krb5: Use iovecs for internal checksum handling

Modify the signature of the checksum operation in the krb5_checksum_type structure so that it processes iovecs rather than solid blocks of data. Update all of the implementations of these functions for all of the checksum types that we support so that they process iovecs, either by iterating through the iovec in each function, or by calling _krb5_evp_digest_iov or _krb5_evp_hmac_iov() Update callers of these functions so that they turn their single blocks of data into a single iovec of the correct type before calling checksum
2018-05-14 13:56:21 +01:00
parent 3484f092e5
commit ca756f0f7f
10 changed files with 139 additions and 60 deletions
--- a/lib/krb5/crypto-aes-sha2.c
+++ b/lib/krb5/crypto-aes-sha2.c
@@ -59,9 +59,9 @@ _krb5_aes_sha2_md_for_enctype(krb5_context context,
 static krb5_error_code
 SP_HMAC_SHA2_checksum(krb5_context context,
 		      struct _krb5_key_data *key,
-		      const void *data,
-		      size_t len,
-		      unsigned usage,
+                      unsigned usage,
+                      const struct krb5_crypto_iov *iov,
+                      int niov,
 		      Checksum *result)
 {
    krb5_error_code ret;
@@ -73,8 +73,9 @@ SP_HMAC_SHA2_checksum(krb5_context context,
    if (ret)
 	return ret;

-    HMAC(md, key->key->keyvalue.data, key->key->keyvalue.length,
-	 data, len, hmac, &hmaclen);
+    ret = _krb5_evp_hmac_iov(context, key, iov, niov, hmac, &hmaclen, md, NULL);
+    if (ret)
+        return ret;

    heim_assert(result->checksum.length <= hmaclen, "SHA2 internal error");