
- free(kidata);
- free(kedata);
-
- return(ret);
+ zapfree(kedata, keylength);
+ zapfree(kidata, keylength);
+ zapfree(plaintext, plainlen);
+ return ret;
}
/* Not necessarily "AES", per se, but "a CBC+CTS mode block cipher
@@ -222,7 +219,7 @@
krb5_error_code ret;
unsigned char constantdata[K5CLENGTH];
krb5_data d1, d2;
- unsigned char *plaintext, *kedata, *kidata;
+ unsigned char *plaintext = NULL, *kedata = NULL, *kidata = NULL;
char *cn;
krb5_keyblock ke, ki;
@@ -238,26 +235,24 @@
/* key->length, ivec will be tested in enc->encrypt */
if (output->length < enclen)
- return(KRB5_BAD_MSIZE);
+ return KRB5_BAD_MSIZE;
- if ((kedata = (unsigned char *) malloc(keylength)) == NULL)
- return(ENOMEM);
- if ((kidata = (unsigned char *) malloc(keylength)) == NULL) {
- free(kedata);
- return(ENOMEM);
- }
- if ((plaintext = (unsigned char *) malloc(plainlen)) == NULL) {
- free(kidata);
- free(kedata);
- return(ENOMEM);
- }
+ kedata = k5alloc(keylength, &ret);
+ if (ret != 0)
+ goto cleanup;
+ kidata = k5alloc(keylength, &ret);
+ if (ret != 0)
+ goto cleanup;
+ plaintext = k5alloc(plainlen, &ret);
+ if (ret != 0)
+ goto cleanup;
ke.contents = kedata;
ke.length = keylength;
ki.contents = kidata;
ki.length = keylength;
- /* derive the keys */
+ /* Derive the keys. */
d1.data = (char *) constantdata;
d1.length = K5CLENGTH;
@@ -266,12 +261,14 @@
d1.data[4] = (char) 0xAA;
- if ((ret = krb5_derive_key(enc, key, &ke, &d1)))
+ ret = krb5_derive_key(enc, key, &ke, &d1);
+ if (ret != 0)
goto cleanup;
d1.data[4] = 0x55;
- if ((ret = krb5_derive_key(enc, key, &ki, &d1)))
+ ret = krb5_derive_key(enc, key, &ki, &d1);
+ if (ret != 0)
goto cleanup;
/* put together the plaintext */
@@ -279,16 +276,17 @@
d1.length = blocksize;
d1.data = (char *) plaintext;
- if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &d1)))
+ ret = krb5_c_random_make_octets(NULL, &d1);
+ if (ret != 0)
goto cleanup;
- memcpy(plaintext+blocksize, input->data, input->length);
+ memcpy(plaintext + blocksize, input->data, input->length);
/* Ciphertext stealing; there should be no more. */
if (plainlen != blocksize + input->length)
abort();
- /* encrypt the plaintext */
+ /* Encrypt the plaintext. */
d1.length = plainlen;
d1.data = (char *) plaintext;
@@ -296,7 +294,8 @@
d2.length = plainlen;
d2.data = output->data;
- if ((ret = ((*(enc->encrypt))(&ke, ivec, &d1, &d2))))
+ ret = (*enc->encrypt)(&ke, ivec, &d1, &d2);
+ if (ret != 0)
goto cleanup;
if (ivec != NULL && ivec->length == blocksize) {
@@ -305,54 +304,29 @@
} else
cn = NULL;
- /* hash the plaintext */
+ /* Hash the plaintext. */
d2.length = enclen - plainlen;
d2.data = output->data+plainlen;
if (d2.length != 96 / 8)
abort();
- if ((ret = trunc_hmac(hash, &ki, 1, &d1, &d2))) {
+ ret = trunc_hmac(hash, &ki, 1, &d1, &d2);
+ if (ret != 0) {
memset(d2.data, 0, d2.length);
goto cleanup;
}
output->length = enclen;
- /* update ivec */
- if (cn != NULL) {
+ /* Update ivec. */
+ if (cn != NULL)
memcpy(ivec->data, cn, blocksize);
-#if 0
- {
- int i;
- printf("\n%s: output:", __func__);
- for (i = 0; i < output->length; i++) {
- if (i % 16 == 0)
- printf("\n%s: ", __func__);
- printf(" %02x", i[(unsigned char *)output->data]);
- }
- printf("\n%s: outputIV:", __func__);
- for (i = 0; i < ivec->length; i++) {
- if (i % 16 == 0)
- printf("\n%s: ", __func__);
- printf(" %02x", i[(unsigned char *)ivec->data]);
- }
- printf("\n"); fflush(stdout);
- }
-#endif
- }
- /* ret is set correctly by the prior call */
-
cleanup:
- memset(kedata, 0, keylength);
- memset(kidata, 0, keylength);
- memset(plaintext, 0, plainlen);
-
- free(plaintext);
- free(kidata);
- free(kedata);
-
- return(ret);
+ zapfree(kedata, keylength);
+ zapfree(kidata, keylength);
+ zapfree(plaintext, plainlen);
+ return ret;
}
Modified: branches/enc-perf/src/lib/crypto/krb/dk/stringtokey.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/dk/stringtokey.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/dk/stringtokey.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -36,34 +36,32 @@
{
krb5_error_code ret;
size_t keybytes, keylength, concatlen;
- unsigned char *concat, *foldstring, *foldkeydata;
+ unsigned char *concat = NULL, *foldstring = NULL, *foldkeydata = NULL;
krb5_data indata;
krb5_keyblock foldkey;
- /* key->length is checked by krb5_derive_key */
+ /* key->length is checked by krb5_derive_key. */
keybytes = enc->keybytes;
keylength = enc->keylength;
- concatlen = string->length+(salt?salt->length:0);
+ concatlen = string->length + (salt ? salt->length : 0);
- if ((concat = (unsigned char *) malloc(concatlen)) == NULL)
- return(ENOMEM);
- if ((foldstring = (unsigned char *) malloc(keybytes)) == NULL) {
- free(concat);
- return(ENOMEM);
- }
- if ((foldkeydata = (unsigned char *) malloc(keylength)) == NULL) {
- free(foldstring);
- free(concat);
- return(ENOMEM);
- }
+ concat = k5alloc(concatlen, &ret);
+ if (ret != 0)
+ goto cleanup;
+ foldstring = k5alloc(keybytes, &ret);
+ if (ret != 0)
+ goto cleanup;
+ foldkeydata = k5alloc(keylength, &ret);
+ if (ret != 0)
+ goto cleanup;
/* construct input string ( = string + salt), fold it, make_key it */
memcpy(concat, string->data, string->length);
if (salt)
- memcpy(concat+string->length, salt->data, salt->length);
+ memcpy(concat + string->length, salt->data, salt->length);
krb5_nfold(concatlen*8, concat, keybytes*8, foldstring);
@@ -72,25 +70,22 @@
foldkey.length = keylength;
foldkey.contents = foldkeydata;
- (*(enc->make_key))(&indata, &foldkey);
+ ret = (*enc->make_key)(&indata, &foldkey);
+ if (ret != 0)
+ goto cleanup;
/* now derive the key from this one */
indata.length = kerberos_len;
indata.data = (char *) kerberos;
- if ((ret = krb5_derive_key(enc, &foldkey, key, &indata)))
+ ret = krb5_derive_key(enc, &foldkey, key, &indata);
+ if (ret != 0)
memset(key->contents, 0, key->length);
- /* ret is set correctly by the prior call */
-
- memset(concat, 0, concatlen);
- memset(foldstring, 0, keybytes);
- memset(foldkeydata, 0, keylength);
-
- free(foldkeydata);
- free(foldstring);
- free(concat);
-
- return(ret);
+cleanup:
+ zapfree(concat, concatlen);
+ zapfree(foldstring, keybytes);
+ zapfree(foldkeydata, keylength);
+ return ret;
}
Modified: branches/enc-perf/src/lib/crypto/krb/encrypt.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/encrypt.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/encrypt.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -33,31 +33,24 @@
krb5_keyusage usage, const krb5_data *ivec,
const krb5_data *input, krb5_enc_data *output)
{
- int i;
+ const struct krb5_keytypes *ktp;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == key->enctype)
- break;
- }
+ ktp = find_enctype(key->enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
output->magic = KV5M_ENC_DATA;
output->kvno = 0;
output->enctype = key->enctype;
- if (krb5_enctypes_list[i].encrypt == NULL) {
- assert(krb5_enctypes_list[i].aead != NULL);
+ if (ktp->encrypt == NULL) {
+ assert(ktp->aead != NULL);
- return krb5int_c_encrypt_aead_compat(krb5_enctypes_list[i].aead,
