Update the crypto API glue to conform to most of the current coding
authorGreg Hudson <ghudson@mit.edu>
Sat, 3 Oct 2009 16:03:15 +0000 (16:03 +0000)
committerGreg Hudson <ghudson@mit.edu>
Sat, 3 Oct 2009 16:03:15 +0000 (16:03 +0000)
practices (except lack of tabs).  Use the helper functions k5alloc,
zapfree, and find_enctype to reduce code size.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22839 dc483132-0cff-0310-8789-dd5450dbe970

39 files changed:
src/lib/crypto/krb/aead.c
src/lib/crypto/krb/block_size.c
src/lib/crypto/krb/cf2.c
src/lib/crypto/krb/checksum_length.c
src/lib/crypto/krb/cksumtype_to_string.c
src/lib/crypto/krb/cksumtypes.c
src/lib/crypto/krb/cksumtypes.h
src/lib/crypto/krb/coll_proof_cksum.c
src/lib/crypto/krb/combine_keys.c
src/lib/crypto/krb/crypto_length.c
src/lib/crypto/krb/decrypt.c
src/lib/crypto/krb/decrypt_iov.c
src/lib/crypto/krb/encrypt.c
src/lib/crypto/krb/encrypt_iov.c
src/lib/crypto/krb/encrypt_length.c
src/lib/crypto/krb/enctype_compare.c
src/lib/crypto/krb/enctype_to_string.c
src/lib/crypto/krb/etypes.c
src/lib/crypto/krb/etypes.h
src/lib/crypto/krb/keyblocks.c
src/lib/crypto/krb/keyed_checksum_types.c
src/lib/crypto/krb/keyed_cksum.c
src/lib/crypto/krb/keylengths.c
src/lib/crypto/krb/make_checksum.c
src/lib/crypto/krb/make_checksum_iov.c
src/lib/crypto/krb/make_random_key.c
src/lib/crypto/krb/mandatory_sumtype.c
src/lib/crypto/krb/old_api_glue.c
src/lib/crypto/krb/prf.c
src/lib/crypto/krb/prng.c
src/lib/crypto/krb/random_to_key.c
src/lib/crypto/krb/state.c
src/lib/crypto/krb/string_to_cksumtype.c
src/lib/crypto/krb/string_to_enctype.c
src/lib/crypto/krb/string_to_key.c
src/lib/crypto/krb/valid_cksumtype.c
src/lib/crypto/krb/valid_enctype.c
src/lib/crypto/krb/verify_checksum.c
src/lib/crypto/krb/verify_checksum_iov.c

index 2d9a8353afea19f329f18faddbd281f9703d2266..ac5e7e87c7c084263eb7efd7ae6856ffd8d68f6c 100644 (file)
@@ -72,8 +72,8 @@ make_unkeyed_checksum_iov(const struct krb5_hash_provider *hash_provider,
            num_sign_data++;
     }
 
-    /* XXX cleanup to avoid alloc */
-    sign_data = (krb5_data *)calloc(num_sign_data, sizeof(krb5_data));
+    /* XXX cleanup to avoid alloc. */
+    sign_data = calloc(num_sign_data, sizeof(krb5_data));
     if (sign_data == NULL)
        return ENOMEM;
 
@@ -84,7 +84,7 @@ make_unkeyed_checksum_iov(const struct krb5_hash_provider *hash_provider,
            sign_data[j++] = iov->data;
     }
 
-    ret = hash_provider->hash(num_sign_data, sign_data, output);
+    ret = (*hash_provider->hash)(num_sign_data, sign_data, output);
 
     free(sign_data);
 
@@ -99,36 +99,26 @@ krb5int_c_make_checksum_iov(const struct krb5_cksumtypes *cksum_type,
                            size_t num_data,
                            krb5_data *cksum_data)
 {
-    int e1, e2;
+    const struct krb5_keytypes *e1, *e2;
     krb5_error_code ret;
 
     if (cksum_type->keyhash != NULL) {
-       /* check if key is compatible */
+       /* Check if key is compatible. */
 
        if (cksum_type->keyed_etype) {
-           for (e1=0; e1<krb5_enctypes_length; e1++) 
-               if (krb5_enctypes_list[e1].etype ==
-                   cksum_type->keyed_etype)
-                   break;
-
-           for (e2=0; e2<krb5_enctypes_length; e2++) 
-               if (krb5_enctypes_list[e2].etype == key->enctype)
-                   break;
-
-           if ((e1 == krb5_enctypes_length) ||
-               (e2 == krb5_enctypes_length) ||
-               (krb5_enctypes_list[e1].enc != krb5_enctypes_list[e2].enc)) {
+           e1 = find_enctype(cksum_type->keyed_etype);
+           e2 = find_enctype(key->enctype);
+           if (e1 == NULL || e2 == NULL || e1->enc != e2->enc) {
                ret = KRB5_BAD_ENCTYPE;
                goto cleanup;
            }
        }
 
-       if (cksum_type->keyhash->hash_iov == NULL) {
+       if (cksum_type->keyhash->hash_iov == NULL)
            return KRB5_BAD_ENCTYPE;
-       }
 
-       ret = (*(cksum_type->keyhash->hash_iov))(key, usage, 0,
-                                                data, num_data, cksum_data);
+       ret = (*cksum_type->keyhash->hash_iov)(key, usage, 0, data, num_data,
+                                              cksum_data);
     } else if (cksum_type->flags & KRB5_CKSUMFLAG_DERIVE) {
        ret = krb5int_dk_make_checksum_iov(cksum_type->hash,
                                           key, usage, data, num_data,
@@ -364,22 +354,25 @@ krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
     stream = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM);
     assert(stream != NULL);
 
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER, &header_len);
+    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
+                                &header_len);
     if (ret != 0)
        return ret;
 
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, &trailer_len);
+    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
+                                &trailer_len);
     if (ret != 0)
        return ret;
 
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &padding_len);
+    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
+                                &padding_len);
     if (ret != 0)
        return ret;
 
     if (stream->data.length < header_len + trailer_len)
        return KRB5_BAD_MSIZE;
 
-    iov = (krb5_crypto_iov *)calloc(num_data + 2, sizeof(krb5_crypto_iov));
+    iov = calloc(num_data + 2, sizeof(krb5_crypto_iov));
     if (iov == NULL)
        return ENOMEM;
 
@@ -400,14 +393,18 @@ krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
            got_data++;
 
            data[j].data.data = stream->data.data + header_len;
-           data[j].data.length = stream->data.length - header_len - trailer_len;
+           data[j].data.length = stream->data.length - header_len
+               - trailer_len;
        }
        if (data[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY ||
            data[j].flags == KRB5_CRYPTO_TYPE_DATA)
            iov[i++] = data[j];
     }
 
-    /* XXX not self-describing with respect to length, this is the best we can do */
+    /*
+     * XXX not self-describing with respect to length, this is the best
+     * we can do.
+     */
     iov[i].flags = KRB5_CRYPTO_TYPE_PADDING;
     iov[i].data.data = NULL;
     iov[i].data.length = 0;
@@ -420,7 +417,7 @@ krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
 
     assert(i <= num_data + 2);
 
-    ret = aead->decrypt_iov(aead, enc, hash, key, keyusage, ivec, iov, i);
+    ret = (*aead->decrypt_iov)(aead, enc, hash, key, keyusage, ivec, iov, i);
 
     free(iov);
 
@@ -437,7 +434,8 @@ krb5int_c_padding_length(const struct krb5_aead_provider *aead,
     unsigned int padding;
     krb5_error_code ret;
 
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &padding);
+    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
+                                &padding);
     if (ret != 0)
        return ret;
 
@@ -463,21 +461,23 @@ krb5int_c_encrypt_aead_compat(const struct krb5_aead_provider *aead,
     unsigned int padding_len = 0;
     unsigned int trailer_len = 0;
 
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
-                             &header_len);
+    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
+                                &header_len);
     if (ret != 0)
        return ret;
 
-    ret = krb5int_c_padding_length(aead, enc, hash, input->length, &padding_len);
+    ret = krb5int_c_padding_length(aead, enc, hash, input->length,
+                                  &padding_len);
     if (ret != 0)
        return ret;
 
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-                             &trailer_len);
+    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
+                                &trailer_len);
     if (ret != 0)
        return ret;
 
-    if (output->length < header_len + input->length + padding_len + trailer_len)
+    if (output->length <
+       header_len + input->length + padding_len + trailer_len)
        return KRB5_BAD_MSIZE;
 
     iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
@@ -497,9 +497,8 @@ krb5int_c_encrypt_aead_compat(const struct krb5_aead_provider *aead,
     iov[3].data.data = iov[2].data.data + iov[2].data.length;
     iov[3].data.length = trailer_len;
 
-    ret = aead->encrypt_iov(aead, enc, hash, key,
-                           usage, ivec,
-                           iov, sizeof(iov)/sizeof(iov[0]));
+    ret = (*aead->encrypt_iov)(aead, enc, hash, key, usage, ivec,
+                              iov, sizeof(iov) / sizeof(iov[0]));
 
     if (ret != 0)
        zap(iov[1].data.data, iov[1].data.length);
@@ -548,8 +547,7 @@ krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead,
     output->length = iov[1].data.length;
 
 cleanup:
-    zap(iov[0].data.data,  iov[0].data.length);
-    free(iov[0].data.data);
+    zapfree(iov[0].data.data, iov[0].data.length);
 
     return ret;
 }
@@ -564,9 +562,11 @@ krb5int_c_encrypt_length_aead_compat(const struct krb5_aead_provider *aead,
     unsigned int padding_len = 0;
     unsigned int trailer_len = 0;
 
-    aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER, &header_len);
+    (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
+                          &header_len);
     krb5int_c_padding_length(aead, enc, hash, inputlen, &padding_len);
-    aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, &trailer_len);
+    (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
+                          &trailer_len);
 
     *length = header_len + inputlen + padding_len + trailer_len;
 }
index e4c11e86900f6c1f00351400c5afd1df0a332696..336dbc2a205913d8ffb99608e92cb762b5d51638 100644 (file)
@@ -31,17 +31,12 @@ krb5_error_code KRB5_CALLCONV
 krb5_c_block_size(krb5_context context, krb5_enctype enctype,
                  size_t *blocksize)
 {
-    int i;
+    const struct krb5_keytypes *ktp;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype)
-           break;
-    }
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
+    *blocksize = ktp->enc->block_size;
 
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
-
-    *blocksize = krb5_enctypes_list[i].enc->block_size;
-
-    return(0);
+    return 0;
 }
index 4e25641e862fc9dfec8c2c5e0f8a3bcdedc3eb70..1c6896c1632334d3e22c36e67aa44f66a673ea79 100644 (file)
@@ -40,8 +40,8 @@
  * a count byte  to get enough bits of output. 
  */
 static krb5_error_code
-prf_plus( krb5_context context, krb5_keyblock *k,const char *pepper,
-         size_t keybytes, char **out)
+prf_plus(krb5_context context, krb5_keyblock *k, const char *pepper,
+        size_t keybytes, char **out)
 {
     krb5_error_code retval = 0;
     size_t prflen, iterations;
@@ -49,46 +49,44 @@ prf_plus( krb5_context context, krb5_keyblock *k,const char *pepper,
     krb5_data in_data;
     char *buffer = NULL;
     struct k5buf prf_inbuf;
+
     krb5int_buf_init_dynamic(&prf_inbuf);
-    krb5int_buf_add_len( &prf_inbuf, "\001", 1);
-    krb5int_buf_add( &prf_inbuf, pepper);
+    krb5int_buf_add_len(&prf_inbuf, "\001", 1);
+    krb5int_buf_add(&prf_inbuf, pepper);
     retval = krb5_c_prf_length( context, k->enctype, &prflen);
-    if (retval != 0)
+    if (retval)
        goto cleanup;
-    iterations = keybytes/prflen;
-    if ((keybytes%prflen) != 0)
+    iterations = keybytes / prflen;
+    if (keybytes % prflen != 0)
        iterations++;
     assert(iterations <= 254);
-    buffer = malloc(iterations*prflen);
-    if (buffer == NULL) {
-       retval = ENOMEM;
+    buffer = k5alloc(iterations * prflen, &retval);
+    if (retval)
        goto cleanup;
-       }
-    if (krb5int_buf_len( &prf_inbuf) == -1) {
+    if (krb5int_buf_len(&prf_inbuf) == -1) {
        retval = ENOMEM;
        goto cleanup;
     }
-    in_data.length = (krb5_int32) krb5int_buf_len( &prf_inbuf);
-    in_data.data = krb5int_buf_data( &prf_inbuf);
+    in_data.length = (krb5_int32) krb5int_buf_len(&prf_inbuf);
+    in_data.data = krb5int_buf_data(&prf_inbuf);
     out_data.length = prflen;
     out_data.data = buffer;
 
     while (iterations > 0) {
-       retval = krb5_c_prf( context, k, &in_data, &out_data);
-    if (retval != 0)
-       goto cleanup;
-    out_data.data += prflen;
-    in_data.data[0]++;
-    iterations--;
-    }
- cleanup:
-    if (retval == 0 )
-       *out = buffer;
-    else{
-       if (buffer != NULL)
-           free(buffer);
+       retval = krb5_c_prf(context, k, &in_data, &out_data);
+       if (retval)
+           goto cleanup;
+       out_data.data += prflen;
+       in_data.data[0]++;
+       iterations--;
     }
-    krb5int_free_buf( &prf_inbuf);
+
+    *out = buffer;
+    buffer = NULL;
+
+cleanup:
+    free(buffer);
+    krb5int_free_buf(&prf_inbuf);
     return retval;
 }
 
