From 550067f6d00131762ed3ec6da11761416da4fc53 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@auristor.com>
Date: Mon, 14 May 2018 14:46:09 +0100
Subject: [PATCH] krb5: Expand list of vector types that are hashed

So that we can eventually use iovec hashes with encrypt, as well
as sign operations, add CRYPTO_TYPE_HEADER and CRYPTO_TYPE_PADDING
to the list of iovecs which will be hashed.
---
 lib/krb5/crypto.c | 5 ++++-
 lib/krb5/crypto.h | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index 85d9a6286..135b94127 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -1425,7 +1425,10 @@ iov_sign_data_len(krb5_crypto_iov *data, int num_data)
     size_t i, len;
 
     for (len = 0, i = 0; i < num_data; i++) {
-        if (_krb5_crypto_iov_should_sign(&data[i]))
+	/* Can't use should_sign, because we must only count data, not
+	 * header/trailer */
+	if (data[i].flags == KRB5_CRYPTO_TYPE_DATA ||
+	    data[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
 	    len += data[i].data.length;
     }
 
diff --git a/lib/krb5/crypto.h b/lib/krb5/crypto.h
index d9c0dfcf3..48201b546 100644
--- a/lib/krb5/crypto.h
+++ b/lib/krb5/crypto.h
@@ -186,7 +186,9 @@ static inline int
 _krb5_crypto_iov_should_sign(const struct krb5_crypto_iov *iov)
 {
     return (iov->flags == KRB5_CRYPTO_TYPE_DATA
-            || iov->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY);
+            || iov->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY
+            || iov->flags == KRB5_CRYPTO_TYPE_HEADER
+            || iov->flags == KRB5_CRYPTO_TYPE_PADDING);
 }
 
 /* NO_HCRYPTO_POLLUTION is defined in pkinit-ec.c.  See commentary there. */