- krb5_enctypes_list[i].enc,
- krb5_enctypes_list[i].hash,
- key, usage, ivec,
- input, &output->ciphertext);
+ return krb5int_c_encrypt_aead_compat(ktp->aead, ktp->enc, ktp->hash,
+ key, usage, ivec, input,
+ &output->ciphertext);
}
- return((*(krb5_enctypes_list[i].encrypt))
- (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash,
- key, usage, ivec, input, &output->ciphertext));
+ return (*ktp->encrypt)(ktp->enc, ktp->hash, key, usage, ivec, input,
+ &output->ciphertext);
}
Modified: branches/enc-perf/src/lib/crypto/krb/encrypt_iov.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/encrypt_iov.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/encrypt_iov.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -35,21 +35,13 @@
krb5_crypto_iov *data,
size_t num_data)
{
- int i;
- const struct krb5_keytypes *ktp = NULL;
+ const struct krb5_keytypes *ktp;
- for (i = 0; i < krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == key->enctype) {
- ktp = &krb5_enctypes_list[i];
- break;
- }
- }
-
- if (ktp == NULL || ktp->aead == NULL) {
+ ktp = find_enctype(key->enctype);
+ if (ktp == NULL || ktp->aead == NULL)
return KRB5_BAD_ENCTYPE;
- }
- return ktp->aead->encrypt_iov(ktp->aead, ktp->enc, ktp->hash,
- key, usage, cipher_state, data, num_data);
+ return (*ktp->aead->encrypt_iov)(ktp->aead, ktp->enc, ktp->hash,
+ key, usage, cipher_state, data, num_data);
}
Modified: branches/enc-perf/src/lib/crypto/krb/encrypt_length.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/encrypt_length.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/encrypt_length.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -32,28 +32,20 @@
krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype,
size_t inputlen, size_t *length)
{
- int i;
+ const struct krb5_keytypes *ktp;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype)
- break;
- }
+ ktp = find_enctype(enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
+ if (ktp->encrypt_len == NULL) {
+ assert(ktp->aead != NULL);
- if (krb5_enctypes_list[i].encrypt_len == NULL) {
- assert(krb5_enctypes_list[i].aead != NULL);
-
- krb5int_c_encrypt_length_aead_compat(krb5_enctypes_list[i].aead,
- krb5_enctypes_list[i].enc,
- krb5_enctypes_list[i].hash,
+ krb5int_c_encrypt_length_aead_compat(ktp->aead, ktp->enc, ktp->hash,
inputlen, length);
} else {
- (*(krb5_enctypes_list[i].encrypt_len))
- (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash,
- inputlen, length);
+ (*ktp->encrypt_len)(ktp->enc, ktp->hash, inputlen, length);
}
- return(0);
+ return 0;
}
Modified: branches/enc-perf/src/lib/crypto/krb/enctype_compare.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/enctype_compare.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/enctype_compare.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -31,25 +31,13 @@
krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2,
krb5_boolean *similar)
{
- int i, j;
+ const struct krb5_keytypes *ktp1, *ktp2;
- for (i=0; i<krb5_enctypes_length; i++)
- if (krb5_enctypes_list[i].etype == e1)
- break;
+ ktp1 = find_enctype(e1);
+ ktp2 = find_enctype(e2);
+ if (ktp1 == NULL || ktp2 == NULL)
+ return KRB5_BAD_ENCTYPE;
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
- for (j=0; j<krb5_enctypes_length; j++)
- if (krb5_enctypes_list[j].etype == e2)
- break;
-
- if (j == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
- *similar =
- ((krb5_enctypes_list[i].enc == krb5_enctypes_list[j].enc) &&
- (krb5_enctypes_list[i].str2key == krb5_enctypes_list[j].str2key));
-
- return(0);
+ *similar = (ktp1->enc == ktp2->enc && ktp1->str2key == ktp2->str2key);
+ return 0;
}
Modified: branches/enc-perf/src/lib/crypto/krb/enctype_to_string.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/enctype_to_string.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/enctype_to_string.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -30,16 +30,12 @@
krb5_error_code KRB5_CALLCONV
krb5_enctype_to_string(krb5_enctype enctype, char *buffer, size_t buflen)
{
- int i;
+ const struct krb5_keytypes *ktp;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype) {
- if (strlcpy(buffer, krb5_enctypes_list[i].out_string,
- buflen) >= buflen)
- return(ENOMEM);
- return(0);
- }
- }
-
- return(EINVAL);
+ ktp = find_enctype(enctype);
+ if (ktp == NULL)
+ return EINVAL;
+ if (strlcpy(buffer, ktp->out_string, buflen) >= buflen)
+ return ENOMEM;
+ return 0;
}
Modified: branches/enc-perf/src/lib/crypto/krb/etypes.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/etypes.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/etypes.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -167,4 +167,4 @@
};
const int krb5_enctypes_length =
-sizeof(krb5_enctypes_list)/sizeof(struct krb5_keytypes);
+ sizeof(krb5_enctypes_list) / sizeof(struct krb5_keytypes);
Modified: branches/enc-perf/src/lib/crypto/krb/etypes.h
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/etypes.h 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/etypes.h 2009-10-03 21:02:44 UTC (rev 22842)
@@ -26,21 +26,27 @@
#include "k5-int.h"
-typedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- size_t inputlen, size_t *length);
+typedef void (*krb5_encrypt_length_func)(const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ size_t inputlen, size_t *length);
-typedef krb5_error_code (*krb5_crypt_func) (const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, krb5_keyusage keyusage,
- const krb5_data *ivec,
- const krb5_data *input, krb5_data *output);
+typedef krb5_error_code (*krb5_crypt_func)(const struct krb5_enc_provider *enc,
+ const struct
+ krb5_hash_provider *hash,
+ const krb5_keyblock *key,
+ krb5_keyusage keyusage,
+ const krb5_data *ivec,
+ const krb5_data *input,
+ krb5_data *output);
-typedef krb5_error_code (*krb5_str2key_func) (const struct krb5_enc_provider *enc, const krb5_data *string,
- const krb5_data *salt, const krb5_data *parm, krb5_keyblock *key);
+typedef krb5_error_code (*krb5_str2key_func)(const struct
+ krb5_enc_provider *enc,
+ const krb5_data *string,
+ const krb5_data *salt,
+ const krb5_data *parm,
+ krb5_keyblock *key);
-typedef krb5_error_code (*krb5_prf_func)(
- const struct krb5_enc_provider *enc,
+typedef krb5_error_code (*krb5_prf_func)(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
const krb5_keyblock *key,
const krb5_data *in, krb5_data *out);
@@ -68,11 +74,12 @@
extern const struct krb5_keytypes krb5_enctypes_list[];
extern const int krb5_enctypes_length;
-static inline const struct krb5_keytypes*
-find_enctype (krb5_enctype enctype)
+static inline const struct krb5_keytypes *
+find_enctype(krb5_enctype enctype)
{
int i;
- for (i=0; i<krb5_enctypes_length; i++) {
+
+ for (i = 0; i < krb5_enctypes_length; i++) {
if (krb5_enctypes_list[i].etype == enctype)
break;
}
Modified: branches/enc-perf/src/lib/crypto/krb/keyblocks.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/keyblocks.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/keyblocks.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -33,29 +33,31 @@
