From b429d230cbc4a4d301847bfb041d6b5d5c55c9b1 Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Mon, 29 Feb 2016 09:00:02 +0100 Subject: [PATCH] Refactored crypto *_New functions. --- libfreerdp/core/connection.c | 40 ++++++++++++------- libfreerdp/core/license.c | 7 +++- libfreerdp/core/security.c | 9 +++-- winpr/include/winpr/crypto.h | 4 +- winpr/libwinpr/crypto/cipher.c | 32 +++++++-------- winpr/libwinpr/crypto/crypto.c | 8 ++-- winpr/libwinpr/crypto/test/TestCryptoCipher.c | 2 +- winpr/libwinpr/sspi/NTLM/ntlm_compute.c | 14 +++---- 8 files changed, 66 insertions(+), 50 deletions(-) diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index c23b4217a..99b2e59f3 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -490,14 +490,20 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp) if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) { - if (!winpr_Cipher_New(&rdp->fips_encrypt, WINPR_CIPHER_DES_EDE3_CBC, - WINPR_ENCRYPT, rdp->fips_encrypt_key, fips_ivec)) + rdp->fips_encrypt = winpr_Cipher_New( WINPR_CIPHER_DES_EDE3_CBC, + WINPR_ENCRYPT, + rdp->fips_encrypt_key, + fips_ivec); + if (!rdp->fips_encrypt) { WLog_ERR(TAG, "unable to allocate des3 encrypt key"); goto end; } - if (!winpr_Cipher_New(&rdp->fips_decrypt, WINPR_CIPHER_DES_EDE3_CBC, - WINPR_DECRYPT, rdp->fips_decrypt_key, fips_ivec)) + rdp->fips_decrypt = winpr_Cipher_New(WINPR_CIPHER_DES_EDE3_CBC, + WINPR_DECRYPT, + rdp->fips_decrypt_key, + fips_ivec); + if (!rdp->fips_decrypt) { WLog_ERR(TAG, "unable to allocate des3 decrypt key"); goto end; @@ -513,9 +519,9 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp) goto end; } - if (!winpr_RC4_New(&rdp->rc4_decrypt_key, rdp->decrypt_key, rdp->rc4_key_len)) - goto end; - if (!winpr_RC4_New(&rdp->rc4_encrypt_key, rdp->encrypt_key, rdp->rc4_key_len)) + rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len); + rdp->rc4_encrypt_key = winpr_RC4_New(rdp->encrypt_key, rdp->rc4_key_len); + if (!rdp->rc4_decrypt_key || !rdp->rc4_encrypt_key) goto end; ret = TRUE; @@ -610,15 +616,21 @@ BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s) if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) { - if (!winpr_Cipher_New(&rdp->fips_encrypt, WINPR_CIPHER_DES_EDE3_CBC, - WINPR_ENCRYPT, rdp->fips_encrypt_key, fips_ivec)) + rdp->fips_encrypt = winpr_Cipher_New(WINPR_CIPHER_DES_EDE3_CBC, + WINPR_ENCRYPT, + rdp->fips_encrypt_key, + fips_ivec); + if (!rdp->fips_encrypt) { WLog_ERR(TAG, "unable to allocate des3 encrypt key"); goto end; } - if (!winpr_Cipher_New(&rdp->fips_decrypt, WINPR_CIPHER_DES_EDE3_CBC, - WINPR_DECRYPT, rdp->fips_decrypt_key, fips_ivec)) + rdp->fips_decrypt = winpr_Cipher_New(WINPR_CIPHER_DES_EDE3_CBC, + WINPR_DECRYPT, + rdp->fips_decrypt_key, + fips_ivec); + if (!rdp->fips_decrypt) { WLog_ERR(TAG, "unable to allocate des3 decrypt key"); goto end; @@ -634,9 +646,9 @@ BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s) goto end; } - if (!winpr_RC4_New(&rdp->rc4_decrypt_key, rdp->decrypt_key, rdp->rc4_key_len)) - goto end; - if (!winpr_RC4_New(&rdp->rc4_encrypt_key, rdp->encrypt_key, rdp->rc4_key_len)) + rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len); + rdp->rc4_encrypt_key = winpr_RC4_New(rdp->encrypt_key, rdp->rc4_key_len); + if (!rdp->rc4_decrypt_key || rdp->rc4_encrypt_key) goto end; ret = TRUE; diff --git a/libfreerdp/core/license.c b/libfreerdp/core/license.c index cc3e64a07..055a2dc3e 100644 --- a/libfreerdp/core/license.c +++ b/libfreerdp/core/license.c @@ -466,7 +466,8 @@ BOOL license_decrypt_platform_challenge(rdpLicense* license) return FALSE; license->PlatformChallenge->length = license->EncryptedPlatformChallenge->length; - if (!winpr_RC4_New(&rc4, license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH)) + if ((rc4 = winpr_RC4_New(license->LicensingEncryptionKey, + LICENSING_ENCRYPTION_KEY_LENGTH)) == NULL) return FALSE; rc = winpr_RC4_Update(rc4, license->EncryptedPlatformChallenge->length, license->EncryptedPlatformChallenge->data, @@ -1038,7 +1039,9 @@ BOOL license_send_platform_challenge_response_packet(rdpLicense* license) if (!status) return FALSE; - if (!winpr_RC4_New(&rc4, license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH)) + rc4 = winpr_RC4_New(license->LicensingEncryptionKey, + LICENSING_ENCRYPTION_KEY_LENGTH); + if (!rc4) return FALSE; buffer = (BYTE*) malloc(HWID_LENGTH); diff --git a/libfreerdp/core/security.c b/libfreerdp/core/security.c index 4158093de..e41578687 100644 --- a/libfreerdp/core/security.c +++ b/libfreerdp/core/security.c @@ -564,7 +564,7 @@ BOOL security_key_update(BYTE* key, BYTE* update_key, int key_len, rdpRdp* rdp) if (!winpr_MD5_Final(&md5, key, WINPR_MD5_DIGEST_LENGTH)) return FALSE; - if (!winpr_RC4_New(&rc4, key, key_len)) + if ((rc4 = winpr_RC4_New(key, key_len)) == NULL) return FALSE; rc = winpr_RC4_Update(rc4, key_len, key, key); winpr_RC4_Free(rc4); @@ -588,7 +588,8 @@ BOOL security_encrypt(BYTE* data, int length, rdpRdp* rdp) return FALSE; winpr_RC4_Free(rdp->rc4_encrypt_key); - if (!winpr_RC4_New(&rdp->rc4_encrypt_key, rdp->encrypt_key, rdp->rc4_key_len)) + rdp->rc4_encrypt_key = winpr_RC4_New(rdp->encrypt_key, rdp->rc4_key_len); + if (!rdp->rc4_encrypt_key) return FALSE; rdp->encrypt_use_count = 0; @@ -611,7 +612,9 @@ BOOL security_decrypt(BYTE* data, int length, rdpRdp* rdp) if (!security_key_update(rdp->decrypt_key, rdp->decrypt_update_key, rdp->rc4_key_len, rdp)) return FALSE; winpr_RC4_Free(rdp->rc4_decrypt_key); - if (!winpr_RC4_New(&rdp->rc4_decrypt_key, rdp->decrypt_key, rdp->rc4_key_len)) + rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, + rdp->rc4_key_len); + if (!rdp->rc4_decrypt_key) return FALSE; rdp->decrypt_use_count = 0; diff --git a/winpr/include/winpr/crypto.h b/winpr/include/winpr/crypto.h index 0808582b3..c4dcb31bf 100644 --- a/winpr/include/winpr/crypto.h +++ b/winpr/include/winpr/crypto.h @@ -901,7 +901,7 @@ typedef union _WINPR_RC4_CTX WINPR_RC4_CTX; extern "C" { #endif -WINPR_API BOOL winpr_RC4_New(WINPR_RC4_CTX** ctx, const BYTE* key, size_t keylen); +WINPR_API WINPR_RC4_CTX* winpr_RC4_New(const BYTE* key, size_t keylen); WINPR_API BOOL winpr_RC4_Update(WINPR_RC4_CTX* ctx, size_t length, const BYTE* input, BYTE* output); WINPR_API void winpr_RC4_Free(WINPR_RC4_CTX* ctx); @@ -1016,7 +1016,7 @@ typedef union _WINPR_CIPHER_CTX WINPR_CIPHER_CTX; extern "C" { #endif -WINPR_API BOOL winpr_Cipher_New(WINPR_CIPHER_CTX** ctx, int cipher, int op, const