@@ -107,48 +105,46 @@ krb5_c_fx_cf2_simple(krb5_context context,
     krb5_error_code retval = 0;
     krb5_keyblock *out_key = NULL;
 
-
-    if (k1 == NULL ||!krb5_c_valid_enctype(k1->enctype))
+    if (k1 == NULL || !krb5_c_valid_enctype(k1->enctype))
        return KRB5_BAD_ENCTYPE;
     if (k2 == NULL || !krb5_c_valid_enctype(k2->enctype))
        return KRB5_BAD_ENCTYPE;
     out_enctype_num = k1->enctype;
     assert(out != NULL);
-    assert ((out_enctype = find_enctype(out_enctype_num)) != NULL);
+    assert((out_enctype = find_enctype(out_enctype_num)) != NULL);
     if (out_enctype->prf == NULL) {
        if (context)
-           krb5int_set_error(&(context->err) , KRB5_CRYPTO_INTERNAL,
-                                  "Enctype %d has no PRF", out_enctype_num);
+           krb5int_set_error(&(context->err), KRB5_CRYPTO_INTERNAL,
+                             "Enctype %d has no PRF", out_enctype_num);
        return KRB5_CRYPTO_INTERNAL;
-               }
+    }
     keybytes = out_enctype->enc->keybytes;
     keylength = out_enctype->enc->keylength;
 
-    retval = prf_plus( context, k1, pepper1, keybytes, &prf1);
-       if (retval != 0)
-           goto cleanup;
-    retval = prf_plus( context, k2, pepper2, keybytes, &prf2);
-    if (retval != 0)
+    retval = prf_plus(context, k1, pepper1, keybytes, &prf1);
+    if (retval)
+       goto cleanup;
+    retval = prf_plus(context, k2, pepper2, keybytes, &prf2);
+    if (retval)
        goto cleanup;
     for (i = 0; i < keybytes; i++)
        prf1[i] ^= prf2[i];
-    zap(prf2, keybytes);
-    retval = krb5int_c_init_keyblock( context, out_enctype_num, keylength, &out_key);
-    if (retval != 0)
+    retval = krb5int_c_init_keyblock(context, out_enctype_num, keylength,
+                                    &out_key);
+    if (retval)
        goto cleanup;
     keydata.data = prf1;
     keydata.length = keybytes;
-    retval = out_enctype->enc->make_key( &keydata, out_key);
+    retval = (*out_enctype->enc->make_key)(&keydata, out_key);
+    if (retval)
+       goto cleanup;
 
- cleanup:
-    if (retval == 0)
-       *out = out_key;
-    else krb5int_c_free_keyblock( context, out_key);
-    if (prf1 != NULL) {
-       zap(prf1, keybytes);
-       free(prf1);
-    }
-    if (prf2 != NULL)
-       free(prf2);
+    *out = out_key;
+    out_key = NULL;
+
+cleanup:
+    krb5int_c_free_keyblock( context, out_key);
+    zapfree(prf1, keybytes);
+    zapfree(prf2, keybytes);
     return retval;
 }
index 28846a67165d94a6ef26831154b749f2b7987401..1af4d17f206bf30ba7fa870a25f84053dae55767 100644 (file)
@@ -39,7 +39,7 @@ krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype,
     }
 
     if (i == krb5_cksumtypes_length)
-       return(KRB5_BAD_ENCTYPE);
+       return KRB5_BAD_ENCTYPE;
 
     if (krb5_cksumtypes_list[i].keyhash)
        *length = krb5_cksumtypes_list[i].keyhash->hashsize;
@@ -48,6 +48,6 @@ krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype,
     else
        *length = krb5_cksumtypes_list[i].hash->hashsize;
 
-    return(0);
+    return 0;
 }
        
index ee1d50ba5be43b2cd5b086e908345cd0c98ee471..82e0702c80bb7520f3191848129478870407a779 100644 (file)
@@ -32,14 +32,14 @@ krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char *buffer, size_t buflen)
 {
     unsigned int i;
 
-    for (i=0; i<krb5_cksumtypes_length; i++) {
+    for (i = 0; i < krb5_cksumtypes_length; i++) {
        if (krb5_cksumtypes_list[i].ctype == cksumtype) {
            if (strlcpy(buffer, krb5_cksumtypes_list[i].out_string,
                        buflen) >= buflen)
-               return(ENOMEM);
-           return(0);
+               return ENOMEM;
+           return 0;
        }
     }
 
-    return(EINVAL);
+    return EINVAL;
 }
index 037e53f495c319e061be081d93c8c20cb7ad9049..2b5f33d30ac308b82206e47fc7eafddcd2c942b1 100644 (file)
@@ -88,4 +88,4 @@ const struct krb5_cksumtypes krb5_cksumtypes_list[] = {
 };
 
 const unsigned int krb5_cksumtypes_length =
-sizeof(krb5_cksumtypes_list)/sizeof(struct krb5_cksumtypes);
+    sizeof(krb5_cksumtypes_list) / sizeof(struct krb5_cksumtypes);
index c667e8abe60b019b6439b93b998b180c2abd8b41..05e7be6c265556d1dbb014ffb98227f08f8ce0b2 100644 (file)
@@ -34,23 +34,29 @@ struct krb5_cksumtypes {
     char *name;
     char *aliases[2];
     char *out_string;
-    /* if the hash is keyed, this is the etype it is keyed with.
-       Actually, it can be keyed by any etype which has the same
-       enc_provider as the specified etype.  DERIVE checksums can
-       be keyed with any valid etype. */
+    /*
+     * If the hash is keyed, this is the etype it is keyed with.
+     * Actually, it can be keyed by any etype which has the same
+     * enc_provider as the specified etype.  DERIVE checksums can
+     * be keyed with any valid etype.
+     */
     krb5_enctype keyed_etype;
-    /* I can't statically initialize a union, so I'm just going to use
-       two pointers here.  The keyhash is used if non-NULL.  If NULL,
-       then HMAC/hash with derived keys is used if the relevant flag
-       is set.  Otherwise, a non-keyed hash is computed.  This is all
-       kind of messy, but so is the krb5 api. */
+    /*
+     * I can't statically initialize a union, so I'm just going to use
+     * two pointers here.  The keyhash is used if non-NULL.  If NULL,
+     * then HMAC/hash with derived keys is used if the relevant flag
+     * is set.  Otherwise, a non-keyed hash is computed.  This is all
+     * kind of messy, but so is the krb5 api.
+     */
     const struct krb5_keyhash_provider *keyhash;
     const struct krb5_hash_provider *hash;
-    /* This just gets uglier and uglier.  In the key derivation case,
-       we produce an hmac.  To make the hmac code work, we can't hack
-       the output size indicated by the hash provider, but we may want
-       a truncated hmac.  If we want truncation, this is the number of
-       bytes we truncate to; it should be 0 otherwise.  */
+    /*
+     * This just gets uglier and uglier.  In the key derivation case,
+     * we produce an hmac.  To make the hmac code work, we can't hack
+     * the output size indicated by the hash provider, but we may want
+     * a truncated hmac.  If we want truncation, this is the number of
+     * bytes we truncate to; it should be 0 otherwise.
+     */
     unsigned int trunc_size;
 };
 
index 85fb57b9b2d12af6fe79b718bd72904d7c83f340..d66863e1d86fed522d0ce183d09c035c825d56d8 100644 (file)
@@ -32,19 +32,19 @@ krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
 {
     unsigned int i;
 
-    for (i=0; i<krb5_cksumtypes_length; i++) {
+    for (i = 0; i < krb5_cksumtypes_length; i++) {
        if (krb5_cksumtypes_list[i].ctype == ctype)
            return((krb5_cksumtypes_list[i].flags &
-                   KRB5_CKSUMFLAG_NOT_COLL_PROOF)?0:1);
+                   KRB5_CKSUMFLAG_NOT_COLL_PROOF) ? FALSE : TRUE);
     }
 
     /* ick, but it's better than coredumping, which is what the
        old code would have done */
-    return(0);
+    return FALSE;
 }
 
 krb5_boolean KRB5_CALLCONV
 is_coll_proof_cksum(krb5_cksumtype ctype)
 {
-    return krb5_c_is_coll_proof_cksum (ctype);
+    return krb5_c_is_coll_proof_cksum(ctype);
 }
index 3d97651640af36551747ce5378278d191b60b0a4..8c3ea1936e21ff47753b7ef240a9df284cae455e 100644 (file)
@@ -46,9 +46,9 @@
 #include "etypes.h"
 #include "dk.h"
 
-static krb5_error_code dr
-(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
-               unsigned char *outdata, const krb5_data *in_constant);
+static krb5_error_code dr(const struct krb5_enc_provider *enc,
+                         const krb5_keyblock *inkey, unsigned char *outdata,
+                         const krb5_data *in_constant);
 
 /*
  * We only support this combine_keys algorithm for des and 3des keys.
@@ -56,85 +56,65 @@ static krb5_error_code dr
  * We don't implement that yet.
  */
 
-static krb5_boolean  enctype_ok (krb5_enctype e) 
+static krb5_boolean
+enctype_ok(krb5_enctype e)
 {
     switch (e) {
     case ENCTYPE_DES_CBC_CRC:
     case ENCTYPE_DES_CBC_MD4:
     case ENCTYPE_DES_CBC_MD5:
     case ENCTYPE_DES3_CBC_SHA1:
-       return 1;
+       return TRUE;
     default:
-       return 0;
+       return FALSE;
     }
 }
 
-krb5_error_code krb5int_c_combine_keys
-(krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, krb5_keyblock *outkey)
+krb5_error_code
+krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
+                      krb5_keyblock *key2, krb5_keyblock *outkey)
 {
-    unsigned char *r1, *r2, *combined, *rnd, *output;
+    unsigned char *r1 = NULL, *r2 = NULL, *combined = NULL, *rnd = NULL;
+    unsigned char *output = NULL;
     size_t keybytes, keylength;
     const struct krb5_enc_provider *enc;
     krb5_data input, randbits;
     krb5_keyblock tkey;
     krb5_error_code ret;
-    int i, myalloc = 0;
-    if (!(enctype_ok(key1->enctype)&&enctype_ok(key2->enctype)))
-       return (KRB5_CRYPTO_INTERNAL);
-    
+    const struct krb5_keytypes *ktp;
+    krb5_boolean myalloc = FALSE;
 
-    if (key1->length != key2->length || key1->enctype != key2->enctype)
-       return (KRB5_CRYPTO_INTERNAL);
-
-    /*
-     * Find our encryption algorithm
-     */
-
-    for (i = 0; i < krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == key1->enctype)
-           break;
-    }
+    if (!enctype_ok(key1->enctype) || !enctype_ok(key2->enctype))
+       return KRB5_CRYPTO_INTERNAL;
 
-    if (i == krb5_enctypes_length)
-       return (KRB5_BAD_ENCTYPE);
+    if (key1->length != key2->length || key1->enctype != key2->enctype)
+       return KRB5_CRYPTO_INTERNAL;
 
-    enc = krb5_enctypes_list[i].enc;
+    /* Find our encryption algorithm. */
+    ktp = find_enctype(key1->enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
+    enc = ktp->enc;
 
     keybytes = enc->keybytes;
     keylength = enc->keylength;
 
-    /*
-     * Allocate and set up buffers
-     */
-
-    if ((r1 = (unsigned char *) malloc(keybytes)) == NULL)
-       return (ENOMEM);
-
-    if ((r2 = (unsigned char *) malloc(keybytes)) == NULL) {
-       free(r1);
-       return (ENOMEM);
-    }
-
-    if ((rnd = (unsigned char *) malloc(keybytes)) == NULL) {
-       free(r1);
-       free(r2);
-       return (ENOMEM);
-    }
-
-    if ((combined = (unsigned char *) malloc(keybytes * 2)) == NULL) {
-       free(r1);
-       free(r2);
-       free(rnd);
-       return (ENOMEM);
-    }
-
-    if ((output = (unsigned char *) malloc(keylength)) == NULL) {
-       free(r1);
-       free(r2);
-       free(rnd);
-       free(combined);
-       return (ENOMEM);
-    }
+    /* Allocate and set up buffers. */
+    r1 = k5alloc(keybytes, &ret);
+    if (ret)
+       goto cleanup;
+    r2 = k5alloc(keybytes, &ret);
+    if (ret)
+       goto cleanup;
+    rnd = k5alloc(keybytes, &ret);
+    if (ret)
+       goto cleanup;
+    combined = k5alloc(keybytes * 2, &ret);
+    if (ret)
+       goto cleanup;
+    output = k5alloc(keylength, &ret);
+    if (ret)
+       goto cleanup;
 