#include "k5-int.h"
#include <assert.h>
-krb5_error_code krb5int_c_init_keyblock
- (krb5_context context, krb5_enctype enctype,
- size_t length, krb5_keyblock **out)
+krb5_error_code
+krb5int_c_init_keyblock(krb5_context context, krb5_enctype enctype,
+ size_t length, krb5_keyblock **out)
{
krb5_keyblock *kb;
- kb = malloc (sizeof(krb5_keyblock));
- assert (out);
+
+ assert(out);
*out = NULL;
- if (!kb) {
+
+ kb = malloc(sizeof(krb5_keyblock));
+ if (kb == NULL)
return ENOMEM;
- }
kb->magic = KV5M_KEYBLOCK;
kb->enctype = enctype;
kb->length = length;
- if(length) {
- kb->contents = malloc (length);
- if(!kb->contents) {
- free (kb);
+ if (length) {
+ kb->contents = malloc(length);
+ if (!kb->contents) {
+ free(kb);
return ENOMEM;
}
} else {
kb->contents = NULL;
}
+
*out = kb;
return 0;
}
@@ -71,9 +73,8 @@
krb5int_c_free_keyblock_contents(krb5_context context, krb5_keyblock *key)
{
if (key && key->contents) {
- krb5int_zap_data (key->contents, key->length);
- free(key->contents);
- key->contents = 0;
+ zapfree(key->contents, key->length);
+ key->contents = NULL;
}
}
Modified: branches/enc-perf/src/lib/crypto/krb/keyed_checksum_types.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/keyed_checksum_types.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/keyed_checksum_types.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -28,62 +28,54 @@
#include "etypes.h"
#include "cksumtypes.h"
-static int etype_match(krb5_enctype e1, krb5_enctype e2)
+static krb5_boolean
+etype_match(krb5_enctype e1, krb5_enctype e2)
{
- int i1, i2;
+ const struct krb5_keytypes *ktp1, *ktp2;
- for (i1=0; i1<krb5_enctypes_length; i1++)
- if (krb5_enctypes_list[i1].etype == e1)
- break;
-
- for (i2=0; i2<krb5_enctypes_length; i2++)
- if (krb5_enctypes_list[i2].etype == e2)
- break;
-
- return((i1 < krb5_enctypes_length) &&
- (i2 < krb5_enctypes_length) &&
- (krb5_enctypes_list[i1].enc == krb5_enctypes_list[i2].enc));
+ ktp1 = find_enctype(e1);
+ ktp2 = find_enctype(e2);
+ return (ktp1 != NULL && ktp2 != NULL && ktp1->enc == ktp2->enc);
}
krb5_error_code KRB5_CALLCONV
krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype,
unsigned int *count, krb5_cksumtype **cksumtypes)
{
- unsigned int i, c;
+ unsigned int i, c, nctypes;
+ krb5_cksumtype *ctypes;
+ const struct krb5_cksumtypes *ct;
- c = 0;
- for (i=0; i<krb5_cksumtypes_length; i++) {
- if ((krb5_cksumtypes_list[i].keyhash &&
- etype_match(krb5_cksumtypes_list[i].keyed_etype, enctype)) ||
- (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE)) {
- c++;
- }
+ *count = 0;
+ *cksumtypes = NULL;
+
+ nctypes = 0;
+ for (i = 0; i < krb5_cksumtypes_length; i++) {
+ ct = &krb5_cksumtypes_list[i];
+ if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
+ (ct->flags & KRB5_CKSUMFLAG_DERIVE))
+ nctypes++;
}
- *count = c;
+ ctypes = malloc(nctypes * sizeof(krb5_cksumtype));
+ if (ctypes == NULL)
+ return ENOMEM;
- if ((*cksumtypes = (krb5_cksumtype *) malloc(c*sizeof(krb5_cksumtype)))
- == NULL)
- return(ENOMEM);
-
c = 0;
- for (i=0; i<krb5_cksumtypes_length; i++) {
- if ((krb5_cksumtypes_list[i].keyhash &&
- etype_match(krb5_cksumtypes_list[i].keyed_etype, enctype)) ||
- (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE)) {
- (*cksumtypes)[c] = krb5_cksumtypes_list[i].ctype;
- c++;
- }
+ for (i = 0; i < krb5_cksumtypes_length; i++) {
+ ct = &krb5_cksumtypes_list[i];
+ if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
+ (ct->flags & KRB5_CKSUMFLAG_DERIVE))
+ ctypes[c++] = krb5_cksumtypes_list[i].ctype;
}
- return(0);
+ *count = nctypes;
+ *cksumtypes = ctypes;
+ return 0;
}
void KRB5_CALLCONV
krb5_free_cksumtypes(krb5_context context, krb5_cksumtype *val)
{
- if (val)
- free(val);
- return;
+ free(val);
}
-
Modified: branches/enc-perf/src/lib/crypto/krb/keyed_cksum.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/keyed_cksum.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/keyed_cksum.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -31,25 +31,22 @@
krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
{
unsigned int i;
+ const struct krb5_cksumtypes *ctp;
- for (i=0; i<krb5_cksumtypes_length; i++) {
- if (krb5_cksumtypes_list[i].ctype == ctype) {
- if (krb5_cksumtypes_list[i].keyhash ||
- (krb5_cksumtypes_list[i].flags &
- KRB5_CKSUMFLAG_DERIVE))
- return(1);
- else
- return(0);
+ for (i = 0; i < krb5_cksumtypes_length; i++) {
+ ctp = &krb5_cksumtypes_list[i];
+ if (ctp->ctype == ctype) {
+ return (ctp->keyhash != NULL ||
+ (ctp->flags & KRB5_CKSUMFLAG_DERIVE));
}
}
- /* ick, but it's better than coredumping, which is what the
- old code would have done */
- return 0; /* error case */
+ /* Invalid ctype. This is misleading, but better than dumping core. */
+ return FALSE;
}
krb5_boolean KRB5_CALLCONV
is_keyed_cksum(krb5_cksumtype ctype)
{
- return krb5_c_is_keyed_cksum (ctype);
+ return krb5_c_is_keyed_cksum(ctype);
}
Modified: branches/enc-perf/src/lib/crypto/krb/keylengths.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/keylengths.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/keylengths.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -39,23 +39,19 @@
krb5_c_keylengths(krb5_context context, krb5_enctype enctype,
size_t *keybytes, size_t *keylength)
{
- int i;
+ const struct krb5_keytypes *ktp;
if (keybytes == NULL && keylength == NULL)
- return(EINVAL);
+ return EINVAL;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype)
- break;
- }
+ ktp = find_enctype(enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
if (keybytes)
- *keybytes = krb5_enctypes_list[i].enc->keybytes;
+ *keybytes = ktp->enc->keybytes;
if (keylength)
- *keylength = krb5_enctypes_list[i].enc->keylength;
+ *keylength = ktp->enc->keylength;
- return(0);
+ return 0;
}
Modified: branches/enc-perf/src/lib/crypto/krb/make_checksum.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/make_checksum.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/make_checksum.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -35,56 +35,47 @@
const krb5_data *input, krb5_checksum *cksum)
{
unsigned int i;
- int e1, e2;
+ const struct krb5_cksumtypes *ctp;
+ const struct krb5_keytypes *ktp1, *ktp2;
+ const struct krb5_keyhash_provider *keyhash;
krb5_data data;
+ krb5_octet *trunc;
krb5_error_code ret;
size_t cksumlen;
- for (i=0; i<krb5_cksumtypes_length; i++) {
+ for (i = 0; i < krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == cksumtype)
break;
}
-
if (i == krb5_cksumtypes_length)
- return(KRB5_BAD_ENCTYPE);
+ return KRB5_BAD_ENCTYPE;
+ ctp = &krb5_cksumtypes_list[i];
- if (krb5_cksumtypes_list[i].keyhash)
- cksumlen = krb5_cksumtypes_list[i].keyhash->hashsize;
+ if (ctp->keyhash != NULL)
+ cksumlen = ctp->keyhash->hashsize;
else
- cksumlen = krb5_cksumtypes_list[i].hash->hashsize;
+ cksumlen = ctp->hash->hashsize;
cksum->length = cksumlen;
+ cksum->contents = malloc(cksum->length);
+ if (cksum->contents == NULL)
+ return ENOMEM;
- if ((cksum->contents = (krb5_octet *) malloc(cksum->length)) == NULL)
