|
|
167778 |
From c886bef63a4820d12fbc956f62747840fba8a88e Mon Sep 17 00:00:00 2001
|
|
|
167778 |
From: Greg Hudson <ghudson@mit.edu>
|
|
|
167778 |
Date: Sat, 3 Feb 2018 20:53:42 -0500
|
|
|
167778 |
Subject: [PATCH] Add vector support to k5_sha256()
|
|
|
167778 |
|
|
|
167778 |
Add a length argument so that multiple krb5_data values can be passed
|
|
|
167778 |
to k5_sha256(), for efficient computation of SHA-256 hashes over
|
|
|
167778 |
concatenations of data values.
|
|
|
167778 |
|
|
|
167778 |
(cherry picked from commit 4f3373e8c55b3e9bdfb5b065e07214c5816c85fa)
|
|
|
167778 |
---
|
|
|
167778 |
src/include/k5-int.h | 4 ++--
|
|
|
167778 |
src/lib/crypto/builtin/sha2/sha256.c | 6 ++++--
|
|
|
167778 |
src/lib/crypto/crypto_tests/t_sha2.c | 2 +-
|
|
|
167778 |
src/lib/crypto/openssl/sha256.c | 6 ++++--
|
|
|
167778 |
src/lib/krb5/rcache/rc_conv.c | 2 +-
|
|
|
167778 |
5 files changed, 12 insertions(+), 8 deletions(-)
|
|
|
167778 |
|
|
|
167778 |
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
|
|
|
167778 |
index 10b034037..7c549bce2 100644
|
|
|
167778 |
--- a/src/include/k5-int.h
|
|
|
167778 |
+++ b/src/include/k5-int.h
|
|
|
167778 |
@@ -634,9 +634,9 @@ krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
|
|
|
167778 |
|
|
|
167778 |
#define K5_SHA256_HASHLEN (256 / 8)
|
|
|
167778 |
|
|
|
167778 |
-/* Write the SHA-256 hash of in to out. */
|
|
|
167778 |
+/* Write the SHA-256 hash of in (containing n elements) to out. */
|
|
|
167778 |
krb5_error_code
|
|
|
167778 |
-k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN]);
|
|
|
167778 |
+k5_sha256(const krb5_data *in, size_t n, uint8_t out[K5_SHA256_HASHLEN]);
|
|
|
167778 |
|
|
|
167778 |
/*
|
|
|
167778 |
* Attempt to zero memory in a way that compilers won't optimize out.
|
|
|
167778 |
diff --git a/src/lib/crypto/builtin/sha2/sha256.c b/src/lib/crypto/builtin/sha2/sha256.c
|
|
|
167778 |
index e34bed575..4b5fe10a3 100644
|
|
|
167778 |
--- a/src/lib/crypto/builtin/sha2/sha256.c
|
|
|
167778 |
+++ b/src/lib/crypto/builtin/sha2/sha256.c
|
|
|
167778 |
@@ -257,12 +257,14 @@ k5_sha256_final(void *res, SHA256_CTX *m)
|
|
|
167778 |
}
|
|
|
167778 |
|
|
|
167778 |
krb5_error_code
|
|
|
167778 |
-k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN])
|
|
|
167778 |
+k5_sha256(const krb5_data *in, size_t n, uint8_t out[K5_SHA256_HASHLEN])
|
|
|
167778 |
{
|
|
|
167778 |
SHA256_CTX ctx;
|
|
|
167778 |
+ size_t i;
|
|
|
167778 |
|
|
|
167778 |
k5_sha256_init(&ctx;;
|
|
|
167778 |
- k5_sha256_update(&ctx, in->data, in->length);
|
|
|
167778 |
+ for (i = 0; i < n; i++)
|
|
|
167778 |
