krb5: Add _krb5_evp_hmac_iov
Add a function which will perform an HMAC over a set of iovecs, using the hcrypto provided HMAC functions. Join contiguous iovecs together before passing them to the hash function so we make as few calls into the hash as possible.
This commit is contained in:
Simon Wilkinson
committed by
Jeffrey Altman
Jeffrey Altman
parent
cb632bfdeb
commit
3484f092e5
@@ -104,6 +104,49 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
_krb5_evp_hmac_iov(krb5_context context,
|
||||
struct _krb5_key_data *key,
|
||||
const struct krb5_crypto_iov *iov,
|
||||
int niov,
|
||||
void *hmac,
|
||||
unsigned int *hmaclen,
|
||||
const EVP_MD *md,
|
||||
ENGINE *engine)
|
||||
{
|
||||
HMAC_CTX *ctx;
|
||||
krb5_data current = {0, 0};
|
||||
int i;
|
||||
|
||||
ctx = HMAC_CTX_new();
|
||||
if (ctx == NULL)
|
||||
return krb5_enomem(context);
|
||||
|
||||
HMAC_Init_ex(ctx, key->key->keyvalue.data, key->key->keyvalue.length,
|
||||
md, engine);
|
||||
|
||||
for (i = 0; i < niov; i++) {
|
||||
if (_krb5_crypto_iov_should_sign(&iov[i])) {
|
||||
if ((char *)current.data + current.length == iov[i].data.data) {
|
||||
current.length += iov[i].data.length;
|
||||
} else {
|
||||
if (current.data)
|
||||
HMAC_Update(ctx, current.data, current.length);
|
||||
current = iov[i].data;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (current.data)
|
||||
HMAC_Update(ctx, current.data, current.length);
|
||||
|
||||
HMAC_Final(ctx, hmac, hmaclen);
|
||||
|
||||
HMAC_CTX_free(ctx);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
_krb5_evp_encrypt(krb5_context context,
|
||||
struct _krb5_key_data *key,
|
||||
|
||||
Reference in New Issue
Block a user