- return(ENOMEM);
-
data.length = cksum->length;
data.data = (char *) cksum->contents;
- if (krb5_cksumtypes_list[i].keyhash) {
+ if (ctp->keyhash) {
/* check if key is compatible */
- const struct krb5_keyhash_provider *keyhash;
-
- keyhash = krb5_cksumtypes_list[i].keyhash;
-
- if (krb5_cksumtypes_list[i].keyed_etype) {
- for (e1=0; e1<krb5_enctypes_length; e1++)
- if (krb5_enctypes_list[e1].etype ==
- krb5_cksumtypes_list[i].keyed_etype)
- break;
-
- for (e2=0; e2<krb5_enctypes_length; e2++)
- if (krb5_enctypes_list[e2].etype == key->enctype)
- break;
-
- if ((e1 == krb5_enctypes_length) ||
- (e2 == krb5_enctypes_length) ||
- (krb5_enctypes_list[e1].enc != krb5_enctypes_list[e2].enc)) {
+ if (ctp->keyed_etype) {
+ ktp1 = find_enctype(ctp->keyed_etype);
+ ktp2 = find_enctype(key->enctype);
+ if (ktp1 == NULL || ktp2 == NULL || ktp1->enc != ktp2->enc) {
ret = KRB5_BAD_ENCTYPE;
goto cleanup;
}
}
+ keyhash = ctp->keyhash;
if (keyhash->hash == NULL) {
krb5_crypto_iov iov[1];
@@ -97,22 +88,19 @@
} else {
ret = (*keyhash->hash)(key, usage, 0, input, &data);
}
- } else if (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE) {
- ret = krb5_dk_make_checksum(krb5_cksumtypes_list[i].hash,
- key, usage, input, &data);
+ } else if (ctp->flags & KRB5_CKSUMFLAG_DERIVE) {
+ ret = krb5_dk_make_checksum(ctp->hash, key, usage, input, &data);
} else {
- /* no key is used */
-
- ret = (*(krb5_cksumtypes_list[i].hash->hash))(1, input, &data);
+ /* No key is used. */
+ ret = (*ctp->hash->hash)(1, input, &data);
}
if (!ret) {
cksum->magic = KV5M_CHECKSUM;
cksum->checksum_type = cksumtype;
- if (krb5_cksumtypes_list[i].trunc_size) {
- krb5_octet *trunc;
- cksum->length = krb5_cksumtypes_list[i].trunc_size;
- trunc = (krb5_octet *) realloc(cksum->contents, cksum->length);
+ if (ctp->trunc_size) {
+ cksum->length = ctp->trunc_size;
+ trunc = realloc(cksum->contents, cksum->length);
if (trunc)
cksum->contents = trunc;
}
@@ -120,10 +108,9 @@
cleanup:
if (ret) {
- memset(cksum->contents, 0, cksum->length);
- free(cksum->contents);
+ zapfree(cksum->contents, cksum->length);
cksum->contents = NULL;
}
- return(ret);
+ return ret;
}
Modified: branches/enc-perf/src/lib/crypto/krb/make_checksum_iov.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/make_checksum_iov.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/make_checksum_iov.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -41,22 +41,23 @@
krb5_error_code ret;
krb5_data cksum_data;
krb5_crypto_iov *checksum;
+ const struct krb5_cksumtypes *ctp;
for (i = 0; i < krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == cksumtype)
break;
}
-
if (i == krb5_cksumtypes_length)
- return(KRB5_BAD_ENCTYPE);
+ return KRB5_BAD_ENCTYPE;
+ ctp = &krb5_cksumtypes_list[i];
- if (krb5_cksumtypes_list[i].keyhash != NULL)
- cksum_data.length = krb5_cksumtypes_list[i].keyhash->hashsize;
+ if (ctp->keyhash != NULL)
+ cksum_data.length = ctp->keyhash->hashsize;
else
- cksum_data.length = krb5_cksumtypes_list[i].hash->hashsize;
+ cksum_data.length = ctp->hash->hashsize;
- if (krb5_cksumtypes_list[i].trunc_size != 0)
- cksumlen = krb5_cksumtypes_list[i].trunc_size;
+ if (ctp->trunc_size != 0)
+ cksumlen = ctp->trunc_size;
else
cksumlen = cksum_data.length;
Modified: branches/enc-perf/src/lib/crypto/krb/make_random_key.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/make_random_key.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/make_random_key.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -31,53 +31,46 @@
krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
krb5_keyblock *random_key)
{
- int i;
krb5_error_code ret;
+ const struct krb5_keytypes *ktp;
const struct krb5_enc_provider *enc;
size_t keybytes, keylength;
krb5_data random_data;
- unsigned char *bytes;
+ unsigned char *bytes = NULL;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype)
- break;
- }
+ ktp = find_enctype(enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ enc = ktp->enc;
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
- enc = krb5_enctypes_list[i].enc;
-
keybytes = enc->keybytes;
keylength = enc->keylength;
- if ((bytes = (unsigned char *) malloc(keybytes)) == NULL)
- return(ENOMEM);
- if ((random_key->contents = (krb5_octet *) malloc(keylength)) == NULL) {
- free(bytes);
- return(ENOMEM);
- }
+ bytes = k5alloc(keybytes, &ret);
+ if (ret)
+ return ret;
+ random_key->contents = k5alloc(keylength, &ret);
+ if (ret)
+ goto cleanup;
random_data.data = (char *) bytes;
random_data.length = keybytes;
- if ((ret = krb5_c_random_make_octets(context, &random_data)))
+ ret = krb5_c_random_make_octets(context, &random_data);
+ if (ret)
goto cleanup;
random_key->magic = KV5M_KEYBLOCK;
random_key->enctype = enctype;
random_key->length = keylength;
- ret = ((*(enc->make_key))(&random_data, random_key));
+ ret = (*enc->make_key)(&random_data, random_key);
cleanup:
- memset(bytes, 0, keybytes);
- free(bytes);
-
if (ret) {
- memset(random_key->contents, 0, keylength);
- free(random_key->contents);
+ zapfree(random_key->contents, keylength);
+ random_key->contents = NULL;
}
-
- return(ret);
+ zapfree(bytes, keybytes);
+ return ret;
}
Modified: branches/enc-perf/src/lib/crypto/krb/mandatory_sumtype.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/mandatory_sumtype.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/mandatory_sumtype.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -26,16 +26,14 @@
#include "etypes.h"
krb5_error_code
-krb5int_c_mandatory_cksumtype (krb5_context ctx, krb5_enctype etype,
- krb5_cksumtype *cksumtype)
+krb5int_c_mandatory_cksumtype(krb5_context ctx, krb5_enctype etype,
+ krb5_cksumtype *cksumtype)
{
- int i;
+ const struct krb5_keytypes *ktp;
- for (i = 0; i < krb5_enctypes_length; i++)
- if (krb5_enctypes_list[i].etype == etype) {
- *cksumtype = krb5_enctypes_list[i].required_ctype;
- return 0;
- }
-
- return KRB5_BAD_ENCTYPE;
+ ktp = find_enctype(etype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ *cksumtype = ktp->required_ctype;
+ return 0;
}
Modified: branches/enc-perf/src/lib/crypto/krb/old_api_glue.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/old_api_glue.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/old_api_glue.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -37,28 +37,31 @@
krb5_error_code ret;
if (ivec) {
- if ((ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize)))
- return(ret);
+ ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
+ if (ret)
+ return ret;
ivecd.length = blocksize;
ivecd.data = ivec;
}
- /* size is the length of the input cleartext data */
+ /* size is the length of the input cleartext data. */
inputd.length = size;
inputd.data = inptr;
- /* The size of the output buffer isn't part of the old api. Not too
- safe. So, we assume here that it's big enough. */
- if ((ret = krb5_c_encrypt_length(context, eblock->key->enctype, size,
- &outlen)))
- return(ret);
+ /*
+ * The size of the output buffer isn't part of the old api. Not too
+ * safe. So, we assume here that it's big enough.
