oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: Add _krb5_crypto_iov_should_sign helper function

Browse Source 
Add a helper function which contains the knowledge about whether
a particular portion of a krb5_crypto_iovec should be signed or not.
This commit is contained in:
Simon Wilkinson
2018-05-14 13:40:57 +01:00
committed by Jeffrey Altman
parent c1eb9828f4
commit eb5eae59a4
2 changed files with 21 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
lib/krb5/crypto.c
View File

@@ -1335,10 +1335,8 @@ iov_sign_data_len(krb5_crypto_iov *data, int num_data)
size_t i, len; size_t i, len;
for (len = 0, i = 0; i < num_data; i++) { for (len = 0, i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && if (_krb5_crypto_iov_should_sign(&data[i]))
data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) len += data[i].data.length;
continue;
len += data[i].data.length;
} }
return len; return len;
@@ -1824,20 +1822,17 @@ krb5_create_checksum_iov(krb5_context context,
len = 0; len = 0;
for (i = 0; i < num_data; i++) { for (i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && if (_krb5_crypto_iov_should_sign(&data[i]))
data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) len += data[i].data.length;
continue;
len += data[i].data.length;
} }
p = q = malloc(len); p = q = malloc(len);
for (i = 0; i < num_data; i++) { for (i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && if (_krb5_crypto_iov_should_sign(&data[i])) {
data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) memcpy(q, data[i].data.data, data[i].data.length);
continue; q += data[i].data.length;
memcpy(q, data[i].data.data, data[i].data.length); }
q += data[i].data.length;
} }
ret = krb5_create_checksum(context, crypto, usage, 0, p, len, &cksum); ret = krb5_create_checksum(context, crypto, usage, 0, p, len, &cksum);
@@ -1903,20 +1898,17 @@ krb5_verify_checksum_iov(krb5_context context,
len = 0; len = 0;
for (i = 0; i < num_data; i++) { for (i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && if (_krb5_crypto_iov_should_sign(&data[i]))
data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) len += data[i].data.length;
continue;
len += data[i].data.length;
} }
p = q = malloc(len); p = q = malloc(len);
for (i = 0; i < num_data; i++) { for (i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && if (_krb5_crypto_iov_should_sign(&data[i])) {
data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) memcpy(q, data[i].data.data, data[i].data.length);
continue; q += data[i].data.length;
memcpy(q, data[i].data.data, data[i].data.length); }
q += data[i].data.length;
} }
cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum); cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum);

7
lib/krb5/crypto.h
View File

@@ -187,6 +187,13 @@ extern struct _krb5_encryption_type _krb5_enctype_null;
extern struct _krb5_encryption_type *_krb5_etypes[]; extern struct _krb5_encryption_type *_krb5_etypes[];
extern int _krb5_num_etypes; extern int _krb5_num_etypes;
static inline int
_krb5_crypto_iov_should_sign(const struct krb5_crypto_iov *iov)
{
return (iov->flags == KRB5_CRYPTO_TYPE_DATA
|| iov->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY);
}
/* NO_HCRYPTO_POLLUTION is defined in pkinit-ec.c. See commentary there. */ /* NO_HCRYPTO_POLLUTION is defined in pkinit-ec.c. See commentary there. */
#ifndef NO_HCRYPTO_POLLUTION #ifndef NO_HCRYPTO_POLLUTION
/* Interface to the EVP crypto layer provided by hcrypto */ /* Interface to the EVP crypto layer provided by hcrypto */