     /*
      * Get R1 and R2 (by running the input keys through the DR algorithm.
@@ -143,34 +123,16 @@ krb5_error_code krb5int_c_combine_keys
 
     input.length = key2->length;
     input.data = (char *) key2->contents;
-    if ((ret = dr(enc, key1, r1, &input)))
+    ret = dr(enc, key1, r1, &input);
+    if (ret)
        goto cleanup;
 
-#if 0
-    {
-       int i;
-       printf("R1 =");
-       for (i = 0; i < keybytes; i++)
-           printf(" %02x", (unsigned char) r1[i]);
-       printf("\n");
-    }
-#endif
-
     input.length = key1->length;
     input.data = (char *) key1->contents;
-    if ((ret = dr(enc, key2, r2, &input)))
+    ret = dr(enc, key2, r2, &input);
+    if (ret)
        goto cleanup;
 
-#if 0
-    {
-       int i;
-       printf("R2 =");
-       for (i = 0; i < keybytes; i++)
-           printf(" %02x", (unsigned char) r2[i]);
-       printf("\n");
-    }
-#endif
-
     /*
      * Concatenate the two keys together, and then run them through
      * n-fold to reduce them to a length appropriate for the random-to-key
@@ -183,16 +145,6 @@ krb5_error_code krb5int_c_combine_keys
 
     krb5_nfold((keybytes * 2) * 8, combined, keybytes * 8, rnd);
 
-#if 0
-    {
-       int i;
-       printf("rnd =");
-       for (i = 0; i < keybytes; i++)
-           printf(" %02x", (unsigned char) rnd[i]);
-       printf("\n");
-    }
-#endif
-
     /*
      * Run the "random" bits through random-to-key to produce a encryption
      * key.
@@ -203,25 +155,16 @@ krb5_error_code krb5int_c_combine_keys
     tkey.length = keylength;
     tkey.contents = output;
 
-    if ((ret = (*(enc->make_key))(&randbits, &tkey)))
+    ret = (*enc->make_key)(&randbits, &tkey);
+    if (ret)
        goto cleanup;
 
-#if 0
-    {
-       int i;
-       printf("tkey =");
-       for (i = 0; i < tkey.length; i++)
-           printf(" %02x", (unsigned char) tkey.contents[i]);
-       printf("\n");
-    }
-#endif
-
     /*
      * Run through derive-key one more time to produce the final key.
      * Note that the input to derive-key is the ASCII string "combine".
      */
 
-    input.length = 7; /* Note; change this if string length changes */
+    input.length = 7;
     input.data = "combine";
 
     /*
@@ -234,17 +177,16 @@ krb5_error_code krb5int_c_combine_keys
      */
 
     if (outkey->length == 0 || outkey->contents == NULL) {
-       outkey->contents = (krb5_octet *) malloc(keylength);
-       if (!outkey->contents) {
-           ret = ENOMEM;
+       outkey->contents = k5alloc(keylength, &ret);
+       if (ret)
            goto cleanup;
-       }
        outkey->length = keylength;
        outkey->enctype = key1->enctype;
-       myalloc = 1;
+       myalloc = TRUE;
     }
 
-    if ((ret = krb5_derive_key(enc, &tkey, outkey, &input))) {
+    ret = krb5_derive_key(enc, &tkey, outkey, &input);
+    if (ret) {
        if (myalloc) {
            free(outkey->contents);
            outkey->contents = NULL;
@@ -252,58 +194,38 @@ krb5_error_code krb5int_c_combine_keys
        goto cleanup;
     }
 
-#if 0
-    {
-       int i;
-       printf("output =");
-       for (i = 0; i < outkey->length; i++)
-           printf(" %02x", (unsigned char) outkey->contents[i]);
-       printf("\n");
-    }
-#endif
-
-    ret = 0;
-
 cleanup:
-    memset(r1, 0, keybytes);
-    memset(r2, 0, keybytes);
-    memset(rnd, 0, keybytes);
-    memset(combined, 0, keybytes * 2);
-    memset(output, 0, keylength);
-
-    free(r1);
-    free(r2);
-    free(rnd);
-    free(combined);
-    free(output);
-
-    return (ret);
+    zapfree(r1, keybytes);
+    zapfree(r2, keybytes);
+    zapfree(rnd, keybytes);
+    zapfree(combined, keybytes * 2);
+    zapfree(output, keylength);
+    return ret;
 }
 
 /*
  * Our DR function; mostly taken from derive.c
  */
 
-static krb5_error_code dr
-(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, unsigned char *out, const krb5_data *in_constant)
+static krb5_error_code
+dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
+   unsigned char *out, const krb5_data *in_constant)
 {
-    size_t blocksize, keybytes, keylength, n;
-    unsigned char *inblockdata, *outblockdata;
+    size_t blocksize, keybytes, n;
+    unsigned char *inblockdata = NULL, *outblockdata = NULL;
     krb5_data inblock, outblock;
+    krb5_error_code ret;
 
     blocksize = enc->block_size;
     keybytes = enc->keybytes;
-    keylength = enc->keylength;
-
-    /* allocate and set up buffers */
 
-    if ((inblockdata = (unsigned char *) malloc(blocksize)) == NULL)
-       return(ENOMEM);
-
-    if ((outblockdata = (unsigned char *) malloc(blocksize)) == NULL) {
-       free(inblockdata);
-       return(ENOMEM);
-    }
+    /* Allocate and set up buffers. */
+    inblockdata = k5alloc(blocksize, &ret);
+    if (ret)
+       goto cleanup;
+    outblockdata = k5alloc(blocksize, &ret);
+    if (ret)
+       goto cleanup;
 
     inblock.data = (char *) inblockdata;
     inblock.length = blocksize;
@@ -324,26 +246,23 @@ static krb5_error_code dr
 
     n = 0;
     while (n < keybytes) {
-       (*(enc->encrypt))(inkey, 0, &inblock, &outblock);
+       ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
+       if (ret)
+           goto cleanup;
 
        if ((keybytes - n) <= outblock.length) {
-           memcpy(out+n, outblock.data, (keybytes - n));
+           memcpy(out + n, outblock.data, (keybytes - n));
            break;
        }
 
-       memcpy(out+n, outblock.data, outblock.length);
+       memcpy(out + n, outblock.data, outblock.length);
        memcpy(inblock.data, outblock.data, outblock.length);
        n += outblock.length;
     }
 
-    /* clean memory, free resources and exit */
-
-    memset(inblockdata, 0, blocksize);
-    memset(outblockdata, 0, blocksize);
-
-    free(outblockdata);
-    free(inblockdata);
-
-    return(0);
+cleanup:
+    zapfree(inblockdata, blocksize);
+    zapfree(outblockdata, blocksize);
+    return ret;
 }
 
index d99d18b27649d78c173586250f9fa7c640ce28c9..23e8c1ca96c55b6cbbbe0493cf66a8c226010c8c 100644 (file)
 #include "aead.h"
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_crypto_length(krb5_context context,
-                    krb5_enctype enctype,
-                    krb5_cryptotype type,
-                    unsigned int *size)
+krb5_c_crypto_length(krb5_context context, krb5_enctype enctype,
+                    krb5_cryptotype type, unsigned int *size)
 {
-    int i;
-    const struct krb5_keytypes *ktp = NULL;
+    const struct krb5_keytypes *ktp;
     krb5_error_code ret;
 
-    for (i = 0; i < krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype) {
-           ktp = &krb5_enctypes_list[i];
-           break;
-       }
-    }
-
-    if (ktp == NULL || ktp->aead == NULL) {
+    ktp = find_enctype(enctype);
+    if (ktp == NULL || ktp->aead == NULL)
        return KRB5_BAD_ENCTYPE;
-    }
 
     switch (type) {
     case KRB5_CRYPTO_TYPE_EMPTY:
@@ -63,7 +53,8 @@ krb5_c_crypto_length(krb5_context context,
     case KRB5_CRYPTO_TYPE_PADDING:
     case KRB5_CRYPTO_TYPE_TRAILER:
     case KRB5_CRYPTO_TYPE_CHECKSUM:
-       ret = ktp->aead->crypto_length(ktp->aead, ktp->enc, ktp->hash, type, size);
+       ret = (*ktp->aead->crypto_length)(ktp->aead, ktp->enc, ktp->hash,
+                                         type, size);
        break;
     default:
        ret = EINVAL;
@@ -74,55 +65,37 @@ krb5_c_crypto_length(krb5_context context,
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_padding_length(krb5_context context,
-                     krb5_enctype enctype,
-                     size_t data_length,
-                     unsigned int *pad_length)
+krb5_c_padding_length(krb5_context context, krb5_enctype enctype,
+                     size_t data_length, unsigned int *pad_length)
 {
-    int i;
-    const struct krb5_keytypes *ktp = NULL;
+    const struct krb5_keytypes *ktp;
 
-    for (i = 0; i < krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype) {
-           ktp = &krb5_enctypes_list[i];
-           break;
-       }
-    }
-
-    if (ktp == NULL || ktp->aead == NULL) {
+    ktp = find_enctype(enctype);
+    if (ktp == NULL || ktp->aead == NULL)
        return KRB5_BAD_ENCTYPE;
-    }
 
-    return krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash, data_length, pad_length);
+    return krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash,
+                                   data_length, pad_length);
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_crypto_length_iov(krb5_context context,
-                        krb5_enctype enctype,
-                        krb5_crypto_iov *data,
-                        size_t num_data)
+krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype,
+                        krb5_crypto_iov *data, size_t num_data)
 {
     krb5_error_code ret = 0;
     size_t i;
-    const struct krb5_keytypes *ktp = NULL;
+    const struct krb5_keytypes *ktp;
     unsigned int data_length = 0, pad_length;
     krb5_crypto_iov *padding = NULL;
 
     /*
      * XXX need to rejig internal interface so we can accurately
-     * report variable header lengths
+     * report variable header lengths.
      */
 
-    for (i = 0; i < (size_t)krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype) {
-           ktp = &krb5_enctypes_list[i];
-           break;
-       }
-    }
-
-    if (ktp == NULL || ktp->aead == NULL) {
+    ktp = find_enctype(enctype);
+    if (ktp == NULL || ktp->aead == NULL)
        return KRB5_BAD_ENCTYPE;
-    }
 
     for (i = 0; i < num_data; i++) {
        krb5_crypto_iov *iov = &data[i];
@@ -140,7 +113,8 @@ krb5_c_crypto_length_iov(krb5_context context,
        case KRB5_CRYPTO_TYPE_HEADER:
        case KRB5_CRYPTO_TYPE_TRAILER:
        case KRB5_CRYPTO_TYPE_CHECKSUM:
-           ret = ktp->aead->crypto_length(ktp->aead, ktp->enc, ktp->hash, iov->flags, &iov->data.length);
+           ret = (*ktp->aead->crypto_length)(ktp->aead, ktp->enc, ktp->hash,
+                                             iov->flags, &iov->data.length);
            break;
        case KRB5_CRYPTO_TYPE_EMPTY:
        case KRB5_CRYPTO_TYPE_SIGN_ONLY:
@@ -155,7 +129,8 @@ krb5_c_crypto_length_iov(krb5_context context,
     if (ret != 0)
        return ret;
 
-    ret = krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash, data_length, &pad_length);
+    ret = krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash,
+                                  data_length, &pad_length);
     if (ret != 0)
        return ret;
 
index 74c38f6aa86e070f8d06030b37d5a1db96fdd7f4..29b6ef75ca8c1253386ced69f5d11dfa878d6619 100644 (file)
@@ -33,35 +33,23 @@ krb5_c_decrypt(krb5_context context, const krb5_keyblock *key,
               krb5_keyusage usage, const krb5_data *ivec,
               const krb5_enc_data *input, krb5_data *output)
 {
-    int i;
+    const struct krb5_keytypes *ktp;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == key->enctype)
-           break;
-    }
-
-    if (i == krb5_enctypes_length) {
-       krb5int_set_error(&context->err, KRB5_BAD_ENCTYPE,
-                         "Bad encryption type (type %d unknown)",
-                         key->enctype);
-       return(KRB5_BAD_ENCTYPE);
-    }
+    ktp = find_enctype(key->enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
 