+ */
+ ret = krb5_c_encrypt_length(context, eblock->key->enctype, size, &outlen);
+ if (ret)
+ return ret;
outputd.ciphertext.length = outlen;
outputd.ciphertext.data = outptr;
- return(krb5_c_encrypt(context, eblock->key, 0, ivec?&ivecd:0,
- &inputd, &outputd));
+ return krb5_c_encrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
+ &inputd, &outputd);
}
krb5_error_code KRB5_CALLCONV
@@ -72,8 +75,9 @@
krb5_error_code ret;
if (ivec) {
- if ((ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize)))
- return(ret);
+ ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
+ if (ret)
+ return ret;
ivecd.length = blocksize;
ivecd.data = ivec;
@@ -90,8 +94,8 @@
outputd.length = size;
outputd.data = outptr;
- return(krb5_c_decrypt(context, eblock->key, 0, ivec?&ivecd:0,
- &inputd, &outputd));
+ return krb5_c_decrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
+ &inputd, &outputd);
}
krb5_error_code KRB5_CALLCONV
@@ -100,13 +104,13 @@
{
eblock->key = (krb5_keyblock *) key;
- return(0);
+ return 0;
}
krb5_error_code KRB5_CALLCONV
krb5_finish_key(krb5_context context, krb5_encrypt_block *eblock)
{
- return(0);
+ return 0;
}
krb5_error_code KRB5_CALLCONV
@@ -114,8 +118,8 @@
krb5_keyblock *keyblock, const krb5_data *data,
const krb5_data *salt)
{
- return(krb5_c_string_to_key(context, eblock->crypto_entry, data, salt,
- keyblock));
+ return krb5_c_string_to_key(context, eblock->crypto_entry, data, salt,
+ keyblock);
}
krb5_error_code KRB5_CALLCONV
@@ -127,14 +131,14 @@
data.length = keyblock->length;
data.data = (char *) keyblock->contents;
- return(krb5_c_random_seed(context, &data));
+ return krb5_c_random_seed(context, &data);
}
krb5_error_code KRB5_CALLCONV
krb5_finish_random_key(krb5_context context, const krb5_encrypt_block *eblock,
krb5_pointer *ptr)
{
- return(0);
+ return 0;
}
krb5_error_code KRB5_CALLCONV
@@ -144,23 +148,26 @@
krb5_keyblock *key;
krb5_error_code ret;
- if ((key = (krb5_keyblock *) malloc(sizeof(krb5_keyblock))) == NULL)
- return(ENOMEM);
+ *keyblock = NULL;
- if ((ret = krb5_c_make_random_key(context, eblock->crypto_entry, key))) {
+ key = malloc(sizeof(krb5_keyblock));
+ if (key == NULL)
+ return ENOMEM;
+
+ ret = krb5_c_make_random_key(context, eblock->crypto_entry, key);
+ if (ret) {
free(key);
- key = NULL;
+ return ret;
}
*keyblock = key;
-
return(ret);
}
krb5_enctype KRB5_CALLCONV
krb5_eblock_enctype(krb5_context context, const krb5_encrypt_block *eblock)
{
- return(eblock->crypto_entry);
+ return eblock->crypto_entry;
}
krb5_error_code KRB5_CALLCONV
@@ -169,7 +176,7 @@
{
eblock->crypto_entry = enctype;
- return(0);
+ return 0;
}
size_t KRB5_CALLCONV
@@ -177,10 +184,10 @@
{
size_t ret;
- if (krb5_c_encrypt_length(/* XXX */ 0, crypto, length, &ret))
- return(-1); /* XXX */
+ if (krb5_c_encrypt_length(NULL, crypto, length, &ret))
+ return (size_t) -1; /* XXX */
- return(ret);
+ return ret;
}
size_t KRB5_CALLCONV
@@ -189,9 +196,9 @@
size_t ret;
if (krb5_c_checksum_length(context, ctype, &ret))
- return(-1); /* XXX */
+ return (size_t) -1; /* XXX */
- return(ret);
+ return ret;
}
krb5_error_code KRB5_CALLCONV
@@ -211,13 +218,14 @@
key.length = seed_length;
key.contents = seed;
- if ((ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum)))
- return(ret);
+ ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum);
+ if (ret)
+ return ret;
if (outcksum->length < cksum.length) {
memset(cksum.contents, 0, cksum.length);
free(cksum.contents);
- return(KRB5_BAD_MSIZE);
+ return KRB5_BAD_MSIZE;
}
outcksum->magic = cksum.magic;
@@ -247,14 +255,14 @@
key.length = seed_length;
key.contents = seed;
- if ((ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum,
- &valid)))
- return(ret);
+ ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, &valid);
+ if (ret)
+ return ret;
if (!valid)
- return(KRB5KRB_AP_ERR_BAD_INTEGRITY);
+ return KRB5KRB_AP_ERR_BAD_INTEGRITY;
- return(0);
+ return 0;
}
krb5_error_code KRB5_CALLCONV
@@ -265,7 +273,7 @@
random_data.length = size;
random_data.data = ptr;
- return(krb5_c_random_make_octets(/* XXX */ 0, &random_data));
+ return krb5_c_random_make_octets(NULL, &random_data);
}
krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
@@ -276,13 +284,14 @@
size_t enclen, blocksize;
krb5_data ivecd;
- if ((ret = krb5_c_encrypt_length(context, key->enctype, data->length,
- &enclen)))
- return(ret);
+ ret = krb5_c_encrypt_length(context, key->enctype, data->length, &enclen);
+ if (ret)
+ return ret;
if (ivec) {
- if ((ret = krb5_c_block_size(context, key->enctype, &blocksize)))
- return(ret);
+ ret = krb5_c_block_size(context, key->enctype, &blocksize);
+ if (ret)
+ return ret;
ivecd.length = blocksize;
ivecd.data = ivec;
@@ -292,13 +301,15 @@
enc_data->kvno = 0;
enc_data->enctype = key->enctype;
enc_data->ciphertext.length = enclen;
- if ((enc_data->ciphertext.data = malloc(enclen)) == NULL)
- return(ENOMEM);
+ enc_data->ciphertext.data = malloc(enclen);
+ if (enc_data->ciphertext.data == NULL)
+ return ENOMEM;
- if ((ret = krb5_c_encrypt(context, key, 0, ivec?&ivecd:0, data, enc_data)))
+ ret = krb5_c_encrypt(context, key, 0, ivec ? &ivecd : 0, data, enc_data);
+ if (ret)
free(enc_data->ciphertext.data);
- return(ret);
+ return ret;
}
krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key,
@@ -310,19 +321,22 @@
size_t blocksize;
if (ivec) {
- if ((ret = krb5_c_block_size(context, key->enctype, &blocksize)))
- return(ret);
+ ret = krb5_c_block_size(context, key->enctype, &blocksize);
+ if (ret)
+ return ret;
ivecd.length = blocksize;
ivecd.data = ivec;
}
data->length = enc_data->ciphertext.length;
- if ((data->data = (char *) malloc(data->length)) == NULL)
- return(ENOMEM);
+ data->data = malloc(data->length);
+ if (data->data == NULL)
+ return ENOMEM;
- if ((ret = krb5_c_decrypt(context, key, 0, ivec?&ivecd:0, enc_data, data)))
+ ret = krb5_c_decrypt(context, key, 0, ivec ? &ivecd : 0, enc_data, data);
+ if (ret)
free(data->data);
- return(0);
+ return 0;
}
Modified: branches/enc-perf/src/lib/crypto/krb/prf.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/prf.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/prf.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -37,51 +37,35 @@
#include <assert.h>
krb5_error_code KRB5_CALLCONV
-krb5_c_prf_length(krb5_context context, krb5_enctype enctype,
- size_t *len)
+krb5_c_prf_length(krb5_context context, krb5_enctype enctype, size_t *len)
{
- int i;
- assert (len);
+ const struct krb5_keytypes *ktp;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype)
- break;
- }
-
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
- *len = krb5_enctypes_list[i].prf_length;
+ assert(len);
+ ktp = find_enctype(enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ *len = ktp->prf_length;
return 0;
-
}
krb5_error_code KRB5_CALLCONV
krb5_c_prf(krb5_context context, const krb5_keyblock *key,
krb5_data *input, krb5_data *output)
{
- int i;
- size_t len;
+ const struct krb5_keytypes *ktp;
+
