make variable shorter, make error messages from pkinit, make freeing easier

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14201 ec53bebd-3082-4978-b11e-865c3cabbd6b
2004-09-07 22:26:40 +00:00
parent 1a000b4604
commit ba0ff6be30
1 changed files with 53 additions and 53 deletions
--- a/lib/krb5/pkinit.c
+++ b/lib/krb5/pkinit.c
@@ -417,7 +417,12 @@ build_auth_pack(krb5_context context,
    krb5_timestamp sec;
    int32_t usec;
-    cksum = CKSUMTYPE_SHA1; /* XXX PACKETCABLE can have problems with this */
+#if 0
    /* XXX some PACKETCABLE needs implemetations need md5 */
    cksum = CKSUMTYPE_RSA_MD5;
 #else
    cksum = CKSUMTYPE_SHA1;
 #endif
    krb5_us_timeofday(context, &sec, &usec);
    a->pkAuthenticator.ctime = sec;
@@ -996,8 +1001,8 @@ _krb5_pk_verify_sign(krb5_context context,
 		     const char *data,
 		     size_t length,
 		     struct krb5_pk_identity *id,
-		     heim_oid *eContentType,
+		     heim_oid *contentType,
-		     krb5_data *eContent,
+		     krb5_data *content,
 		     struct krb5_pk_cert **signer)
 {
    STACK_OF(X509) *certificates;
@@ -1012,9 +1017,9 @@ _krb5_pk_verify_sign(krb5_context context,
    size_t size;
    *signer = NULL;
-    krb5_data_zero(eContent);
+    krb5_data_zero(content);
-    eContentType->length = 0;
+    contentType->length = 0;
-    eContentType->components = NULL;
+    contentType->components = NULL;
    memset(&sd, 0, sizeof(sd));
@@ -1036,11 +1041,11 @@ _krb5_pk_verify_sign(krb5_context context,
    /* XXX Check CMS version */
    if (sd.signerInfos.len < 1) {
 	free_SignedData(&sd);
 	krb5_set_error_string(context,
 			      "PKINIT: signature information missing from "
 			      "pkinit response");
-	return KRB5_KDC_ERR_INVALID_SIG;
+	ret = KRB5_KDC_ERR_INVALID_SIG;
 	goto out;
    }
    signer_info = &sd.signerInfos.val[0];
@@ -1049,8 +1054,7 @@ _krb5_pk_verify_sign(krb5_context context,
    if (ret) {
 	krb5_set_error_string(context,
 			      "PKINIT: failed to decode CertificateSet");
-	free_SignedData(&sd);
+	goto out;
 	return ret;
    }
    ret = cert_to_X509(context, &set, &certificates);
@@ -1058,8 +1062,7 @@ _krb5_pk_verify_sign(krb5_context context,
    if (ret) {
 	krb5_set_error_string(context,
 			      "PKINIT: failed to decode Certificates");
-	free_SignedData(&sd);
+	goto out;
 	return ret;
    }
    ret = pk_verify_chain_standard(context, id,
@@ -1067,10 +1070,8 @@ _krb5_pk_verify_sign(krb5_context context,
 				   certificates,
 				   &cert);
    sk_X509_free(certificates);
-    if (ret) {
+    if (ret)
-	free_SignedData(&sd);
+	goto out;
 	return ret;
    }
    if (signer_info->signature.length == 0) {
 	free_SignedData(&sd);
@@ -1094,10 +1095,10 @@ _krb5_pk_verify_sign(krb5_context context,
 	evp_type = EVP_sha1();
    else {
 	X509_free(cert);
-	free_SignedData(&sd);
+	krb5_set_error_string(context, "PKINIT: The requested digest "
-	krb5_set_error_string(context, "The requested digest algorithm is "
+			      "algorithm is not supported");
-			      "not supported");
+	ret = KRB5_KDC_ERR_INVALID_SIG;
-	return KRB5_KDC_ERR_INVALID_SIG;
+	goto out;
    }
    EVP_VerifyInit(&md, evp_type);
@@ -1110,27 +1111,26 @@ _krb5_pk_verify_sign(krb5_context context,
 			  public_key);
    if (ret != 1) {
 	X509_free(cert);
 	free_SignedData(&sd);
 	krb5_set_error_string(context, "PKINIT: signature didn't verify: %s",
 			      ERR_error_string(ERR_get_error(), NULL));
-	return KRB5_KDC_ERR_INVALID_SIG;
+	ret = KRB5_KDC_ERR_INVALID_SIG;
 	goto out;
    }
-    ret = copy_oid(&sd.encapContentInfo.eContentType, eContentType);
+    ret = copy_oid(&sd.encapContentInfo.eContentType, contentType);
    if (ret) {
 	krb5_clear_error_string(context);
 	goto out;
    }
-    eContent->data = malloc(sd.encapContentInfo.eContent->length);
+    content->data = malloc(sd.encapContentInfo.eContent->length);
-    if (eContent->data == NULL) {
+    if (content->data == NULL) {
 	free_oid(eContentType);
 	krb5_clear_error_string(context);
 	ret = ENOMEM;
 	goto out;
    }
-    eContent->length = sd.encapContentInfo.eContent->length;
+    content->length = sd.encapContentInfo.eContent->length;
-    memcpy(eContent->data,sd.encapContentInfo.eContent->data,eContent->length);
+    memcpy(content->data,sd.encapContentInfo.eContent->data,content->length);
    *signer = malloc(sizeof(**signer));
    if (*signer == NULL) {
