oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: Expand list of vector types that are hashed

Browse Source 
So that we can eventually use iovec hashes with encrypt, as well
as sign operations, add CRYPTO_TYPE_HEADER and CRYPTO_TYPE_PADDING
to the list of iovecs which will be hashed.
This commit is contained in:
Simon Wilkinson
2018-05-14 14:46:09 +01:00
committed by Jeffrey Altman
parent 2d84fc65bb
commit 550067f6d0
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/krb5/crypto.c
View File

@@ -1425,7 +1425,10 @@ iov_sign_data_len(krb5_crypto_iov *data, int num_data)
size_t i, len; size_t i, len;
for (len = 0, i = 0; i < num_data; i++) { for (len = 0, i = 0; i < num_data; i++) {
if (_krb5_crypto_iov_should_sign(&data[i])) /* Can't use should_sign, because we must only count data, not
* header/trailer */
if (data[i].flags == KRB5_CRYPTO_TYPE_DATA ||
data[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
len += data[i].data.length; len += data[i].data.length;
} }

4
lib/krb5/crypto.h
View File

@@ -186,7 +186,9 @@ static inline int
_krb5_crypto_iov_should_sign(const struct krb5_crypto_iov *iov) _krb5_crypto_iov_should_sign(const struct krb5_crypto_iov *iov)
{ {
return (iov->flags == KRB5_CRYPTO_TYPE_DATA return (iov->flags == KRB5_CRYPTO_TYPE_DATA
|| iov->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY); || iov->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY
|| iov->flags == KRB5_CRYPTO_TYPE_HEADER
|| iov->flags == KRB5_CRYPTO_TYPE_PADDING);
} }
/* NO_HCRYPTO_POLLUTION is defined in pkinit-ec.c. See commentary there. */ /* NO_HCRYPTO_POLLUTION is defined in pkinit-ec.c. See commentary there. */