+ k5_sha256_update(&ctx, in[i].data, in[i].length);
|
|
|
167778 |
k5_sha256_final(out, &ctx;;
|
|
|
167778 |
return 0;
|
|
|
167778 |
}
|
|
|
167778 |
diff --git a/src/lib/crypto/crypto_tests/t_sha2.c b/src/lib/crypto/crypto_tests/t_sha2.c
|
|
|
167778 |
index 12f32869b..e6fa58498 100644
|
|
|
167778 |
--- a/src/lib/crypto/crypto_tests/t_sha2.c
|
|
|
167778 |
+++ b/src/lib/crypto/crypto_tests/t_sha2.c
|
|
|
167778 |
@@ -125,7 +125,7 @@ hash_test(const struct krb5_hash_provider *hash, struct test *tests)
|
|
|
167778 |
|
|
|
167778 |
if (hash == &krb5int_hash_sha256) {
|
|
|
167778 |
/* Try again using k5_sha256(). */
|
|
|
167778 |
- if (k5_sha256(&iov.data, (uint8_t *)hval.data) != 0)
|
|
|
167778 |
+ if (k5_sha256(&iov.data, 1, (uint8_t *)hval.data) != 0)
|
|
|
167778 |
abort();
|
|
|
167778 |
if (memcmp(hval.data, t->hash, hval.length) != 0)
|
|
|
167778 |
abort();
|
|
|
167778 |
diff --git a/src/lib/crypto/openssl/sha256.c b/src/lib/crypto/openssl/sha256.c
|
|
|
167778 |
index fa095d472..0edd8b7ba 100644
|
|
|
167778 |
--- a/src/lib/crypto/openssl/sha256.c
|
|
|
167778 |
+++ b/src/lib/crypto/openssl/sha256.c
|
|
|
167778 |
@@ -34,16 +34,18 @@
|
|
|
167778 |
#include <openssl/evp.h>
|
|
|
167778 |
|
|
|
167778 |
krb5_error_code
|
|
|
167778 |
-k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN])
|
|
|
167778 |
+k5_sha256(const krb5_data *in, size_t n, uint8_t out[K5_SHA256_HASHLEN])
|
|
|
167778 |
{
|
|
|
167778 |
EVP_MD_CTX *ctx;
|
|
|
167778 |
+ size_t i;
|
|
|
167778 |
int ok;
|
|
|
167778 |
|
|
|
167778 |
ctx = EVP_MD_CTX_new();
|
|
|
167778 |
if (ctx == NULL)
|
|
|
167778 |
return ENOMEM;
|
|
|
167778 |
ok = EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
|
|
|
167778 |
- ok = ok && EVP_DigestUpdate(ctx, in->data, in->length);
|
|
|
167778 |
+ for (i = 0; i < n; i++)
|
|
|
167778 |
+ ok = ok && EVP_DigestUpdate(ctx, in[i].data, in[i].length);
|
|
|
167778 |
ok = ok && EVP_DigestFinal_ex(ctx, out, NULL);
|
|
|
167778 |
EVP_MD_CTX_free(ctx);
|
|
|
167778 |
return ok ? 0 : ENOMEM;
|
|
|
167778 |
diff --git a/src/lib/krb5/rcache/rc_conv.c b/src/lib/krb5/rcache/rc_conv.c
|
|
|
167778 |
index 0e021f5d8..f2fe528ac 100644
|
|
|
167778 |
--- a/src/lib/krb5/rcache/rc_conv.c
|
|
|
167778 |
+++ b/src/lib/krb5/rcache/rc_conv.c
|
|
|
167778 |
@@ -58,7 +58,7 @@ krb5_rc_hash_message(krb5_context context, const krb5_data *message,
|
|
|
167778 |
*out = NULL;
|
|
|
167778 |
|
|
|
167778 |
/* Calculate the binary checksum. */
|
|
|
167778 |
- retval = k5_sha256(message, cksum);
|
|
|
167778 |
+ retval = k5_sha256(message, 1, cksum);
|
|
|
167778 |
if (retval)
|
|
|
167778 |
return retval;
|
|
|
167778 |
|