@@ -1143,15 +1143,15 @@ _krb5_pk_verify_sign(krb5_context context,
 out:
    free_SignedData(&sd);
    if (ret) {
-	free_oid(eContentType);
+	free_oid(contentType);
-	krb5_data_free(eContent);
+	krb5_data_free(content);
    }
    return ret;
 }
 static krb5_error_code
 get_reply_key(krb5_context context,
-	      const krb5_data *eContent,
+	      const krb5_data *content,
 	      unsigned nonce,
 	      krb5_keyblock **key)
 {
@@ -1159,8 +1159,8 @@ get_reply_key(krb5_context context,
    krb5_error_code ret;
    size_t size;
-    ret = decode_ReplyKeyPack(eContent->data,
+    ret = decode_ReplyKeyPack(content->data,
-			      eContent->length,
+			      content->length,
 			      &key_pack,
 			      &size);
    if (ret) {
@@ -1221,8 +1221,8 @@ pk_rd_pa_reply_enckey(krb5_context context,
    X509 *user_cert;
    char *p;
    krb5_boolean bret;
-    krb5_data eContent;
+    krb5_data content;
-    heim_oid eContentType = { 0, NULL };
+    heim_oid contentType = { 0, NULL };
    struct krb5_pk_cert *host = NULL;
    heim_octet_string encryptedContent;
    heim_octet_string *any;
@@ -1233,7 +1233,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
    memset(&tmp_key, 0, sizeof(tmp_key));
    memset(&ed, 0, sizeof(ed));
    krb5_data_zero(&plain);
-    krb5_data_zero(&eContent);
+    krb5_data_zero(&content);
    krb5_data_zero(&encryptedContent);
    krb5_data_zero(&ivec);
@@ -1373,8 +1373,8 @@ pk_rd_pa_reply_enckey(krb5_context context,
 			       p,
 			       length,
 			       ctx->id,
-			       &eContentType,
+			       &contentType,
-			       &eContent,
+			       &content,
 			       &host);
    if (ret)
 	goto out;
@@ -1387,20 +1387,20 @@ pk_rd_pa_reply_enckey(krb5_context context,
    }
    if (win2k_compat) {
-	if (heim_oid_cmp(&eContentType, &pkcs7_data_oid) != 0) {
+	if (heim_oid_cmp(&contentType, &pkcs7_data_oid) != 0) {
 	    krb5_set_error_string(context, "PKINIT, reply key, wrong oid");
 	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
 	    goto out;
 	}
    } else {
-	if (heim_oid_cmp(&eContentType, &heim_pkrkeydata_oid) != 0) {
+	if (heim_oid_cmp(&contentType, &heim_pkrkeydata_oid) != 0) {
 	    krb5_set_error_string(context, "PKINIT, reply key, wrong oid");
 	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
 	    goto out;
 	}
    }
-    ret = get_reply_key(context, &eContent, nonce, key);
+    ret = get_reply_key(context, &content, nonce, key);
    if (ret)
 	goto out;
@@ -1409,9 +1409,9 @@ pk_rd_pa_reply_enckey(krb5_context context,
 out:
    if (host)
 	_krb5_pk_cert_free(host);
-    free_oid(&eContentType);
+    free_oid(&contentType);
    free_octet_string(&encryptedContent);
-    krb5_data_free(&eContent);
+    krb5_data_free(&content);
    krb5_free_keyblock_contents(context, &tmp_key);
    krb5_data_free(&plain);
    krb5_data_free(&ivec);
@@ -1433,13 +1433,13 @@ pk_rd_pa_reply_dh(krb5_context context,
    struct krb5_pk_cert *host = NULL;
    BIGNUM *kdc_dh_pubkey = NULL;
    KDCDHKeyInfo kdc_dh_info;
-    heim_oid eContentType = { 0, NULL };
+    heim_oid contentType = { 0, NULL };
-    krb5_data eContent;
+    krb5_data content;
    krb5_error_code ret;
    int dh_gen_keylen;
    size_t size;
-    krb5_data_zero(&eContent);
+    krb5_data_zero(&content);
    memset(&kdc_dh_info, 0, sizeof(kdc_dh_info));
    if (heim_oid_cmp(&pkcs7_signed_oid, &rep->contentType)) {
@@ -1456,8 +1456,8 @@ pk_rd_pa_reply_dh(krb5_context context,
 			       rep->content->data,
 			       rep->content->length,
 			       ctx->id,
-			       &eContentType,
+			       &contentType,
-			       &eContent,
+			       &content,
 			       &host);
    if (ret)
 	goto out;
@@ -1467,13 +1467,13 @@ pk_rd_pa_reply_dh(krb5_context context,
    if (ret)
 	goto out;
-    if (heim_oid_cmp(&eContentType, &heim_pkdhkeydata_oid)) {
+    if (heim_oid_cmp(&contentType, &heim_pkdhkeydata_oid)) {
 	ret = KRB5KRB_AP_ERR_MSG_TYPE; /* XXX */
 	goto out;
    }
-    ret = decode_KDCDHKeyInfo(eContent.data,
+    ret = decode_KDCDHKeyInfo(content.data,
-			      eContent.length,
+			      content.length,
 			      &kdc_dh_info,
 			      &size);
@@ -1545,8 +1545,8 @@ pk_rd_pa_reply_dh(krb5_context context,
 	ASN1_INTEGER_free(dh_pub_key);
    if (host)
 	_krb5_pk_cert_free(host);
-    if (eContent.data)
+    if (content.data)
-	krb5_data_free(&eContent);
+	krb5_data_free(&content);
    free_KDCDHKeyInfo(&kdc_dh_info);
    return ret;