aboutsummaryrefslogtreecommitdiff
path: root/aes_keywrap.c
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2018-05-20 18:18:40 -0400
committerRob Austein <sra@hactrn.net>2018-05-20 18:18:40 -0400
commite6bdf57820121b6eac9f35c8ef53a4e7a76205e1 (patch)
treeb8701157fa06ea8f873b1c330d9599e4eb7384cf /aes_keywrap.c
parent76edd86d940956eb42ced93ccd4ee5f1d95bd01f (diff)
Better hal_core_alloc() semantics, assert() and printf() cleanup.
Various fixes extracted from the abandoned(-for-now?) reuse-cores branch, principally: * Change hal_core_alloc*() to support core reuse and to pick the least-recently-used core of a particular type otherwise; * Replace assert() and printf() calls with hal_assert() and hal_log(), respectively. assert() is particularly useless on the HSM, since it sends its error message into hyperspace then hangs the HSM.
Diffstat (limited to 'aes_keywrap.c')
-rw-r--r--aes_keywrap.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/aes_keywrap.c b/aes_keywrap.c
index 355cb0b..be082f6 100644
--- a/aes_keywrap.c
+++ b/aes_keywrap.c
@@ -132,7 +132,7 @@ static hal_error_t do_block(const hal_core_t *core, uint8_t *b1, uint8_t *b2)
{
hal_error_t err;
- assert(b1 != NULL && b2 != NULL);
+ hal_assert(b1 != NULL && b2 != NULL);
if ((err = hal_io_write(core, AES_ADDR_BLOCK0, b1, 8)) != HAL_OK ||
(err = hal_io_write(core, AES_ADDR_BLOCK2, b2, 8)) != HAL_OK ||
@@ -164,15 +164,16 @@ hal_error_t hal_aes_keywrap(hal_core_t *core,
size_t *C_len)
{
const size_t calculated_C_len = hal_aes_keywrap_ciphertext_length(m);
+ const int free_core = core == NULL;
hal_error_t err;
size_t n;
- assert(calculated_C_len % 8 == 0);
+ hal_assert(calculated_C_len % 8 == 0);
if (Q == NULL || C == NULL || C_len == NULL || *C_len < calculated_C_len)
return HAL_ERROR_BAD_ARGUMENTS;
- if ((err = hal_core_alloc(AES_CORE_NAME, &core)) != HAL_OK)
+ if (free_core && (err = hal_core_alloc(AES_CORE_NAME, &core, NULL)) != HAL_OK)
return err;
if ((err = load_kek(core, K, K_len, KEK_encrypting)) != HAL_OK)
@@ -215,7 +216,8 @@ hal_error_t hal_aes_keywrap(hal_core_t *core,
}
out:
- hal_core_free(core);
+ if (free_core)
+ hal_core_free(core);
return err;
}
@@ -226,13 +228,14 @@ out:
* Q should be the same size as C. Q and C can overlap.
*/
-hal_error_t hal_aes_keyunwrap(hal_core_t * core,
+hal_error_t hal_aes_keyunwrap(hal_core_t *core,
const uint8_t *K, const size_t K_len,
const uint8_t * const C,
const size_t C_len,
uint8_t *Q,
size_t *Q_len)
{
+ const int free_core = core == NULL;
hal_error_t err;
size_t n;
size_t m;
@@ -240,7 +243,7 @@ hal_error_t hal_aes_keyunwrap(hal_core_t * core,
if (C == NULL || Q == NULL || C_len % 8 != 0 || C_len < 16 || Q_len == NULL || *Q_len < C_len)
return HAL_ERROR_BAD_ARGUMENTS;
- if ((err = hal_core_alloc(AES_CORE_NAME, &core)) != HAL_OK)
+ if (free_core && (err = hal_core_alloc(AES_CORE_NAME, &core, NULL)) != HAL_OK)
return err;
if ((err = load_kek(core, K, K_len, KEK_decrypting)) != HAL_OK)
@@ -294,7 +297,8 @@ hal_error_t hal_aes_keyunwrap(hal_core_t * core,
memmove(Q, Q + 8, m);
out:
- hal_core_free(core);
+ if (free_core)
+ hal_core_free(core);
return err;
}