-    if ((input->enctype != ENCTYPE_UNKNOWN) &&
-       (krb5_enctypes_list[i].etype != input->enctype))
-       return(KRB5_BAD_ENCTYPE);
+    if (input->enctype != ENCTYPE_UNKNOWN && ktp->etype != input->enctype)
+       return KRB5_BAD_ENCTYPE;
 
-    if (krb5_enctypes_list[i].decrypt == NULL) {
-       assert(krb5_enctypes_list[i].aead != NULL);
+    if (ktp->decrypt == NULL) {
+       assert(ktp->aead != NULL);
 
-       return krb5int_c_decrypt_aead_compat(krb5_enctypes_list[i].aead,
-                                            krb5_enctypes_list[i].enc,
-                                            krb5_enctypes_list[i].hash,
+       return krb5int_c_decrypt_aead_compat(ktp->aead, ktp->enc, ktp->hash,
                                             key, usage, ivec,
                                             &input->ciphertext, output);
     }
 
-    return((*(krb5_enctypes_list[i].decrypt))
-          (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash,
-           key, usage, ivec, &input->ciphertext, output));
+    return (*ktp->decrypt)(ktp->enc, ktp->hash, key, usage, ivec,
+                          &input->ciphertext, output);
 }
index 1a98b06570537258ab812639ed964a875a1f2684..c2f2c0b61c506cd779d4990b3dd8426777bb7839 100644 (file)
@@ -36,26 +36,20 @@ krb5_c_decrypt_iov(krb5_context context,
                   krb5_crypto_iov *data,
                   size_t num_data)
 {
-    int i;
-    const struct krb5_keytypes *ktp = NULL;
+    const struct krb5_keytypes *ktp;
 
-    for (i = 0; i < krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == key->enctype) {
-           ktp = &krb5_enctypes_list[i];
-           break;
-       }
-    }
-
-    if (ktp == NULL || ktp->aead == NULL) {
+    ktp = find_enctype(key->enctype);
+    if (ktp == NULL || ktp->aead == NULL)
        return KRB5_BAD_ENCTYPE;
-    }
 
-    if (krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM) != NULL) {
+    if (krb5int_c_locate_iov(data, num_data,
+                            KRB5_CRYPTO_TYPE_STREAM) != NULL) {
        return krb5int_c_iov_decrypt_stream(ktp->aead, ktp->enc, ktp->hash,
-                                           key, usage, cipher_state, data, num_data);
+                                           key, usage, cipher_state, data,
+                                           num_data);
     }
 
-    return ktp->aead->decrypt_iov(ktp->aead, ktp->enc, ktp->hash,
-                                 key, usage, cipher_state, data, num_data);
+    return (*ktp->aead->decrypt_iov)(ktp->aead, ktp->enc, ktp->hash, key,
+                                    usage, cipher_state, data, num_data);
 }
 
index a9a38aa77d1ec9613bcea4a7b53d372c025027af..741485a3141c272391c247de75751829ee5d3aab 100644 (file)
@@ -33,31 +33,24 @@ krb5_c_encrypt(krb5_context context, const krb5_keyblock *key,
               krb5_keyusage usage, const krb5_data *ivec,
               const krb5_data *input, krb5_enc_data *output)
 {
-    int i;
+    const struct krb5_keytypes *ktp;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == key->enctype)
-           break;
-    }
-
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
+    ktp = find_enctype(key->enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
 
     output->magic = KV5M_ENC_DATA;
     output->kvno = 0;
     output->enctype = key->enctype;
 
-    if (krb5_enctypes_list[i].encrypt == NULL) {
-       assert(krb5_enctypes_list[i].aead != NULL);
+    if (ktp->encrypt == NULL) {
+       assert(ktp->aead != NULL);
 
-       return krb5int_c_encrypt_aead_compat(krb5_enctypes_list[i].aead,
-                                            krb5_enctypes_list[i].enc,
-                                            krb5_enctypes_list[i].hash,
-                                            key, usage, ivec,
-                                            input, &output->ciphertext);
+       return krb5int_c_encrypt_aead_compat(ktp->aead, ktp->enc, ktp->hash,
+                                            key, usage, ivec, input,
+                                            &output->ciphertext);
     }
 
-    return((*(krb5_enctypes_list[i].encrypt))
-          (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash,
-           key, usage, ivec, input, &output->ciphertext));
+    return (*ktp->encrypt)(ktp->enc, ktp->hash, key, usage, ivec, input,
+                          &output->ciphertext);
 }
index a35c5b577091a52911f62b4af976e3bba78e191a..21242bca2ca8aee73dc514f1b362f154f7ddb6b5 100644 (file)
@@ -35,21 +35,13 @@ krb5_c_encrypt_iov(krb5_context context,
                   krb5_crypto_iov *data,
                   size_t num_data)
 {
-    int i;
-    const struct krb5_keytypes *ktp = NULL;
+    const struct krb5_keytypes *ktp;
 
-    for (i = 0; i < krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == key->enctype) {
-           ktp = &krb5_enctypes_list[i];
-           break;
-       }
-    }
-
-    if (ktp == NULL || ktp->aead == NULL) {
+    ktp = find_enctype(key->enctype);
+    if (ktp == NULL || ktp->aead == NULL)
        return KRB5_BAD_ENCTYPE;
-    }
 
-    return ktp->aead->encrypt_iov(ktp->aead, ktp->enc, ktp->hash,
-                                 key, usage, cipher_state, data, num_data);
+    return (*ktp->aead->encrypt_iov)(ktp->aead, ktp->enc, ktp->hash,
+                                    key, usage, cipher_state, data, num_data);
 }
 
index a934b2a2100b32cc3b08f4bef8029ef690c467b0..bb9a1021256425650232c55844f69a1fa8fa4f24 100644 (file)
@@ -32,28 +32,20 @@ krb5_error_code KRB5_CALLCONV
 krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype,
                      size_t inputlen, size_t *length)
 {
-    int i;
+    const struct krb5_keytypes *ktp;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype)
-           break;
-    }
-
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
 
-    if (krb5_enctypes_list[i].encrypt_len == NULL) {
-       assert(krb5_enctypes_list[i].aead != NULL);
+    if (ktp->encrypt_len == NULL) {
+       assert(ktp->aead != NULL);
 
-       krb5int_c_encrypt_length_aead_compat(krb5_enctypes_list[i].aead,
-                                            krb5_enctypes_list[i].enc,
-                                            krb5_enctypes_list[i].hash,
+       krb5int_c_encrypt_length_aead_compat(ktp->aead, ktp->enc, ktp->hash,
                                             inputlen, length);
     } else {
-       (*(krb5_enctypes_list[i].encrypt_len))
-           (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash,
-           inputlen, length);
+       (*ktp->encrypt_len)(ktp->enc, ktp->hash, inputlen, length);
     }
 
-    return(0);
+    return 0;
 }
index 55e827764fc797e82dab18a64d327d0d8ed2f5b8..b724c3d297a0113d9f3ee59d784c3462410379c8 100644 (file)
@@ -31,25 +31,13 @@ krb5_error_code KRB5_CALLCONV
 krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2,
                       krb5_boolean *similar)
 {
-    int i, j;
+    const struct krb5_keytypes *ktp1, *ktp2;
 
-    for (i=0; i<krb5_enctypes_length; i++) 
-       if (krb5_enctypes_list[i].etype == e1)
-           break;
+    ktp1 = find_enctype(e1);
+    ktp2 = find_enctype(e2);
+    if (ktp1 == NULL || ktp2 == NULL)
+       return KRB5_BAD_ENCTYPE;
 
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
-
-    for (j=0; j<krb5_enctypes_length; j++) 
-       if (krb5_enctypes_list[j].etype == e2)
-           break;
-
-    if (j == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
-
-    *similar = 
-       ((krb5_enctypes_list[i].enc == krb5_enctypes_list[j].enc) &&
-        (krb5_enctypes_list[i].str2key == krb5_enctypes_list[j].str2key));
-
-    return(0);
+    *similar = (ktp1->enc == ktp2->enc && ktp1->str2key == ktp2->str2key);
+    return 0;
 }
index 28fa63ee159e57e6a51700e8c299f8f4614fb934..427a30d7fa2dc0520bdebee08927eb9154a1c6f2 100644 (file)
 krb5_error_code KRB5_CALLCONV
 krb5_enctype_to_string(krb5_enctype enctype, char *buffer, size_t buflen)
 {
-    int i;
+    const struct krb5_keytypes *ktp;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype) {
-           if (strlcpy(buffer, krb5_enctypes_list[i].out_string,
-                       buflen) >= buflen)
-               return(ENOMEM);
-           return(0);
-       }
-    }
-
-    return(EINVAL);
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+       return EINVAL;
+    if (strlcpy(buffer, ktp->out_string, buflen) >= buflen)
+       return ENOMEM;
+    return 0;
 }
index bd5c6d8a87cb7c5ec5fba204cb9fd752f83585c3..b3abd1835b7f0137763321b8bfadc1c231780fe7 100644 (file)
@@ -167,4 +167,4 @@ const struct krb5_keytypes krb5_enctypes_list[] = {
 };
 
 const int krb5_enctypes_length =
-sizeof(krb5_enctypes_list)/sizeof(struct krb5_keytypes);
+    sizeof(krb5_enctypes_list) / sizeof(struct krb5_keytypes);
index 8441fcabc100be8833d0cfd1c4b1701abd399268..8d83b4200fc6e6de96befda6a70b87ac3620826d 100644 (file)
 
 #include "k5-int.h"
 
-typedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc,
-  const struct krb5_hash_provider *hash,
-  size_t inputlen, size_t *length);
+typedef void (*krb5_encrypt_length_func)(const struct krb5_enc_provider *enc,
+                                        const struct krb5_hash_provider *hash,
+                                        size_t inputlen, size_t *length);
 
-typedef krb5_error_code (*krb5_crypt_func) (const struct krb5_enc_provider *enc,
-  const struct krb5_hash_provider *hash,
-  const krb5_keyblock *key, krb5_keyusage keyusage,
-  const krb5_data *ivec, 
-  const krb5_data *input, krb5_data *output);
+typedef krb5_error_code (*krb5_crypt_func)(const struct krb5_enc_provider *enc,
+                                          const struct
+                                          krb5_hash_provider *hash,
+                                          const krb5_keyblock *key,
+                                          krb5_keyusage keyusage,
+                                          const krb5_data *ivec,
+                                          const krb5_data *input,
+                                          krb5_data *output);
 
-typedef krb5_error_code (*krb5_str2key_func) (const struct krb5_enc_provider *enc, const krb5_data *string,
-  const krb5_data *salt, const krb5_data *parm, krb5_keyblock *key);
+typedef krb5_error_code (*krb5_str2key_func)(const struct
+                                            krb5_enc_provider *enc,
+                                            const krb5_data *string,
+                                            const krb5_data *salt,
+                                            const krb5_data *parm,
+                                            krb5_keyblock *key);
 
-typedef krb5_error_code (*krb5_prf_func)(
-                                        const struct krb5_enc_provider *enc,
+typedef krb5_error_code (*krb5_prf_func)(const struct krb5_enc_provider *enc,
                                         const struct krb5_hash_provider *hash,
                                         const krb5_keyblock *key,
                                         const krb5_data *in, krb5_data *out);
@@ -68,11 +74,12 @@ struct krb5_keytypes {
 extern const struct krb5_keytypes krb5_enctypes_list[];
 extern const int krb5_enctypes_length;
 
-static inline const struct krb5_keytypes*
-find_enctype (krb5_enctype enctype)
+static inline const struct krb5_keytypes *
+find_enctype(krb5_enctype enctype)
 {
     int i;
-    for (i=0; i<krb5_enctypes_length; i++) {
+
+    for (i = 0; i < krb5_enctypes_length; i++) {
        if (krb5_enctypes_list[i].etype == enctype)
            break;
     }
index 5912c81b43159f34d6258356d4d0bf1dbc870534..ee88f9a8a9bc0cdef236422cc622a78917270cc9 100644 (file)
 #include "k5-int.h"
 #include <assert.h>
 
