1 files changed, 13 insertions, 40 deletions

diff --git a/src/lib/crypto/krb/dk/checksum.c b/src/lib/crypto/krb/dk/checksum.c
index fb5622a735..31e7de90ef 100644
--- a/src/lib/crypto/krb/dk/checksum.c
+++ b/src/lib/crypto/krb/dk/checksum.c
@@ -33,19 +33,17 @@
 
 krb5_error_code
 krb5_dk_make_checksum(const struct krb5_hash_provider *hash,
-		      const krb5_keyblock *key, krb5_keyusage usage,
+		      krb5_key key, krb5_keyusage usage,
 		      const krb5_data *input, krb5_data *output)
 {
     const struct krb5_keytypes *ktp;
     const struct krb5_enc_provider *enc;
-    size_t keylength;
     krb5_error_code ret;
     unsigned char constantdata[K5CLENGTH];
     krb5_data datain;
-    unsigned char *kcdata;
-    krb5_keyblock kc;
+    krb5_key kc;
 
-    ktp = find_enctype(key->enctype);
+    ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
 	return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
@@ -55,15 +53,6 @@ krb5_dk_make_checksum(const struct krb5_hash_provider *hash,
      * output->length will be tested in krb5_hmac.
      */
 
-    /* Allocate and set to-be-derived keys. */
-    keylength = enc->keylength;
-    kcdata = malloc(keylength);
-    if (kcdata == NULL)
-	return ENOMEM;
-
-    kc.contents = kcdata;
-    kc.length = keylength;
-
     /* Derive the key. */
  
     datain.data = (char *) constantdata;
@@ -75,37 +64,34 @@ krb5_dk_make_checksum(const struct krb5_hash_provider *hash,
 
     ret = krb5_derive_key(enc, key, &kc, &datain);
     if (ret)
-	goto cleanup;
+	return ret;
 
     /* hash the data */
 
     datain = *input;
 
-    ret = krb5_hmac(hash, &kc, 1, &datain, output);
+    ret = krb5_hmac(hash, kc, 1, &datain, output);
     if (ret)
 	memset(output->data, 0, output->length);
 
-cleanup:
-    zapfree(kcdata, keylength);
+    krb5_k_free_key(NULL, kc);
     return ret;
 }
 
 krb5_error_code
 krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
-		          const krb5_keyblock *key, krb5_keyusage usage,
+		          krb5_key key, krb5_keyusage usage,
 			  const krb5_crypto_iov *data, size_t num_data,
 			  krb5_data *output)
 {
     const struct krb5_keytypes *ktp;
     const struct krb5_enc_provider *enc;
-    size_t keylength;
     krb5_error_code ret;
     unsigned char constantdata[K5CLENGTH];
     krb5_data datain;
-    unsigned char *kcdata;
-    krb5_keyblock kc;
+    krb5_key kc;
 
-    ktp = find_enctype(key->enctype);
+    ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
 	return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
@@ -115,16 +101,6 @@ krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
      * output->length will be tested in krb5_hmac.
      */
 
-    /* Allocate and set to-be-derived keys. */
-
-    keylength = enc->keylength;
-    kcdata = malloc(keylength);
-    if (kcdata == NULL)
-	return ENOMEM;
-
-    kc.contents = kcdata;
-    kc.length = keylength;
-
     /* Derive the key. */
  
     datain.data = (char *) constantdata;
@@ -136,17 +112,14 @@ krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
 
     ret = krb5_derive_key(enc, key, &kc, &datain);
     if (ret)
-	goto cleanup;
+	return ret;
 
     /* Hash the data. */
 
-    ret = krb5int_hmac_iov(hash, &kc, data, num_data, output);
+    ret = krb5int_hmac_iov(hash, kc, data, num_data, output);
     if (ret)
 	memset(output->data, 0, output->length);
 
-cleanup:
-    zapfree(kcdata, keylength);
-
-    return(ret);
+    krb5_k_free_key(NULL, kc);
+    return ret;
 }
-