assert(input && output);
- assert (output->data);
+ assert(output->data);
+ ktp = find_enctype(key->enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ if (ktp->prf == NULL)
+ return KRB5_CRYPTO_INTERNAL;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == key->enctype)
- break;
- }
-
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
output->magic = KV5M_DATA;
- if (!krb5_enctypes_list[i].prf)
- return (KRB5_CRYPTO_INTERNAL);
- krb5_c_prf_length (context, key->enctype, &len);
- if (len != output->length)
- return (KRB5_CRYPTO_INTERNAL);
- return((*(krb5_enctypes_list[i].prf))
- (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash,
- key, input, output));
+ if (ktp->prf_length != output->length)
+ return KRB5_CRYPTO_INTERNAL;
+ return (*ktp->prf)(ktp->enc, ktp->hash, key, input, output);
}
-
Modified: branches/enc-perf/src/lib/crypto/krb/prng.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/prng.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/prng.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -38,27 +38,28 @@
*/
static size_t
-entropy_estimate (unsigned int randsource, size_t length)
+entropy_estimate(unsigned int randsource, size_t length)
{
- switch (randsource) {
- case KRB5_C_RANDSOURCE_OLDAPI:
- return (4*length);
- case KRB5_C_RANDSOURCE_OSRAND:
- return (8*length);
- case KRB5_C_RANDSOURCE_TRUSTEDPARTY:
- return (4*length);
- case KRB5_C_RANDSOURCE_TIMING:return (2);
- case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL:
- return (0);
- default:
- abort();
- }
-return (0);
+ switch (randsource) {
+ case KRB5_C_RANDSOURCE_OLDAPI:
+ return 4 * length;
+ case KRB5_C_RANDSOURCE_OSRAND:
+ return 8 * length;
+ case KRB5_C_RANDSOURCE_TRUSTEDPARTY:
+ return 4 * length;
+ case KRB5_C_RANDSOURCE_TIMING:
+ return 2;
+ case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL:
+ return 0;
+ default:
+ abort();
+ }
+ return 0;
}
int krb5int_prng_init(void)
{
- unsigned i;
+ unsigned i, source_id;
int yerr;
yerr = k5_mutex_finish_init(&yarrow_lock);
@@ -66,12 +67,11 @@
return yerr;
yerr = krb5int_yarrow_init (&y_ctx, NULL);
- if ((yerr != YARROW_OK) && (yerr != YARROW_NOT_SEEDED))
+ if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED)
return KRB5_CRYPTO_INTERNAL;
for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) {
- unsigned source_id;
- if (krb5int_yarrow_new_source (&y_ctx, &source_id) != YARROW_OK )
+ if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK)
return KRB5_CRYPTO_INTERNAL;
assert (source_id == i);
}
@@ -80,46 +80,47 @@
}
krb5_error_code KRB5_CALLCONV
-krb5_c_random_add_entropy (krb5_context context, unsigned int randsource,
- const krb5_data *data)
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+ const krb5_data *data)
{
- int yerr;
+ int yerr;
- /* Make sure the mutex got initialized. */
- yerr = krb5int_crypto_init();
- if (yerr)
- return yerr;
- /* Now, finally, feed in the data. */
- yerr = krb5int_yarrow_input (&y_ctx, randsource,
- data->data, data->length,
- entropy_estimate (randsource, data->length));
- if (yerr != YARROW_OK)
- return (KRB5_CRYPTO_INTERNAL);
- return (0);
+ /* Make sure the mutex got initialized. */
+ yerr = krb5int_crypto_init();
+ if (yerr)
+ return yerr;
+ /* Now, finally, feed in the data. */
+ yerr = krb5int_yarrow_input(&y_ctx, randsource,
+ data->data, data->length,
+ entropy_estimate(randsource, data->length));
+ if (yerr != YARROW_OK)
+ return KRB5_CRYPTO_INTERNAL;
+ return 0;
}
krb5_error_code KRB5_CALLCONV
-krb5_c_random_seed (krb5_context context, krb5_data *data)
+krb5_c_random_seed(krb5_context context, krb5_data *data)
{
- return krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_OLDAPI, data);
+ return krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data);
}
krb5_error_code KRB5_CALLCONV
krb5_c_random_make_octets(krb5_context context, krb5_data *data)
{
int yerr;
- yerr = krb5int_yarrow_output (&y_ctx, data->data, data->length);
+ yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
if (yerr == YARROW_NOT_SEEDED) {
- yerr = krb5int_yarrow_reseed (&y_ctx, YARROW_SLOW_POOL);
- if (yerr == YARROW_OK)
- yerr = krb5int_yarrow_output (&y_ctx, data->data, data->length);
+ yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL);
+ if (yerr == YARROW_OK)
+ yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
}
- if ( yerr != YARROW_OK)
- return (KRB5_CRYPTO_INTERNAL);
- return(0);
+ if (yerr != YARROW_OK)
+ return KRB5_CRYPTO_INTERNAL;
+ return 0;
}
-void krb5int_prng_cleanup (void)
+void
+krb5int_prng_cleanup (void)
{
krb5int_yarrow_final (&y_ctx);
k5_mutex_destroy(&yarrow_lock);
@@ -133,11 +134,11 @@
#if defined(_WIN32)
krb5_error_code KRB5_CALLCONV
-krb5_c_random_os_entropy (krb5_context context, int strong, int *success)
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
{
- if (success)
- *success = 0;
- return 0;
+ if (success)
+ *success = 0;
+ return 0;
}
#else /*Windows*/
@@ -156,60 +157,58 @@
*/
static int
-read_entropy_from_device (krb5_context context, const char *device)
+read_entropy_from_device(krb5_context context, const char *device)
{
- krb5_data data;
- struct stat sb;
- int fd;
- unsigned char buf[YARROW_SLOW_THRESH/8], *bp;
- int left;
- fd = open (device, O_RDONLY);
- if (fd == -1)
- return 0;
- set_cloexec_fd(fd);
- if (fstat (fd, &sb) == -1 || S_ISREG(sb.st_mode)) {
- close(fd);
- return 0;
- }
+ krb5_data data;
+ struct stat sb;
+ int fd;
+ unsigned char buf[YARROW_SLOW_THRESH/8], *bp;
+ int left;
- for (bp = buf, left = sizeof (buf); left > 0;) {
- ssize_t count;
- count = read (fd, bp, (unsigned) left);
- if (count <= 0) {
- close(fd);
- return 0;
+ fd = open (device, O_RDONLY);
+ if (fd == -1)
+ return 0;
+ set_cloexec_fd(fd);
+ if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode)) {
+ close(fd);
+ return 0;
}
- left -= count;
- bp += count;
- }
- close (fd);
- data.length = sizeof (buf);
- data.data = ( char * ) buf;
- if ( krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_OSRAND,
- &data) != 0) {
- return 0;
- }
- return 1;
+
+ for (bp = buf, left = sizeof(buf); left > 0;) {
+ ssize_t count;
+ count = read(fd, bp, (unsigned) left);
+ if (count <= 0) {
+ close(fd);
+ return 0;
+ }
+ left -= count;
+ bp += count;
+ }
+ close(fd);
+ data.length = sizeof (buf);
+ data.data = (char *) buf;
+ return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND,
+ &data) == 0);
}
krb5_error_code KRB5_CALLCONV
-krb5_c_random_os_entropy (krb5_context context,
- int strong, int *success)
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
{
- int unused;
- int *oursuccess = success?success:&unused;
- *oursuccess = 0;
- /* If we are getting strong data then try that first. We are
- guaranteed to cause a reseed of some kind if strong is true and
- we have both /dev/random and /dev/urandom. We want the strong
- data included in the reseed so we get it first.*/
- if (strong) {
- if (read_entropy_from_device (context, "/dev/random"))
- *oursuccess = 1;