-krb5_error_code   krb5int_c_init_keyblock
-       (krb5_context context, krb5_enctype enctype,
-        size_t length, krb5_keyblock **out)
+krb5_error_code
+krb5int_c_init_keyblock(krb5_context context, krb5_enctype enctype,
+                       size_t length, krb5_keyblock **out)
 {
     krb5_keyblock *kb;
-    kb = malloc (sizeof(krb5_keyblock));
-    assert (out);
+
+    assert(out);
     *out = NULL;
-    if (!kb) {
+
+    kb = malloc(sizeof(krb5_keyblock));
+    if (kb == NULL)
        return ENOMEM;
-    }
     kb->magic = KV5M_KEYBLOCK;
     kb->enctype = enctype;
     kb->length = length;
-    if(length) {
-       kb->contents = malloc (length);
-       if(!kb->contents) {
-           free (kb);
+    if (length) {
+       kb->contents = malloc(length);
+       if (!kb->contents) {
+           free(kb);
            return ENOMEM;
        }
     } else {
        kb->contents = NULL;
     }
+
     *out = kb;
     return 0;
 }
@@ -72,8 +74,7 @@ void
 krb5int_c_free_keyblock_contents(krb5_context context, krb5_keyblock *key)
 {
     if (key && key->contents) {
-       krb5int_zap_data (key->contents, key->length);
-       free(key->contents);
-       key->contents = 0;
+       zapfree(key->contents, key->length);
+       key->contents = NULL;
     }
 }
index 04aa44757c1c54d2eae88c5b1b8964696773a5ab..2fd239c400469d2206a35d5e10c4c6c643a2d842 100644 (file)
 #include "etypes.h"
 #include "cksumtypes.h"
 
-static int etype_match(krb5_enctype e1, krb5_enctype e2)
+static krb5_boolean
+etype_match(krb5_enctype e1, krb5_enctype e2)
 {
-    int i1, i2;
+    const struct krb5_keytypes *ktp1, *ktp2;
 
-    for (i1=0; i1<krb5_enctypes_length; i1++) 
-       if (krb5_enctypes_list[i1].etype == e1)
-           break;
-
-    for (i2=0; i2<krb5_enctypes_length; i2++) 
-       if (krb5_enctypes_list[i2].etype == e2)
-           break;
-
-    return((i1 < krb5_enctypes_length) &&
-          (i2 < krb5_enctypes_length) &&
-          (krb5_enctypes_list[i1].enc == krb5_enctypes_list[i2].enc));
+    ktp1 = find_enctype(e1);
+    ktp2 = find_enctype(e2);
+    return (ktp1 != NULL && ktp2 != NULL && ktp1->enc == ktp2->enc);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype,
                            unsigned int *count, krb5_cksumtype **cksumtypes)
 {
-    unsigned int i, c;
+    unsigned int i, c, nctypes;
+    krb5_cksumtype *ctypes;
+    const struct krb5_cksumtypes *ct;
 
-    c = 0;
-    for (i=0; i<krb5_cksumtypes_length; i++) {
-       if ((krb5_cksumtypes_list[i].keyhash &&
-            etype_match(krb5_cksumtypes_list[i].keyed_etype, enctype)) ||
-           (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE)) {
-           c++;
-       }
-    }
+    *count = 0;
+    *cksumtypes = NULL;
 
-    *count = c;
+    nctypes = 0;
+    for (i = 0; i < krb5_cksumtypes_length; i++) {
+       ct = &krb5_cksumtypes_list[i];
+       if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
+           (ct->flags & KRB5_CKSUMFLAG_DERIVE))
+           nctypes++;
+    }
 
-    if ((*cksumtypes = (krb5_cksumtype *) malloc(c*sizeof(krb5_cksumtype)))
-       == NULL)
-       return(ENOMEM);
+    ctypes = malloc(nctypes * sizeof(krb5_cksumtype));
+    if (ctypes == NULL)
+       return ENOMEM;
 
     c = 0;
-    for (i=0; i<krb5_cksumtypes_length; i++) {
-       if ((krb5_cksumtypes_list[i].keyhash &&
-            etype_match(krb5_cksumtypes_list[i].keyed_etype, enctype)) ||
-           (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE)) {
-           (*cksumtypes)[c] = krb5_cksumtypes_list[i].ctype;
-           c++;
-       }
+    for (i = 0; i < krb5_cksumtypes_length; i++) {
+       ct = &krb5_cksumtypes_list[i];
+       if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
+           (ct->flags & KRB5_CKSUMFLAG_DERIVE))
+           ctypes[c++] = krb5_cksumtypes_list[i].ctype;
     }
 
-    return(0);
+    *count = nctypes;
+    *cksumtypes = ctypes;
+    return 0;
 }
 
 void KRB5_CALLCONV
 krb5_free_cksumtypes(krb5_context context, krb5_cksumtype *val)
 {
-    if (val)
-       free(val);
-    return;
+    free(val);
 }
-
index 023d8c6a5d2b84aa9f6bdd2a2399fb811b9a83b1..8cf5f1052e159461e0cb47c7125a506a8d37316f 100644 (file)
@@ -31,25 +31,22 @@ krb5_boolean KRB5_CALLCONV
 krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
 {
     unsigned int i;
+    const struct krb5_cksumtypes *ctp;
 
-    for (i=0; i<krb5_cksumtypes_length; i++) {
-       if (krb5_cksumtypes_list[i].ctype == ctype) {
-           if (krb5_cksumtypes_list[i].keyhash ||
-               (krb5_cksumtypes_list[i].flags &
-                KRB5_CKSUMFLAG_DERIVE))
-               return(1);
-           else
-               return(0);
+    for (i = 0; i < krb5_cksumtypes_length; i++) {
+       ctp = &krb5_cksumtypes_list[i];
+       if (ctp->ctype == ctype) {
+           return (ctp->keyhash != NULL ||
+                   (ctp->flags & KRB5_CKSUMFLAG_DERIVE));
        }
     }
 
-    /* ick, but it's better than coredumping, which is what the
-       old code would have done */
-    return 0;   /* error case */
+    /* Invalid ctype.  This is misleading, but better than dumping core. */
+    return FALSE;
 }
 
 krb5_boolean KRB5_CALLCONV
 is_keyed_cksum(krb5_cksumtype ctype)
 {
-    return krb5_c_is_keyed_cksum (ctype);
+    return krb5_c_is_keyed_cksum(ctype);
 }
index acd1da81b4720bc2d5675333945d11d6f7ef1f48..d28d595d43e6bf637e266521abd5781aa963d394 100644 (file)
@@ -39,23 +39,19 @@ krb5_error_code KRB5_CALLCONV
 krb5_c_keylengths(krb5_context context, krb5_enctype enctype,
                  size_t *keybytes, size_t *keylength)
 {
-    int i;
+    const struct krb5_keytypes *ktp;
 
     if (keybytes == NULL && keylength == NULL)
-       return(EINVAL);
+       return EINVAL;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype)
-           break;
-    }
-
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
 
     if (keybytes)
-       *keybytes = krb5_enctypes_list[i].enc->keybytes;
+       *keybytes = ktp->enc->keybytes;
     if (keylength)
-       *keylength = krb5_enctypes_list[i].enc->keylength;
+       *keylength = ktp->enc->keylength;
 
-    return(0);
+    return 0;
 }
index ad532b27dd81fb1289a3c6fe85325d269de69088..29f1ebb2a8a31e080892a3abf73c413e5c6c0314 100644 (file)
@@ -35,56 +35,47 @@ krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
                     const krb5_data *input, krb5_checksum *cksum)
 {
     unsigned int i;
-    int e1, e2;
+    const struct krb5_cksumtypes *ctp;
+    const struct krb5_keytypes *ktp1, *ktp2;
+    const struct krb5_keyhash_provider *keyhash;
     krb5_data data;
+    krb5_octet *trunc;
     krb5_error_code ret;
     size_t cksumlen;
 
-    for (i=0; i<krb5_cksumtypes_length; i++) {
+    for (i = 0; i < krb5_cksumtypes_length; i++) {
        if (krb5_cksumtypes_list[i].ctype == cksumtype)
            break;
     }
-
     if (i == krb5_cksumtypes_length)
-       return(KRB5_BAD_ENCTYPE);
+       return KRB5_BAD_ENCTYPE;
+    ctp = &krb5_cksumtypes_list[i];
 
-    if (krb5_cksumtypes_list[i].keyhash)
-       cksumlen = krb5_cksumtypes_list[i].keyhash->hashsize;
+    if (ctp->keyhash != NULL)
+       cksumlen = ctp->keyhash->hashsize;
     else
-       cksumlen = krb5_cksumtypes_list[i].hash->hashsize;
+       cksumlen = ctp->hash->hashsize;
 
     cksum->length = cksumlen;
-
-    if ((cksum->contents = (krb5_octet *) malloc(cksum->length)) == NULL)
-       return(ENOMEM);
+    cksum->contents = malloc(cksum->length);
+    if (cksum->contents == NULL)
+       return ENOMEM;
 
     data.length = cksum->length;
     data.data = (char *) cksum->contents;
 
-    if (krb5_cksumtypes_list[i].keyhash) {
+    if (ctp->keyhash) {
        /* check if key is compatible */
-       const struct krb5_keyhash_provider *keyhash;
-
-       keyhash = krb5_cksumtypes_list[i].keyhash;
-
-       if (krb5_cksumtypes_list[i].keyed_etype) {
-           for (e1=0; e1<krb5_enctypes_length; e1++) 
-               if (krb5_enctypes_list[e1].etype ==
-                   krb5_cksumtypes_list[i].keyed_etype)
-                   break;
-
-           for (e2=0; e2<krb5_enctypes_length; e2++) 
-               if (krb5_enctypes_list[e2].etype == key->enctype)
-                   break;
-
-           if ((e1 == krb5_enctypes_length) ||
-               (e2 == krb5_enctypes_length) ||
-               (krb5_enctypes_list[e1].enc != krb5_enctypes_list[e2].enc)) {
+       if (ctp->keyed_etype) {
+           ktp1 = find_enctype(ctp->keyed_etype);
+           ktp2 = find_enctype(key->enctype);
+           if (ktp1 == NULL || ktp2 == NULL || ktp1->enc != ktp2->enc) {
                ret = KRB5_BAD_ENCTYPE;
                goto cleanup;
            }
        }
 
+       keyhash = ctp->keyhash;
        if (keyhash->hash == NULL) {
            krb5_crypto_iov iov[1];
 
@@ -97,22 +88,19 @@ krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
        } else {
            ret = (*keyhash->hash)(key, usage, 0, input, &data);
        }
-    } else if (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE) {
-       ret = krb5_dk_make_checksum(krb5_cksumtypes_list[i].hash,
-                                   key, usage, input, &data);
+    } else if (ctp->flags & KRB5_CKSUMFLAG_DERIVE) {
+       ret = krb5_dk_make_checksum(ctp->hash, key, usage, input, &data);
     } else {
-       /* no key is used */
-
-       ret = (*(krb5_cksumtypes_list[i].hash->hash))(1, input, &data);
+       /* No key is used. */
+       ret = (*ctp->hash->hash)(1, input, &data);
     }
 
     if (!ret) {
        cksum->magic = KV5M_CHECKSUM;
        cksum->checksum_type = cksumtype;
-       if (krb5_cksumtypes_list[i].trunc_size) {
-           krb5_octet *trunc;
-           cksum->length = krb5_cksumtypes_list[i].trunc_size;
-           trunc = (krb5_octet *) realloc(cksum->contents, cksum->length);
+       if (ctp->trunc_size) {
+           cksum->length = ctp->trunc_size;
+           trunc = realloc(cksum->contents, cksum->length);
            if (trunc)
                cksum->contents = trunc;
        }
@@ -120,10 +108,9 @@ krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
 
 cleanup:
     if (ret) {
-       memset(cksum->contents, 0, cksum->length);
-       free(cksum->contents);
+       zapfree(cksum->contents, cksum->length);
        cksum->contents = NULL;
     }
 
-    return(ret);
+    return ret;
 }
index 3cf4af6052fda89aa4487a9903df3d68bf449393..a16b849c05a072ddd5ceb8913fd2f9ff95928e79 100644 (file)
@@ -41,22 +41,23 @@ krb5_c_make_checksum_iov(krb5_context context,
     krb5_error_code ret;
     krb5_data cksum_data;
     krb5_crypto_iov *checksum;
+    const struct krb5_cksumtypes *ctp;
 
     for (i = 0; i < krb5_cksumtypes_length; i++) {
        if (krb5_cksumtypes_list[i].ctype == cksumtype)
            break;
     }
-
     if (i == krb5_cksumtypes_length)
-       return(KRB5_BAD_ENCTYPE);
+       return KRB5_BAD_ENCTYPE;
+    ctp = &krb5_cksumtypes_list[i];
 
-    if (krb5_cksumtypes_list[i].keyhash != NULL)
-       cksum_data.length = krb5_cksumtypes_list[i].keyhash->hashsize;
+    if (ctp->keyhash != NULL)
+       cksum_data.length = ctp->keyhash->hashsize;
     else
-       cksum_data.length = krb5_cksumtypes_list[i].hash->hashsize;
+       cksum_data.length = ctp->hash->hashsize;
 
