From eb5eae59a4beb53a44dcf13a083496192b8092b4 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Mon, 14 May 2018 13:40:57 +0100 Subject: [PATCH] krb5: Add _krb5_crypto_iov_should_sign helper function Add a helper function which contains the knowledge about whether a particular portion of a krb5_crypto_iovec should be signed or not. --- lib/krb5/crypto.c | 36 ++++++++++++++---------------------- lib/krb5/crypto.h | 7 +++++++ 2 files changed, 21 insertions(+), 22 deletions(-) diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 838c7ac71..8afcc0eb2 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -1335,10 +1335,8 @@ iov_sign_data_len(krb5_crypto_iov *data, int num_data) size_t i, len; for (len = 0, i = 0; i < num_data; i++) { - if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && - data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) - continue; - len += data[i].data.length; + if (_krb5_crypto_iov_should_sign(&data[i])) + len += data[i].data.length; } return len; @@ -1824,20 +1822,17 @@ krb5_create_checksum_iov(krb5_context context, len = 0; for (i = 0; i < num_data; i++) { - if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && - data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) - continue; - len += data[i].data.length; + if (_krb5_crypto_iov_should_sign(&data[i])) + len += data[i].data.length; } p = q = malloc(len); for (i = 0; i < num_data; i++) { - if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && - data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) - continue; - memcpy(q, data[i].data.data, data[i].data.length); - q += data[i].data.length; + if (_krb5_crypto_iov_should_sign(&data[i])) { + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } } ret = krb5_create_checksum(context, crypto, usage, 0, p, len, &cksum); @@ -1903,20 +1898,17 @@ krb5_verify_checksum_iov(krb5_context context, len = 0; for (i = 0; i < num_data; i++) { - if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && - data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) - continue; - len += data[i].data.length; + if (_krb5_crypto_iov_should_sign(&data[i])) + len += data[i].data.length; } p = q = malloc(len); for (i = 0; i < num_data; i++) { - if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && - data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) - continue; - memcpy(q, data[i].data.data, data[i].data.length); - q += data[i].data.length; + if (_krb5_crypto_iov_should_sign(&data[i])) { + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } } cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum); diff --git a/lib/krb5/crypto.h b/lib/krb5/crypto.h index 6b0fe8d85..62f48395a 100644 --- a/lib/krb5/crypto.h +++ b/lib/krb5/crypto.h @@ -187,6 +187,13 @@ extern struct _krb5_encryption_type _krb5_enctype_null; extern struct _krb5_encryption_type *_krb5_etypes[]; extern int _krb5_num_etypes; +static inline int +_krb5_crypto_iov_should_sign(const struct krb5_crypto_iov *iov) +{ + return (iov->flags == KRB5_CRYPTO_TYPE_DATA + || iov->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY); +} + /* NO_HCRYPTO_POLLUTION is defined in pkinit-ec.c. See commentary there. */ #ifndef NO_HCRYPTO_POLLUTION /* Interface to the EVP crypto layer provided by hcrypto */