- }
- if (read_entropy_from_device (context, "/dev/urandom"))
- *oursuccess = 1;
- return 0;
+ int unused;
+ int *oursuccess = success ? success : &unused;
+
+ *oursuccess = 0;
+ /* If we are getting strong data then try that first. We are
+ guaranteed to cause a reseed of some kind if strong is true and
+ we have both /dev/random and /dev/urandom. We want the strong
+ data included in the reseed so we get it first.*/
+ if (strong) {
+ if (read_entropy_from_device(context, "/dev/random"))
+ *oursuccess = 1;
+ }
+ if (read_entropy_from_device(context, "/dev/urandom"))
+ *oursuccess = 1;
+ return 0;
}
#endif /*Windows or pre-OSX Mac*/
Modified: branches/enc-perf/src/lib/crypto/krb/random_to_key.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/random_to_key.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/random_to_key.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -40,34 +40,25 @@
krb5_c_random_to_key(krb5_context context, krb5_enctype enctype,
krb5_data *random_data, krb5_keyblock *random_key)
{
- int i;
krb5_error_code ret;
+ const struct krb5_keytypes *ktp;
const struct krb5_enc_provider *enc;
- if (random_data == NULL || random_key == NULL)
- return(EINVAL);
+ if (random_data == NULL || random_key == NULL ||
+ random_key->contents == NULL)
+ return EINVAL;
- if (random_key->contents == NULL)
- return(EINVAL);
+ ktp = find_enctype(enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ enc = ktp->enc;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype)
- break;
- }
-
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
- enc = krb5_enctypes_list[i].enc;
-
if (random_key->length != enc->keylength)
- return(KRB5_BAD_KEYSIZE);
+ return KRB5_BAD_KEYSIZE;
- ret = ((*(enc->make_key))(random_data, random_key));
-
- if (ret) {
+ ret = (*enc->make_key)(random_data, random_key);
+ if (ret)
memset(random_key->contents, 0, random_key->length);
- }
- return(ret);
+ return ret;
}
Modified: branches/enc-perf/src/lib/crypto/krb/state.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/state.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/state.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -39,34 +39,22 @@
krb5_c_init_state (krb5_context context, const krb5_keyblock *key,
krb5_keyusage keyusage, krb5_data *new_state)
{
- int i;
+ const struct krb5_keytypes *ktp;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == key->enctype)
- break;
- }
-
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
- return (*(krb5_enctypes_list[i].enc->init_state))
- (key, keyusage, new_state);
+ ktp = find_enctype(key->enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ return ktp->enc->init_state(key, keyusage, new_state);
}
krb5_error_code KRB5_CALLCONV
-krb5_c_free_state (krb5_context context, const krb5_keyblock *key,
- krb5_data *state)
+krb5_c_free_state(krb5_context context, const krb5_keyblock *key,
+ krb5_data *state)
{
- int i;
+ const struct krb5_keytypes *ktp;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == key->enctype)
- break;
- }
-
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
- return (*(krb5_enctypes_list[i].enc->free_state))
- (state);
+ ktp = find_enctype(key->enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ return ktp->enc->free_state(state);
}
Modified: branches/enc-perf/src/lib/crypto/krb/string_to_cksumtype.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/string_to_cksumtype.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/string_to_cksumtype.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -31,23 +31,26 @@
krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep)
{
unsigned int i, j;
+ const char *alias;
+ const struct krb5_cksumtypes *ctp;
for (i=0; i<krb5_cksumtypes_length; i++) {
- if (strcasecmp(krb5_cksumtypes_list[i].name, string) == 0) {
- *cksumtypep = krb5_cksumtypes_list[i].ctype;
- return(0);
+ ctp = &krb5_cksumtypes_list[i];
+ if (strcasecmp(ctp->name, string) == 0) {
+ *cksumtypep = ctp->ctype;
+ return 0;
}
-#define MAX_ALIASES (sizeof(krb5_cksumtypes_list[i].aliases) / sizeof(krb5_cksumtypes_list[i].aliases[0]))
+#define MAX_ALIASES (sizeof(ctp->aliases) / sizeof(ctp->aliases[0]))
for (j = 0; j < MAX_ALIASES; j++) {
- const char *alias = krb5_cksumtypes_list[i].aliases[j];
+ alias = ctp->aliases[j];
if (alias == NULL)
break;
if (strcasecmp(alias, string) == 0) {
- *cksumtypep = krb5_cksumtypes_list[i].ctype;
+ *cksumtypep = ctp->ctype;
return 0;
}
}
}
- return(EINVAL);
+ return EINVAL;
}
Modified: branches/enc-perf/src/lib/crypto/krb/string_to_enctype.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/string_to_enctype.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/string_to_enctype.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -30,24 +30,28 @@
krb5_error_code KRB5_CALLCONV
krb5_string_to_enctype(char *string, krb5_enctype *enctypep)
{
- unsigned int i, j;
+ int i;
+ unsigned int j;
+ const char *alias;
+ const struct krb5_keytypes *ktp;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (strcasecmp(krb5_enctypes_list[i].name, string) == 0) {
- *enctypep = krb5_enctypes_list[i].etype;
+ for (i = 0; i < krb5_enctypes_length; i++) {
+ ktp = &krb5_enctypes_list[i];
+ if (strcasecmp(ktp->name, string) == 0) {
+ *enctypep = ktp->etype;
return 0;
}
-#define MAX_ALIASES (sizeof(krb5_enctypes_list[i].aliases) / sizeof(krb5_enctypes_list[i].aliases[0]))
+#define MAX_ALIASES (sizeof(ktp->aliases) / sizeof(ktp->aliases[0]))
for (j = 0; j < MAX_ALIASES; j++) {
- const char *alias = krb5_enctypes_list[i].aliases[j];
+ alias = ktp->aliases[j];
if (alias == NULL)
break;
if (strcasecmp(alias, string) == 0) {
- *enctypep = krb5_enctypes_list[i].etype;
+ *enctypep = ktp->etype;
return 0;
}
}
}
- return(EINVAL);
+ return EINVAL;
}
Modified: branches/enc-perf/src/lib/crypto/krb/string_to_key.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/string_to_key.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/string_to_key.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -51,23 +51,20 @@
const krb5_data *salt,
const krb5_data *params, krb5_keyblock *key)
{
- int i;
krb5_error_code ret;
- const struct krb5_enc_provider *enc;
- size_t keybytes, keylength;
+ const struct krb5_keytypes *ktp;
+ size_t keylength;
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype)
- break;
- }
+ ktp = find_enctype(enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ keylength = ktp->enc->keylength;
- if (i == krb5_enctypes_length)
- return(KRB5_BAD_ENCTYPE);
-
- enc = krb5_enctypes_list[i].enc;
-/* xxx AFS string2key function is indicated by a special length in
- * the salt in much of the code. However only the DES enctypes can
- * deal with this. Using s2kparams would be a much better solution.*/
+ /*
+ * xxx AFS string2key function is indicated by a special length in
+ * the salt in much of the code. However only the DES enctypes can
+ * deal with this. Using s2kparams would be a much better solution.