-    if (krb5_cksumtypes_list[i].trunc_size != 0)
-       cksumlen = krb5_cksumtypes_list[i].trunc_size;
+    if (ctp->trunc_size != 0)
+       cksumlen = ctp->trunc_size;
     else
        cksumlen = cksum_data.length;
 
index 0ae321dca7890ea5aa8bb40979fd254a3487d31a..0c3a2620396e111f418986110d3db1275692091d 100644 (file)
@@ -31,53 +31,46 @@ krb5_error_code KRB5_CALLCONV
 krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
                       krb5_keyblock *random_key)
 {
-    int i;
     krb5_error_code ret;
+    const struct krb5_keytypes *ktp;
     const struct krb5_enc_provider *enc;
     size_t keybytes, keylength;
     krb5_data random_data;
-    unsigned char *bytes;
+    unsigned char *bytes = NULL;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype)
-           break;
-    }
-
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
-
-    enc = krb5_enctypes_list[i].enc;
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
+    enc = ktp->enc;
 
     keybytes = enc->keybytes;
     keylength = enc->keylength;
 
-    if ((bytes = (unsigned char *) malloc(keybytes)) == NULL)
-       return(ENOMEM);
-    if ((random_key->contents = (krb5_octet *) malloc(keylength)) == NULL) {
-       free(bytes);
-       return(ENOMEM);
-    }
+    bytes = k5alloc(keybytes, &ret);
+    if (ret)
+       return ret;
+    random_key->contents = k5alloc(keylength, &ret);
+    if (ret)
+       goto cleanup;
 
     random_data.data = (char *) bytes;
     random_data.length = keybytes;
 
-    if ((ret = krb5_c_random_make_octets(context, &random_data)))
+    ret = krb5_c_random_make_octets(context, &random_data);
+    if (ret)
        goto cleanup;
 
     random_key->magic = KV5M_KEYBLOCK;
     random_key->enctype = enctype;
     random_key->length = keylength;
 
-    ret = ((*(enc->make_key))(&random_data, random_key));
+    ret = (*enc->make_key)(&random_data, random_key);
 
 cleanup:
-    memset(bytes, 0, keybytes);
-    free(bytes);
-
     if (ret) {
-       memset(random_key->contents, 0, keylength);
-       free(random_key->contents);
+       zapfree(random_key->contents, keylength);
+       random_key->contents = NULL;
     }
-
-    return(ret);
+    zapfree(bytes, keybytes);
+    return ret;
 }
index f9322ff3f189dc66cd14925a362b83a8b5e5fa46..45ea0b82b6e8d9409db4ebb8df5b55c3272fe05c 100644 (file)
 #include "etypes.h"
 
 krb5_error_code
-krb5int_c_mandatory_cksumtype (krb5_context ctx, krb5_enctype etype,
-                              krb5_cksumtype *cksumtype)
+krb5int_c_mandatory_cksumtype(krb5_context ctx, krb5_enctype etype,
+                             krb5_cksumtype *cksumtype)
 {
-    int i;
+    const struct krb5_keytypes *ktp;
 
-    for (i = 0; i < krb5_enctypes_length; i++)
-       if (krb5_enctypes_list[i].etype == etype) {
-           *cksumtype = krb5_enctypes_list[i].required_ctype;
-           return 0;
-       }
-
-    return KRB5_BAD_ENCTYPE;
+    ktp = find_enctype(etype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
+    *cksumtype = ktp->required_ctype;
+    return 0;
 }
index 4db0c3359477ec61d84ed0e58f382e7ebb7cd6d1..c0cfdb17982401ad40546118a05c44a8ba8ec9c8 100644 (file)
@@ -37,28 +37,31 @@ krb5_encrypt(krb5_context context, krb5_const_pointer inptr,
     krb5_error_code ret;
 
     if (ivec) {
-       if ((ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize)))
-           return(ret);
+       ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
+       if (ret)
+           return ret;
 
        ivecd.length = blocksize;
        ivecd.data = ivec;
     }
 
-    /* size is the length of the input cleartext data */
+    /* size is the length of the input cleartext data. */
     inputd.length = size;
     inputd.data = inptr;
 
-    /* The size of the output buffer isn't part of the old api.  Not too
-       safe.  So, we assume here that it's big enough. */
-    if ((ret = krb5_c_encrypt_length(context, eblock->key->enctype, size,
-                                    &outlen)))
-       return(ret);
+    /*
+     * The size of the output buffer isn't part of the old api.  Not too
+     * safe.  So, we assume here that it's big enough.
+     */
+    ret = krb5_c_encrypt_length(context, eblock->key->enctype, size, &outlen);
+    if (ret)
+       return ret;
 
     outputd.ciphertext.length = outlen;
     outputd.ciphertext.data = outptr;
 
-    return(krb5_c_encrypt(context, eblock->key, 0, ivec?&ivecd:0,
-                         &inputd, &outputd));
+    return krb5_c_encrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
+                         &inputd, &outputd);
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -72,8 +75,9 @@ krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
     krb5_error_code ret;
 
     if (ivec) {
-       if ((ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize)))
-           return(ret);
+       ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
+       if (ret)
+           return ret;
 
        ivecd.length = blocksize;
        ivecd.data = ivec;
@@ -90,8 +94,8 @@ krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
     outputd.length = size;
     outputd.data = outptr;
 
-    return(krb5_c_decrypt(context, eblock->key, 0, ivec?&ivecd:0,
-                         &inputd, &outputd));
+    return krb5_c_decrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
+                         &inputd, &outputd);
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -100,13 +104,13 @@ krb5_process_key(krb5_context context, krb5_encrypt_block *eblock,
 {
     eblock->key = (krb5_keyblock *) key;
 
-    return(0);
+    return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_finish_key(krb5_context context, krb5_encrypt_block *eblock)
 {
-    return(0);
+    return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -114,8 +118,8 @@ krb5_string_to_key(krb5_context context, const krb5_encrypt_block *eblock,
                   krb5_keyblock *keyblock, const krb5_data *data,
                   const krb5_data *salt)
 {
-    return(krb5_c_string_to_key(context, eblock->crypto_entry, data, salt,
-                               keyblock));
+    return krb5_c_string_to_key(context, eblock->crypto_entry, data, salt,
+                               keyblock);
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -127,14 +131,14 @@ krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock,
     data.length = keyblock->length;
     data.data = (char *) keyblock->contents;
 
-    return(krb5_c_random_seed(context, &data));
+    return krb5_c_random_seed(context, &data);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_finish_random_key(krb5_context context, const krb5_encrypt_block *eblock,
                       krb5_pointer *ptr)
 {
-    return(0);
+    return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -144,23 +148,26 @@ krb5_random_key(krb5_context context, const krb5_encrypt_block *eblock,
     krb5_keyblock *key;
     krb5_error_code ret;
 
-    if ((key = (krb5_keyblock *) malloc(sizeof(krb5_keyblock))) == NULL)
-       return(ENOMEM);
+    *keyblock = NULL;
 
-    if ((ret = krb5_c_make_random_key(context, eblock->crypto_entry, key))) {
+    key = malloc(sizeof(krb5_keyblock));
+    if (key == NULL)
+       return ENOMEM;
+
+    ret = krb5_c_make_random_key(context, eblock->crypto_entry, key);
+    if (ret) {
        free(key);
-       key = NULL;
+       return ret;
     }
 
     *keyblock = key;
-
     return(ret);
 }
 
 krb5_enctype KRB5_CALLCONV
 krb5_eblock_enctype(krb5_context context, const krb5_encrypt_block *eblock)
 {
-    return(eblock->crypto_entry);
+    return eblock->crypto_entry;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -169,7 +176,7 @@ krb5_use_enctype(krb5_context context, krb5_encrypt_block *eblock,
 {
     eblock->crypto_entry = enctype;
 
-    return(0);
+    return 0;
 }
 
 size_t KRB5_CALLCONV
@@ -177,10 +184,10 @@ krb5_encrypt_size(size_t length, krb5_enctype crypto)
 {
     size_t ret;
 
-    if (krb5_c_encrypt_length(/* XXX */ 0, crypto, length, &ret))
-       return(-1); /* XXX */
+    if (krb5_c_encrypt_length(NULL, crypto, length, &ret))
+       return (size_t) -1; /* XXX */
 
-    return(ret);
+    return ret;
 }
 
 size_t KRB5_CALLCONV
@@ -189,9 +196,9 @@ krb5_checksum_size(krb5_context context, krb5_cksumtype ctype)
     size_t ret;
 
     if (krb5_c_checksum_length(context, ctype, &ret))
-       return(-1); /* XXX */
+       return (size_t) -1; /* XXX */
 
-    return(ret);
+    return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -211,13 +218,14 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
     key.length = seed_length;
     key.contents = seed;
 
-    if ((ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum)))
-       return(ret);
+    ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum);
+    if (ret)
+       return ret;
 
     if (outcksum->length < cksum.length) {
        memset(cksum.contents, 0, cksum.length);
        free(cksum.contents);
-       return(KRB5_BAD_MSIZE);
+       return KRB5_BAD_MSIZE;
     }
 
     outcksum->magic = cksum.magic;
@@ -247,14 +255,14 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
     key.length = seed_length;
     key.contents = seed;
 
-    if ((ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum,
-                                     &valid)))
-       return(ret);
+    ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, &valid);
+    if (ret)
+       return ret;
 
     if (!valid)
-       return(KRB5KRB_AP_ERR_BAD_INTEGRITY);
+       return KRB5KRB_AP_ERR_BAD_INTEGRITY;
 
-    return(0);
+    return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -265,7 +273,7 @@ krb5_random_confounder(size_t size, krb5_pointer ptr)
     random_data.length = size;
     random_data.data = ptr;
 
-    return(krb5_c_random_make_octets(/* XXX */ 0, &random_data));
+    return krb5_c_random_make_octets(NULL, &random_data);
 }
 
 krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
@@ -276,13 +284,14 @@ krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
     size_t enclen, blocksize;
     krb5_data ivecd;
 
-    if ((ret = krb5_c_encrypt_length(context, key->enctype, data->length,
-                                    &enclen)))
-       return(ret);
+    ret = krb5_c_encrypt_length(context, key->enctype, data->length, &enclen);
+    if (ret)
+       return ret;
 
     if (ivec) {
-       if ((ret = krb5_c_block_size(context, key->enctype, &blocksize)))
-           return(ret);
+       ret = krb5_c_block_size(context, key->enctype, &blocksize);
+       if (ret)
+           return ret;
 
        ivecd.length = blocksize;
        ivecd.data = ivec;
@@ -292,13 +301,15 @@ krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
     enc_data->kvno = 0;
     enc_data->enctype = key->enctype;
     enc_data->ciphertext.length = enclen;
-    if ((enc_data->ciphertext.data = malloc(enclen)) == NULL)
-       return(ENOMEM);
+    enc_data->ciphertext.data = malloc(enclen);
+    if (enc_data->ciphertext.data == NULL)
+       return ENOMEM;
 
-    if ((ret = krb5_c_encrypt(context, key, 0, ivec?&ivecd:0, data, enc_data)))
+    ret = krb5_c_encrypt(context, key, 0, ivec ? &ivecd : 0, data, enc_data);
+    if (ret)
        free(enc_data->ciphertext.data);
 
-    return(ret);
+    return ret;
 }
 
 krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key,
@@ -310,19 +321,22 @@ krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key,
     size_t blocksize;
 
     if (ivec) {
-       if ((ret = krb5_c_block_size(context, key->enctype, &blocksize)))
-           return(ret);
+       ret = krb5_c_block_size(context, key->enctype, &blocksize);
+       if (ret)
+           return ret;
 
        ivecd.length = blocksize;
        ivecd.data = ivec;
     }
 
     data->length = enc_data->ciphertext.length;
-    if ((data->data = (char *) malloc(data->length)) == NULL)
-       return(ENOMEM);
+    data->data = malloc(data->length);
+    if (data->data == NULL)
+       return ENOMEM;
 
-    if ((ret = krb5_c_decrypt(context, key, 0, ivec?&ivecd:0, enc_data, data)))
+    ret = krb5_c_decrypt(context, key, 0, ivec ? &ivecd : 0, enc_data, data);
+    if (ret)
        free(data->data);
 
-    return(0);
+    return 0;
 }
index 67e1bc8a32e2075bdbd32321e6cce42a14726abc..d2c633e757b63af2f579ea8ee460cf4738a39790 100644 (file)
 #include <assert.h>
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_prf_length(krb5_context context, krb5_enctype enctype,
-                 size_t *len)
+krb5_c_prf_length(krb5_context context, krb5_enctype enctype, size_t *len)
 {
-    int i;
-    assert (len);
+    const struct krb5_keytypes *ktp;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype)
-           break;
-    }
-
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
-
-    *len = krb5_enctypes_list[i].prf_length;
+    assert(len);
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
+    *len = ktp->prf_length;
     return 0;
-    
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_prf(krb5_context context, const krb5_keyblock *key,
           krb5_data *input, krb5_data *output)
 {
-    int i;
-    size_t len;
-    assert(input && output);
-    assert (output->data);
+    const struct krb5_keytypes *ktp;
 
