krb5: Add _krb5_crypto_iov_should_sign helper function

Add a helper function which contains the knowledge about whether a particular portion of a krb5_crypto_iovec should be signed or not.
2018-05-14 13:40:57 +01:00
parent c1eb9828f4
commit eb5eae59a4
2 changed files with 21 additions and 22 deletions
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -1335,10 +1335,8 @@ iov_sign_data_len(krb5_crypto_iov *data, int num_data)
    size_t i, len;

    for (len = 0, i = 0; i < num_data; i++) {
-	if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
-	    data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
-	    continue;
-	len += data[i].data.length;
+        if (_krb5_crypto_iov_should_sign(&data[i]))
+	    len += data[i].data.length;
    }

    return len;
@@ -1824,20 +1822,17 @@ krb5_create_checksum_iov(krb5_context context,

    len = 0;
    for (i = 0; i < num_data; i++) {
-	if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
-	    data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
-	    continue;
-	len += data[i].data.length;
+        if (_krb5_crypto_iov_should_sign(&data[i]))
+	    len += data[i].data.length;
    }

    p = q = malloc(len);

    for (i = 0; i < num_data; i++) {
-	if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
-	    data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
-	    continue;
-	memcpy(q, data[i].data.data, data[i].data.length);
-	q += data[i].data.length;
+        if (_krb5_crypto_iov_should_sign(&data[i])) {
+	    memcpy(q, data[i].data.data, data[i].data.length);
+	    q += data[i].data.length;
+        }
    }

    ret = krb5_create_checksum(context, crypto, usage, 0, p, len, &cksum);
@@ -1903,20 +1898,17 @@ krb5_verify_checksum_iov(krb5_context context,

    len = 0;
    for (i = 0; i < num_data; i++) {
-	if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
-	    data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
-	    continue;
-	len += data[i].data.length;
+        if (_krb5_crypto_iov_should_sign(&data[i]))
+	    len += data[i].data.length;
    }

    p = q = malloc(len);

    for (i = 0; i < num_data; i++) {
-	if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
-	    data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
-	    continue;
-	memcpy(q, data[i].data.data, data[i].data.length);
-	q += data[i].data.length;
+        if (_krb5_crypto_iov_should_sign(&data[i])) {
+	    memcpy(q, data[i].data.data, data[i].data.length);
+	    q += data[i].data.length;
+        }
    }

    cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum);
--- a/lib/krb5/crypto.h
+++ b/lib/krb5/crypto.h
@@ -187,6 +187,13 @@ extern struct _krb5_encryption_type _krb5_enctype_null;
 extern struct _krb5_encryption_type *_krb5_etypes[];
 extern int _krb5_num_etypes;

+static inline int
+_krb5_crypto_iov_should_sign(const struct krb5_crypto_iov *iov)
+{
+    return (iov->flags == KRB5_CRYPTO_TYPE_DATA
+            || iov->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY);
+}
+
 /* NO_HCRYPTO_POLLUTION is defined in pkinit-ec.c.  See commentary there. */
 #ifndef NO_HCRYPTO_POLLUTION
 /* Interface to the EVP crypto layer provided by hcrypto */