+ */
if (salt && salt->length == SALT_TYPE_AFS_LENGTH) {
switch (enctype) {
case ENCTYPE_DES_CBC_CRC:
@@ -75,27 +72,24 @@
case ENCTYPE_DES_CBC_MD5:
break;
default:
- return (KRB5_CRYPTO_INTERNAL);
+ return KRB5_CRYPTO_INTERNAL;
}
}
- keybytes = enc->keybytes;
- keylength = enc->keylength;
+ key->contents = malloc(keylength);
+ if (key->contents == NULL)
+ return ENOMEM;
- if ((key->contents = (krb5_octet *) malloc(keylength)) == NULL)
- return(ENOMEM);
-
key->magic = KV5M_KEYBLOCK;
key->enctype = enctype;
key->length = keylength;
- ret = (*krb5_enctypes_list[i].str2key)(enc, string, salt, params, key);
+ ret = (*ktp->str2key)(ktp->enc, string, salt, params, key);
if (ret) {
- memset(key->contents, 0, keylength);
- free(key->contents);
+ zapfree(key->contents, keylength);
key->length = 0;
key->contents = NULL;
}
- return(ret);
+ return ret;
}
Modified: branches/enc-perf/src/lib/crypto/krb/valid_cksumtype.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/valid_cksumtype.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/valid_cksumtype.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -32,16 +32,16 @@
{
unsigned int i;
- for (i=0; i<krb5_cksumtypes_length; i++) {
+ for (i = 0; i < krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == ctype)
- return(1);
+ return TRUE;
}
- return(0);
+ return FALSE;
}
krb5_boolean KRB5_CALLCONV
valid_cksumtype(krb5_cksumtype ctype)
{
- return krb5_c_valid_cksumtype (ctype);
+ return krb5_c_valid_cksumtype(ctype);
}
Modified: branches/enc-perf/src/lib/crypto/krb/valid_enctype.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/valid_enctype.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/valid_enctype.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -30,39 +30,20 @@
krb5_boolean KRB5_CALLCONV
krb5_c_valid_enctype(krb5_enctype etype)
{
- int i;
-
- for (i=0; i<krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == etype)
- return(1);
- }
-
- return(0);
+ return (find_enctype(etype) != NULL);
}
krb5_boolean KRB5_CALLCONV
valid_enctype(krb5_enctype etype)
{
- return krb5_c_valid_enctype (etype);
+ return krb5_c_valid_enctype(etype);
}
krb5_boolean KRB5_CALLCONV
krb5_c_weak_enctype(krb5_enctype etype)
{
- int i;
- const struct krb5_keytypes *k;
+ const struct krb5_keytypes *ktp;
- for (i = 0; i < krb5_enctypes_length; i++) {
-#if 0
- if (krb5_enctypes_list[i].etype == etype &&
- krb5_enctypes_list[i].flags | ETYPE_WEAK)
- return(1);
-#endif
- k = &krb5_enctypes_list[i];
- if (k->etype == etype && (k->flags & ETYPE_WEAK)) {
- return(1);
- }
- }
-
- return(0);
+ ktp = find_enctype(etype);
+ return ((ktp->flags & ETYPE_WEAK) != 0);
}
Modified: branches/enc-perf/src/lib/crypto/krb/verify_checksum.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/verify_checksum.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/verify_checksum.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -33,6 +33,8 @@
const krb5_checksum *cksum, krb5_boolean *valid)
{
unsigned int i;
+ const struct krb5_cksumtypes *ctp;
+ const struct krb5_keyhash_provider *keyhash;
size_t hashsize;
krb5_error_code ret;
krb5_data indata;
@@ -42,51 +44,47 @@
if (krb5_cksumtypes_list[i].ctype == cksum->checksum_type)
break;
}
-
if (i == krb5_cksumtypes_length)
- return(KRB5_BAD_ENCTYPE);
+ return KRB5_BAD_ENCTYPE;
+ ctp = &krb5_cksumtypes_list[i];
- /* if there's actually a verify function, call it */
-
indata.length = cksum->length;
indata.data = (char *) cksum->contents;
- if (krb5_cksumtypes_list[i].keyhash) {
- const struct krb5_keyhash_provider *keyhash;
+ /* If there's actually a verify function, call it. */
+ if (ctp->keyhash) {
+ keyhash = ctp->keyhash;
- keyhash = krb5_cksumtypes_list[i].keyhash;
-
if (keyhash->verify == NULL && keyhash->verify_iov != NULL) {
krb5_crypto_iov iov[1];
iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
iov[0].data = *data;
- return (*keyhash->verify_iov)(key, usage, 0, iov, 1, &indata, valid);
+ return (*keyhash->verify_iov)(key, usage, 0, iov, 1, &indata,
+ valid);
} else if (keyhash->verify != NULL) {
return (*keyhash->verify)(key, usage, 0, data, &indata, valid);
}
}
- /* otherwise, make the checksum again, and compare */
+ /* Otherwise, make the checksum again, and compare. */
+ ret = krb5_c_checksum_length(context, cksum->checksum_type, &hashsize);
+ if (ret)
+ return ret;
- if ((ret = krb5_c_checksum_length(context, cksum->checksum_type, &hashsize)))
- return(ret);
-
if (cksum->length != hashsize)
- return(KRB5_BAD_MSIZE);
+ return KRB5_BAD_MSIZE;
computed.length = hashsize;
- if ((ret = krb5_c_make_checksum(context, cksum->checksum_type, key, usage,
- data, &computed))) {
- free(computed.contents);
- return(ret);
- }
+ ret = krb5_c_make_checksum(context, cksum->checksum_type, key, usage,
+ data, &computed);
+ if (ret)
+ return ret;
*valid = (memcmp(computed.contents, cksum->contents, hashsize) == 0);
free(computed.contents);
-
- return(0);
+ return 0;
}
Modified: branches/enc-perf/src/lib/crypto/krb/verify_checksum_iov.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/verify_checksum_iov.c 2009-10-03 21:00:42 UTC (rev 22841)
+++ branches/enc-perf/src/lib/crypto/krb/verify_checksum_iov.c 2009-10-03 21:02:44 UTC (rev 22842)
@@ -38,6 +38,7 @@
krb5_boolean *valid)
{
unsigned int i;
+ const struct krb5_cksumtypes *ctp;
size_t cksumlen;
krb5_error_code ret;
krb5_data computed;
@@ -47,52 +48,49 @@
if (krb5_cksumtypes_list[i].ctype == checksum_type)
break;
}
-
if (i == krb5_cksumtypes_length)
- return(KRB5_BAD_ENCTYPE);
+ return KRB5_BAD_ENCTYPE;
+ ctp = &krb5_cksumtypes_list[i];
- checksum = krb5int_c_locate_iov((krb5_crypto_iov *)data, num_data, KRB5_CRYPTO_TYPE_CHECKSUM);
+ checksum = krb5int_c_locate_iov((krb5_crypto_iov *)data, num_data,
+ KRB5_CRYPTO_TYPE_CHECKSUM);
if (checksum == NULL)
return(KRB5_BAD_MSIZE);
- /* if there's actually a verify function, call it */
+ /* If there's actually a verify function, call it. */
+ if (ctp->keyhash && ctp->keyhash->verify_iov) {
+ return (*ctp->keyhash->verify_iov)(key, usage, 0, data, num_data,
+ &checksum->data, valid);
+ }
- if (krb5_cksumtypes_list[i].keyhash &&
- krb5_cksumtypes_list[i].keyhash->verify_iov)
- return((*(krb5_cksumtypes_list[i].keyhash->verify_iov))(key, usage, 0,
- data, num_data,
- &checksum->data,
- valid));
-
- /* otherwise, make the checksum again, and compare */
-
- if (krb5_cksumtypes_list[i].keyhash != NULL)
- computed.length = krb5_cksumtypes_list[i].keyhash->hashsize;
+ /* Otherwise, make the checksum again, and compare. */
+ if (ctp->keyhash != NULL)
+ computed.length = ctp->keyhash->hashsize;
else
- computed.length = krb5_cksumtypes_list[i].hash->hashsize;
+ computed.length = ctp->hash->hashsize;
- if (krb5_cksumtypes_list[i].trunc_size != 0)
- cksumlen = krb5_cksumtypes_list[i].trunc_size;
+ if (ctp->trunc_size != 0)
+ cksumlen = ctp->trunc_size;
else
cksumlen = computed.length;
if (checksum->data.length != cksumlen)
- return(KRB5_BAD_MSIZE);
+ return KRB5_BAD_MSIZE;
computed.data = malloc(computed.length);
if (computed.data == NULL)
- return(ENOMEM);
+ return ENOMEM;
- if ((ret = krb5int_c_make_checksum_iov(&krb5_cksumtypes_list[i], key, usage,
- data, num_data, &computed))) {
+ ret = krb5int_c_make_checksum_iov(&krb5_cksumtypes_list[i], key, usage,
+ data, num_data, &computed);
+ if (ret) {
free(computed.data);
- return(ret);
+ return ret;
}
*valid = (computed.length == cksumlen) &&
(memcmp(computed.data, checksum->data.data, cksumlen) == 0);
free(computed.data);
-
- return(0);
+ return 0;
}
More information about the cvs-krb5
mailing list