+    assert(input && output);
+    assert(output->data);
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == key->enctype)
-           break;
-    }
-
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
+    ktp = find_enctype(key->enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
+    if (ktp->prf == NULL)
+       return KRB5_CRYPTO_INTERNAL;
 
     output->magic = KV5M_DATA;
-    if (!krb5_enctypes_list[i].prf)
-       return (KRB5_CRYPTO_INTERNAL);
-    krb5_c_prf_length (context, key->enctype, &len);
-    if (len != output->length)
-       return (KRB5_CRYPTO_INTERNAL);
-    return((*(krb5_enctypes_list[i].prf))
-          (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash,
-           key,  input, output));
+    if (ktp->prf_length != output->length)
+       return KRB5_CRYPTO_INTERNAL;
+    return (*ktp->prf)(ktp->enc, ktp->hash, key, input, output);
 }
-
index f9647eae2bc932b2a43904342eb5221b38a78f3f..b52dabc26e4c95cbb97e1c95104af347593cfd66 100644 (file)
@@ -38,27 +38,28 @@ k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER;
  */
 
 static size_t
-entropy_estimate (unsigned int randsource, size_t length)
+entropy_estimate(unsigned int randsource, size_t length)
 {
-  switch (randsource) {
-  case KRB5_C_RANDSOURCE_OLDAPI:
-    return (4*length);
-  case KRB5_C_RANDSOURCE_OSRAND:
-    return (8*length);
-  case KRB5_C_RANDSOURCE_TRUSTEDPARTY:
-    return (4*length);
-  case KRB5_C_RANDSOURCE_TIMING:return (2);
-  case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL:
-    return (0);
-  default:
-    abort();
-  }
-return (0);
+    switch (randsource) {
+    case KRB5_C_RANDSOURCE_OLDAPI:
+       return 4 * length;
+    case KRB5_C_RANDSOURCE_OSRAND:
+       return 8 * length;
+    case KRB5_C_RANDSOURCE_TRUSTEDPARTY:
+       return 4 * length;
+    case KRB5_C_RANDSOURCE_TIMING:
+       return 2;
+    case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL:
+       return 0;
+    default:
+       abort();
+    }
+    return 0;
 }
 
 int krb5int_prng_init(void)
 {
-    unsigned i;
+    unsigned i, source_id;
     int yerr;
 
     yerr = k5_mutex_finish_init(&yarrow_lock);
@@ -66,12 +67,11 @@ int krb5int_prng_init(void)
        return yerr;
 
     yerr = krb5int_yarrow_init (&y_ctx, NULL);
-    if ((yerr != YARROW_OK) && (yerr != YARROW_NOT_SEEDED))
+    if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED)
        return KRB5_CRYPTO_INTERNAL;
 
     for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) {
-       unsigned source_id;
-       if (krb5int_yarrow_new_source (&y_ctx, &source_id) != YARROW_OK )
+       if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK)
            return KRB5_CRYPTO_INTERNAL;
        assert (source_id == i);
     }
@@ -80,46 +80,47 @@ int krb5int_prng_init(void)
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_random_add_entropy (krb5_context context, unsigned int randsource,
-                          const krb5_data *data)
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+                         const krb5_data *data)
 {
-  int yerr;
-
-  /* Make sure the mutex got initialized.  */
-  yerr = krb5int_crypto_init();
-  if (yerr)
-      return yerr;
-  /* Now, finally, feed in the data.  */
-  yerr = krb5int_yarrow_input (&y_ctx, randsource,
-                              data->data, data->length,
-                              entropy_estimate (randsource, data->length));
-  if (yerr != YARROW_OK)
-      return (KRB5_CRYPTO_INTERNAL);
-  return (0);
+    int yerr;
+
+    /* Make sure the mutex got initialized.  */
+    yerr = krb5int_crypto_init();
+    if (yerr)
+       return yerr;
+    /* Now, finally, feed in the data.  */
+    yerr = krb5int_yarrow_input(&y_ctx, randsource,
+                               data->data, data->length,
+                               entropy_estimate(randsource, data->length));
+    if (yerr != YARROW_OK)
+       return KRB5_CRYPTO_INTERNAL;
+    return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_random_seed (krb5_context context, krb5_data *data)
+krb5_c_random_seed(krb5_context context, krb5_data *data)
 {
-    return krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_OLDAPI, data);
+    return krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_random_make_octets(krb5_context context, krb5_data *data)
 {
     int yerr;
-    yerr = krb5int_yarrow_output (&y_ctx, data->data, data->length);
+    yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
     if (yerr == YARROW_NOT_SEEDED) {
-      yerr = krb5int_yarrow_reseed (&y_ctx, YARROW_SLOW_POOL);
-      if (yerr == YARROW_OK)
-       yerr = krb5int_yarrow_output (&y_ctx, data->data, data->length);
+       yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL);
+       if (yerr == YARROW_OK)
+           yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
     }
-    if ( yerr != YARROW_OK)
-      return (KRB5_CRYPTO_INTERNAL);
-    return(0);
+    if (yerr != YARROW_OK)
+      return KRB5_CRYPTO_INTERNAL;
+    return 0;
 }
 
-void krb5int_prng_cleanup (void)
+void
+krb5int_prng_cleanup (void)
 {
     krb5int_yarrow_final (&y_ctx);
     k5_mutex_destroy(&yarrow_lock);
@@ -133,11 +134,11 @@ void krb5int_prng_cleanup (void)
 #if defined(_WIN32)
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_random_os_entropy (krb5_context context, int strong, int *success)
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
 {
-  if (success)
-    *success  = 0;
-  return 0;
+    if (success)
+       *success = 0;
+    return 0;
 }
 
 #else /*Windows*/
@@ -156,60 +157,58 @@ krb5_c_random_os_entropy (krb5_context context, int strong, int *success)
  */
 
 static int
-read_entropy_from_device (krb5_context context, const char *device)
+read_entropy_from_device(krb5_context context, const char *device)
 {
-  krb5_data data;
-  struct stat sb;
-  int fd;
-  unsigned char buf[YARROW_SLOW_THRESH/8], *bp;
-  int left;
-  fd = open (device, O_RDONLY);
-  if (fd == -1)
-    return 0;
-  set_cloexec_fd(fd);
-  if (fstat (fd, &sb) == -1 || S_ISREG(sb.st_mode)) {
-      close(fd);
-      return 0;
-  }
-
-  for (bp = buf, left = sizeof (buf); left > 0;) {
-    ssize_t count;
-    count = read (fd, bp, (unsigned) left);
-    if (count <= 0) {
-      close(fd);
-      return 0;
+    krb5_data data;
+    struct stat sb;
+    int fd;
+    unsigned char buf[YARROW_SLOW_THRESH/8], *bp;
+    int left;
+
+    fd = open (device, O_RDONLY);
+    if (fd == -1)
+       return 0;
+    set_cloexec_fd(fd);
+    if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode)) {
+       close(fd);
+       return 0;
     }
-    left -= count;
-    bp += count;
-  }
-  close (fd);
-  data.length = sizeof (buf);
-  data.data = ( char * ) buf;
-  if ( krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_OSRAND, 
-                                 &data) != 0) {
-    return 0;
-  }
-  return 1;
+
+    for (bp = buf, left = sizeof(buf); left > 0;) {
+       ssize_t count;
+       count = read(fd, bp, (unsigned) left);
+       if (count <= 0) {
+           close(fd);
+           return 0;
+       }
+       left -= count;
+       bp += count;
+    }
+    close(fd);
+    data.length = sizeof (buf);
+    data.data = (char *) buf;
+    return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND,
+                                     &data) == 0);
 }
     
 krb5_error_code KRB5_CALLCONV
-krb5_c_random_os_entropy (krb5_context context,
-                         int strong, int *success)
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
 {
-  int unused;
-  int *oursuccess = success?success:&unused;
-  *oursuccess = 0;
-  /* If we are getting strong data then try that first.  We are
-     guaranteed to cause a reseed of some kind if strong is true and
-     we have both /dev/random and /dev/urandom.  We want the strong
-     data included in the reseed so we get it first.*/
-  if (strong) {
-    if (read_entropy_from_device (context, "/dev/random"))
-      *oursuccess = 1;
-  }
-  if (read_entropy_from_device (context, "/dev/urandom"))
-    *oursuccess = 1;
-  return 0;
+    int unused;
+    int *oursuccess = success ? success : &unused;
+
+    *oursuccess = 0;
+    /* If we are getting strong data then try that first.  We are
+       guaranteed to cause a reseed of some kind if strong is true and
+       we have both /dev/random and /dev/urandom.  We want the strong
+       data included in the reseed so we get it first.*/
+    if (strong) {
+       if (read_entropy_from_device(context, "/dev/random"))
+           *oursuccess = 1;
+    }
+    if (read_entropy_from_device(context, "/dev/urandom"))
+       *oursuccess = 1;
+    return 0;
 }
 
 #endif /*Windows or pre-OSX Mac*/
index 20f0abc0d9a73ef12a8b1512eb773183646f6431..18e4c695909a7556dc19fd5ddcbe71dd462699bd 100644 (file)
@@ -40,34 +40,25 @@ krb5_error_code KRB5_CALLCONV
 krb5_c_random_to_key(krb5_context context, krb5_enctype enctype,
                     krb5_data *random_data, krb5_keyblock *random_key)
 {
-    int i;
     krb5_error_code ret;
+    const struct krb5_keytypes *ktp;
     const struct krb5_enc_provider *enc;
 
-    if (random_data == NULL || random_key == NULL)
-       return(EINVAL);
+    if (random_data == NULL || random_key == NULL ||
+       random_key->contents == NULL)
+       return EINVAL;
 
-    if (random_key->contents == NULL)
-       return(EINVAL);
-
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype)
-           break;
-    }
-
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
-
-    enc = krb5_enctypes_list[i].enc;
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
+    enc = ktp->enc;
 
     if (random_key->length != enc->keylength)
-       return(KRB5_BAD_KEYSIZE);
-
-    ret = ((*(enc->make_key))(random_data, random_key));
+       return KRB5_BAD_KEYSIZE;
 
-    if (ret) {
+    ret = (*enc->make_key)(random_data, random_key);
+    if (ret)
        memset(random_key->contents, 0, random_key->length);
-    }
 
-    return(ret);
+    return ret;
 }
index f69746c81e5c836311ff7396bc49026f1d3b3dbe..152ebecf72b8dc73896cd97655eb701c3b31ac2e 100644 (file)
@@ -39,34 +39,22 @@ krb5_error_code KRB5_CALLCONV
 krb5_c_init_state (krb5_context context, const krb5_keyblock *key,
                   krb5_keyusage keyusage, krb5_data *new_state)
 {
-      int i;
+    const struct krb5_keytypes *ktp;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == key->enctype)
-           break;
-    }
-
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
-
-    return (*(krb5_enctypes_list[i].enc->init_state))
-      (key, keyusage, new_state);
+    ktp = find_enctype(key->enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
+    return ktp->enc->init_state(key, keyusage, new_state);
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_free_state (krb5_context context, const krb5_keyblock *key,
-                  krb5_data *state)
+krb5_c_free_state(krb5_context context, const krb5_keyblock *key,
+                 krb5_data *state)
 {
-      int i;
-
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == key->enctype)
-           break;
-    }
-
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
+    const struct krb5_keytypes *ktp;
 
-    return     (*(krb5_enctypes_list[i].enc->free_state))
-      (state);
+    ktp = find_enctype(key->enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
+    return ktp->enc->free_state(state);
 }
index 5a3c70d731f3151aa577da76701e64c5fbcbfd4b..92ecbfaa1906c6d6e44692f9d07e3e4517b8fedf 100644 (file)
@@ -31,23 +31,26 @@ krb5_error_code KRB5_CALLCONV
 krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep)
 {
     unsigned int i, j;
+    const char *alias;
+    const struct krb5_cksumtypes *ctp;
 
     for (i=0; i<krb5_cksumtypes_length; i++) {
-       if (strcasecmp(krb5_cksumtypes_list[i].name, string) == 0) {
-           *cksumtypep = krb5_cksumtypes_list[i].ctype;
-           return(0);
+       ctp = &krb5_cksumtypes_list[i];
+       if (strcasecmp(ctp->name, string) == 0) {
+           *cksumtypep = ctp->ctype;
+           return 0;
        }
-#define MAX_ALIASES (sizeof(krb5_cksumtypes_list[i].aliases) / sizeof(krb5_cksumtypes_list[i].aliases[0]))
+#define MAX_ALIASES (sizeof(ctp->aliases) / sizeof(ctp->aliases[0]))
        for (j = 0; j < MAX_ALIASES; j++) {
-           const char *alias = krb5_cksumtypes_list[i].aliases[j];
+           alias = ctp->aliases[j];
            if (alias == NULL)
                break;
            if (strcasecmp(alias, string) == 0) {
-               *cksumtypep = krb5_cksumtypes_list[i].ctype;
+               *cksumtypep = ctp->ctype;
                return 0;
            }
        }
     }
 