BYTE* key, const BYTE* iv); +WINPR_API WINPR_CIPHER_CTX* winpr_Cipher_New(int cipher, int op, const BYTE* key, const BYTE* iv); WINPR_API BOOL winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen, BYTE* output, size_t* olen); WINPR_API BOOL winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen); WINPR_API void winpr_Cipher_Free(WINPR_CIPHER_CTX* ctx); diff --git a/winpr/libwinpr/crypto/cipher.c b/winpr/libwinpr/crypto/cipher.c index 5c571b147..eff9c3c85 100644 --- a/winpr/libwinpr/crypto/cipher.c +++ b/winpr/libwinpr/crypto/cipher.c @@ -43,16 +43,16 @@ * RC4 */ -BOOL winpr_RC4_New(WINPR_RC4_CTX** octx, const BYTE* key, size_t keylen) +WINPR_RC4_CTX* winpr_RC4_New(const BYTE* key, size_t keylen) { WINPR_RC4_CTX* ctx = NULL; - if (!octx || !key || (keylen == 0)) - return FALSE; + if (!key || (keylen == 0)) + return NULL; ctx = calloc(1, sizeof(WINPR_RC4_CTX)); if (!ctx) - return FALSE; + return NULL; #if defined(WITH_OPENSSL) RC4_set_key((RC4_KEY*) ctx, keylen, key); @@ -60,9 +60,7 @@ BOOL winpr_RC4_New(WINPR_RC4_CTX** octx, const BYTE* key, size_t keylen) mbedtls_arc4_init((mbedtls_arc4_context*) ctx); mbedtls_arc4_setup((mbedtls_arc4_context*) ctx, key, keylen); #endif - *octx = ctx; - - return TRUE; + return ctx; } BOOL winpr_RC4_Update(WINPR_RC4_CTX* ctx, size_t length, const BYTE* input, BYTE* output) @@ -514,7 +512,7 @@ mbedtls_cipher_type_t winpr_mbedtls_get_cipher_type(int cipher) } #endif -BOOL winpr_Cipher_New(WINPR_CIPHER_CTX** cctx, int cipher, int op, const BYTE* key, const BYTE* iv) +WINPR_CIPHER_CTX* winpr_Cipher_New(int cipher, int op, const BYTE* key, const BYTE* iv) { WINPR_CIPHER_CTX* ctx; #if defined(WITH_OPENSSL) @@ -530,20 +528,20 @@ BOOL winpr_Cipher_New(WINPR_CIPHER_CTX** cctx, int cipher, int op, const BYTE* k ctx = calloc(1, sizeof(WINPR_CIPHER_CTX)); if (!ctx) - return FALSE; - + return NULL; + #if defined(WITH_OPENSSL) octx = (EVP_CIPHER_CTX*)ctx; evp = winpr_openssl_get_evp_cipher(cipher); if (!evp) - return FALSE; + return NULL; operation = (op == WINPR_ENCRYPT) ? 1 : 0; EVP_CIPHER_CTX_init(octx); if (EVP_CipherInit_ex(octx, evp, NULL, key, iv, operation) != 1) - return FALSE; + return NULL; EVP_CIPHER_CTX_set_padding(octx, 0); #elif defined(WITH_MBEDTLS) @@ -551,22 +549,20 @@ BOOL winpr_Cipher_New(WINPR_CIPHER_CTX** cctx, int cipher, int op, const BYTE* k cipher_info = mbedtls_cipher_info_from_type(cipher_type); if (!cipher_info) - return FALSE; + return NULL; operation = (op == WINPR_ENCRYPT) ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT; mbedtls_cipher_init((mbedtls_cipher_context_t*) ctx); if (mbedtls_cipher_setup((mbedtls_cipher_context_t*) ctx, cipher_info) != 0) - return FALSE; + return NULL; key_bitlen = mbedtls_cipher_get_key_bitlen((mbedtls_cipher_context_t*) ctx); if (mbedtls_cipher_setkey((mbedtls_cipher_context_t*) ctx, key, key_bitlen, operation) != 0) - return FALSE; + return NULL; #endif - - *cctx = ctx; - return TRUE; + return ctx; } BOOL winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen, BYTE* output, size_t* olen) diff --git a/winpr/libwinpr/crypto/crypto.c b/winpr/libwinpr/crypto/crypto.c index 5b0a68a7f..a651a2fe7 100644 --- a/winpr/libwinpr/crypto/crypto.c +++ b/winpr/libwinpr/crypto/crypto.c @@ -186,9 +186,10 @@ BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags) pCipherText = (BYTE*) malloc(cbOut); if (!pCipherText) - goto out; + goto out; - if (!winpr_Cipher_New(&enc, WINPR_CIPHER_AES_256_CBC, WINPR_ENCRYPT, pMemBlock->key, pMemBlock->iv)) + if ((enc = winpr_Cipher_New(WINPR_CIPHER_AES_256_CBC, WINPR_ENCRYPT, + pMemBlock->key, pMemBlock->iv)) == NULL) goto out; if (!winpr_Cipher_Update(enc, pMemBlock->pData, pMemBlock->cbData, pCipherText, &cbOut)) goto out; @@ -233,7 +234,8 @@ BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags) if (!pPlainText) goto out; - if (!winpr_Cipher_New(&dec, WINPR_CIPHER_AES_256_CBC, WINPR_DECRYPT, pMemBlock->key, pMemBlock->iv)) + if ((dec = winpr_Cipher_New(WINPR_CIPHER_AES_256_CBC, WINPR_DECRYPT, + pMemBlock->key, pMemBlock->iv)) == NULL) goto out; if (!winpr_Cipher_Update(dec, pMemBlock->pData, pMemBlock->cbData, pPlainText, &cbOut)) goto out; diff --git a/winpr/libwinpr/crypto/test/TestCryptoCipher.c b/winpr/libwinpr/crypto/test/TestCryptoCipher.c index 98ceb8fc5..cbf940d9a 100644 --- a/winpr/libwinpr/crypto/test/TestCryptoCipher.c +++ b/winpr/libwinpr/crypto/test/TestCryptoCipher.c @@ -21,7 +21,7 @@ static BOOL test_crypto_cipher_rc4() if (!text) goto out; - if (!winpr_RC4_New(&ctx, TEST_RC4_KEY, strlen((char*) TEST_RC4_KEY))) + if ((ctx = winpr_RC4_New(TEST_RC4_KEY, strlen((char*) TEST_RC4_KEY))) == NULL) goto out; rc = winpr_RC4_Update(ctx, len, (BYTE*) TEST_RC4_PLAINTEXT, text); winpr_RC4_Free(ctx); diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c index 092f250e3..8c18466f7 100644 --- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c +++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c @@ -442,10 +442,10 @@ int ntlm_compute_ntlm_v2_response(NTLM_CONTEXT* context) void ntlm_rc4k(BYTE* key, int length, BYTE* plaintext, BYTE* ciphertext) { - WINPR_RC4_CTX* rc4; - if (winpr_RC4_New(&rc4, (void*) key, 16)) + WINPR_RC4_CTX* rc4 = winpr_RC4_New(key, 16); + if (rc4) { - winpr_RC4_Update(rc4, length, (void*) plaintext, (void*) ciphertext); + winpr_RC4_Update(rc4, length, plaintext, ciphertext); winpr_RC4_Free(rc4); } } @@ -664,8 +664,8 @@ void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context) context->RecvSigningKey = context->ClientSigningKey; context->SendSealingKey = context->ClientSealingKey; context->RecvSealingKey = context->ServerSealingKey; - winpr_RC4_New(&context->SendRc4Seal, context->ServerSealingKey, 16); - winpr_RC4_New(&context->RecvRc4Seal, context->ClientSealingKey, 16); + context->SendRc4Seal = winpr_RC4_New(context->ServerSealingKey, 16); + context->RecvRc4Seal = winpr_RC4_New(context->ClientSealingKey, 16); } else { @@ -673,8 +673,8 @@ void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context) context->RecvSigningKey = context->ServerSigningKey; context->SendSealingKey = context->ServerSealingKey; context->RecvSealingKey = context->ClientSealingKey; - winpr_RC4_New(&context->SendRc4Seal, context->ClientSealingKey, 16); - winpr_RC4_New(&context->RecvRc4Seal, context->ServerSealingKey, 16); + context->SendRc4Seal = winpr_RC4_New(context->ClientSealingKey, 16); + context->RecvRc4Seal = winpr_RC4_New(context->ServerSealingKey, 16); } }