-    return(EINVAL);
+    return EINVAL;
 }
index 5c6ae1cad6e52c54cf843bacf3826ec88526bcbf..141c36c96efb306808d435e785dd14f123ba9a8e 100644 (file)
 krb5_error_code KRB5_CALLCONV
 krb5_string_to_enctype(char *string, krb5_enctype *enctypep)
 {
-    unsigned int i, j;
+    int i;
+    unsigned int j;
+    const char *alias;
+    const struct krb5_keytypes *ktp;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (strcasecmp(krb5_enctypes_list[i].name, string) == 0) {
-           *enctypep = krb5_enctypes_list[i].etype;
+    for (i = 0; i < krb5_enctypes_length; i++) {
+       ktp = &krb5_enctypes_list[i];
+       if (strcasecmp(ktp->name, string) == 0) {
+           *enctypep = ktp->etype;
            return 0;
        }
-#define MAX_ALIASES (sizeof(krb5_enctypes_list[i].aliases) / sizeof(krb5_enctypes_list[i].aliases[0]))
+#define MAX_ALIASES (sizeof(ktp->aliases) / sizeof(ktp->aliases[0]))
        for (j = 0; j < MAX_ALIASES; j++) {
-           const char *alias = krb5_enctypes_list[i].aliases[j];
+           alias = ktp->aliases[j];
            if (alias == NULL)
                break;
            if (strcasecmp(alias, string) == 0) {
-               *enctypep = krb5_enctypes_list[i].etype;
+               *enctypep = ktp->etype;
                return 0;
            }
        }
     }
 
-    return(EINVAL);
+    return EINVAL;
 }
index 71d9db650197c412bc8c2314fa2e5d873b21f18b..bf8f8ce91cbb3933b358274920bfd6780cbcfd8d 100644 (file)
@@ -51,23 +51,20 @@ krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype,
                                 const krb5_data *salt,
                                 const krb5_data *params, krb5_keyblock *key)
 {
-    int i;
     krb5_error_code ret;
-    const struct krb5_enc_provider *enc;
-    size_t keybytes, keylength;
+    const struct krb5_keytypes *ktp;
+    size_t keylength;
 
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == enctype)
-           break;
-    }
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+       return KRB5_BAD_ENCTYPE;
+    keylength = ktp->enc->keylength;
 
-    if (i == krb5_enctypes_length)
-       return(KRB5_BAD_ENCTYPE);
-
-    enc = krb5_enctypes_list[i].enc;
-/* xxx AFS string2key function is indicated by a special length  in
- * the salt in much of the code.  However only the DES enctypes can
- * deal with this.  Using s2kparams would be a much better solution.*/
+    /*
+     * xxx AFS string2key function is indicated by a special length  in
+     * the salt in much of the code.  However only the DES enctypes can
+     * deal with this.  Using s2kparams would be a much better solution.
+     */
     if (salt && salt->length == SALT_TYPE_AFS_LENGTH) {
        switch (enctype) {
        case ENCTYPE_DES_CBC_CRC:
@@ -75,27 +72,24 @@ krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype,
        case ENCTYPE_DES_CBC_MD5:
            break;
        default:
-           return (KRB5_CRYPTO_INTERNAL);
+           return KRB5_CRYPTO_INTERNAL;
        }
     }
 
-    keybytes = enc->keybytes;
-    keylength = enc->keylength;
-
-    if ((key->contents = (krb5_octet *) malloc(keylength)) == NULL)
-       return(ENOMEM);
+    key->contents = malloc(keylength);
+    if (key->contents == NULL)
+       return ENOMEM;
 
     key->magic = KV5M_KEYBLOCK;
     key->enctype = enctype;
     key->length = keylength;
 
-    ret = (*krb5_enctypes_list[i].str2key)(enc, string, salt, params, key);
+    ret = (*ktp->str2key)(ktp->enc, string, salt, params, key);
     if (ret) {
-       memset(key->contents, 0, keylength);
-       free(key->contents);
+       zapfree(key->contents, keylength);
        key->length = 0;
        key->contents = NULL;
     }
 
-    return(ret);
+    return ret;
 }
index 8fd9effc9f402da87ac3a054a3b52d36075f8a17..56a92df25be5e1b37ecc8eca205ab344642d1530 100644 (file)
@@ -32,16 +32,16 @@ krb5_c_valid_cksumtype(krb5_cksumtype ctype)
 {
     unsigned int i;
 
-    for (i=0; i<krb5_cksumtypes_length; i++) {
+    for (i = 0; i < krb5_cksumtypes_length; i++) {
        if (krb5_cksumtypes_list[i].ctype == ctype)
-           return(1);
+           return TRUE;
     }
 
-    return(0);
+    return FALSE;
 }
 
 krb5_boolean KRB5_CALLCONV
 valid_cksumtype(krb5_cksumtype ctype)
 {
-    return krb5_c_valid_cksumtype (ctype);
+    return krb5_c_valid_cksumtype(ctype);
 }
index 7b9a92a8995ca26128c66e6a54db682f7b53589a..0240cbc6f45da59e737eabdd24b779439b6dbc53 100644 (file)
 krb5_boolean KRB5_CALLCONV
 krb5_c_valid_enctype(krb5_enctype etype)
 {
-    int i;
-
-    for (i=0; i<krb5_enctypes_length; i++) {
-       if (krb5_enctypes_list[i].etype == etype)
-           return(1);
-    }
-
-    return(0);
+    return (find_enctype(etype) != NULL);
 }
 
 krb5_boolean KRB5_CALLCONV
 valid_enctype(krb5_enctype etype)
 {
-    return krb5_c_valid_enctype (etype);
+    return krb5_c_valid_enctype(etype);
 }
 
 krb5_boolean KRB5_CALLCONV
 krb5_c_weak_enctype(krb5_enctype etype)
 {
-    int i;
-    const struct krb5_keytypes *k;
-
-    for (i = 0; i < krb5_enctypes_length; i++) {
-#if 0
-       if (krb5_enctypes_list[i].etype == etype &&
-           krb5_enctypes_list[i].flags | ETYPE_WEAK)
-           return(1);
-#endif
-       k = &krb5_enctypes_list[i];
-       if (k->etype == etype && (k->flags & ETYPE_WEAK)) {
-           return(1);
-       }
-    }
+    const struct krb5_keytypes *ktp;
 
-    return(0);
+    ktp = find_enctype(etype);
+    return ((ktp->flags & ETYPE_WEAK) != 0);
 }
index 72b5595de6bae1bbd0fa6e306ed714f46b7bff69..ae15cc872a1283917fe9c2d42633561f1dc33e38 100644 (file)
@@ -33,6 +33,8 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
                       const krb5_checksum *cksum, krb5_boolean *valid)
 {
     unsigned int i;
+    const struct krb5_cksumtypes *ctp;
+    const struct krb5_keyhash_provider *keyhash;
     size_t hashsize;
     krb5_error_code ret;
     krb5_data indata;
@@ -42,19 +44,16 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
        if (krb5_cksumtypes_list[i].ctype == cksum->checksum_type)
            break;
     }
-
     if (i == krb5_cksumtypes_length)
-       return(KRB5_BAD_ENCTYPE);
-
-    /* if there's actually a verify function, call it */
+       return KRB5_BAD_ENCTYPE;
+    ctp = &krb5_cksumtypes_list[i];
 
     indata.length = cksum->length;
     indata.data = (char *) cksum->contents;
 
-    if (krb5_cksumtypes_list[i].keyhash) {
-       const struct krb5_keyhash_provider *keyhash;
-
-       keyhash = krb5_cksumtypes_list[i].keyhash;
+    /* If there's actually a verify function, call it. */
+    if (ctp->keyhash) {
+       keyhash = ctp->keyhash;
 
        if (keyhash->verify == NULL && keyhash->verify_iov != NULL) {
            krb5_crypto_iov iov[1];
@@ -62,31 +61,30 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
            iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
            iov[0].data = *data;
 
-           return (*keyhash->verify_iov)(key, usage, 0, iov, 1, &indata, valid);
+           return (*keyhash->verify_iov)(key, usage, 0, iov, 1, &indata,
+                                         valid);
        } else if (keyhash->verify != NULL) {
            return (*keyhash->verify)(key, usage, 0, data, &indata, valid);
        }
     }
 
-    /* otherwise, make the checksum again, and compare */
-
-    if ((ret = krb5_c_checksum_length(context, cksum->checksum_type, &hashsize)))
-       return(ret);
+    /* Otherwise, make the checksum again, and compare. */
+    ret = krb5_c_checksum_length(context, cksum->checksum_type, &hashsize);
+    if (ret)
+       return ret;
 
     if (cksum->length != hashsize)
-       return(KRB5_BAD_MSIZE);
+       return KRB5_BAD_MSIZE;
 
     computed.length = hashsize;
 
-    if ((ret = krb5_c_make_checksum(context, cksum->checksum_type, key, usage,
-                                  data, &computed))) {
-       free(computed.contents);
-       return(ret);
-    }
+    ret = krb5_c_make_checksum(context, cksum->checksum_type, key, usage,
+                              data, &computed);
+    if (ret)
+       return ret;
 
     *valid = (memcmp(computed.contents, cksum->contents, hashsize) == 0);
 
     free(computed.contents);
-
-    return(0);
+    return 0;
 }
index 08c0a5c7bdb686dae9e632d76c8be7c75d28adb0..341c89684f44dade20ee796059c7933578e81ae4 100644 (file)
@@ -38,6 +38,7 @@ krb5_c_verify_checksum_iov(krb5_context context,
                           krb5_boolean *valid)
 {
     unsigned int i;
+    const struct krb5_cksumtypes *ctp;
     size_t cksumlen;
     krb5_error_code ret;
     krb5_data computed;
@@ -47,52 +48,49 @@ krb5_c_verify_checksum_iov(krb5_context context,
        if (krb5_cksumtypes_list[i].ctype == checksum_type)
            break;
     }
-
     if (i == krb5_cksumtypes_length)
-       return(KRB5_BAD_ENCTYPE);
+       return KRB5_BAD_ENCTYPE;
+    ctp = &krb5_cksumtypes_list[i];
 
-    checksum = krb5int_c_locate_iov((krb5_crypto_iov *)data, num_data, KRB5_CRYPTO_TYPE_CHECKSUM);
+    checksum = krb5int_c_locate_iov((krb5_crypto_iov *)data, num_data,
+                                   KRB5_CRYPTO_TYPE_CHECKSUM);
     if (checksum == NULL)
        return(KRB5_BAD_MSIZE);
 
-    /* if there's actually a verify function, call it */
-
-    if (krb5_cksumtypes_list[i].keyhash &&
-       krb5_cksumtypes_list[i].keyhash->verify_iov)
-       return((*(krb5_cksumtypes_list[i].keyhash->verify_iov))(key, usage, 0,
-                                                               data, num_data,
-                                                               &checksum->data,
-                                                               valid));
-
-    /* otherwise, make the checksum again, and compare */
+    /* If there's actually a verify function, call it. */
+    if (ctp->keyhash && ctp->keyhash->verify_iov) {
+       return (*ctp->keyhash->verify_iov)(key, usage, 0, data, num_data,
+                                          &checksum->data, valid);
+    }
 
-    if (krb5_cksumtypes_list[i].keyhash != NULL)
-       computed.length = krb5_cksumtypes_list[i].keyhash->hashsize;
+    /* Otherwise, make the checksum again, and compare. */
+    if (ctp->keyhash != NULL)
+       computed.length = ctp->keyhash->hashsize;
     else
-       computed.length = krb5_cksumtypes_list[i].hash->hashsize;
+       computed.length = ctp->hash->hashsize;
 
-    if (krb5_cksumtypes_list[i].trunc_size != 0)
-       cksumlen = krb5_cksumtypes_list[i].trunc_size;
+    if (ctp->trunc_size != 0)
+       cksumlen = ctp->trunc_size;
     else
        cksumlen = computed.length;
 
     if (checksum->data.length != cksumlen)
-       return(KRB5_BAD_MSIZE);
+       return KRB5_BAD_MSIZE;
 
     computed.data = malloc(computed.length);
     if (computed.data == NULL)
-       return(ENOMEM);
+       return ENOMEM;
 
-    if ((ret = krb5int_c_make_checksum_iov(&krb5_cksumtypes_list[i], key, usage,
-                                          data, num_data, &computed))) {
+    ret = krb5int_c_make_checksum_iov(&krb5_cksumtypes_list[i], key, usage,
+                                     data, num_data, &computed);
+    if (ret) {
        free(computed.data);
-       return(ret);
+       return ret;
     }
 
     *valid = (computed.length == cksumlen) &&
             (memcmp(computed.data, checksum->data.data, cksumlen) == 0);
 
     free(computed.data);
-
-    return(0);
+    return 0;
 }