Add vector support to k5_sha256()

Add a length argument so that multiple krb5_data values can be passed
to k5_sha256(), for efficient computation of SHA-256 hashes over
concatenations of data values.

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index e1b1cb040d5e11cf205519577ebc3641b269fa26..985f6f169beef3a4e6504953b8d3783365bc4cd3 100644 (file)
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -634,9 +634,9 @@ krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
 
 #define K5_SHA256_HASHLEN (256 / 8)
 
-/* Write the SHA-256 hash of in to out. */
+/* Write the SHA-256 hash of in (containing n elements) to out. */
 krb5_error_code
-k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN]);
+k5_sha256(const krb5_data *in, size_t n, uint8_t out[K5_SHA256_HASHLEN]);
 
 /*
  * Attempt to zero memory in a way that compilers won't optimize out.

diff --git a/src/lib/crypto/builtin/sha2/sha256.c b/src/lib/crypto/builtin/sha2/sha256.c
index 2b5cbe480503913fcf39cda043955800ed363f90..9a940b3f80fb3643f74058b012d5627c0a614be5 100644 (file)
--- a/src/lib/crypto/builtin/sha2/sha256.c
+++ b/src/lib/crypto/builtin/sha2/sha256.c
@@ -257,12 +257,14 @@ k5_sha256_final(void *res, SHA256_CTX *m)
 }
 
 krb5_error_code
-k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN])
+k5_sha256(const krb5_data *in, size_t n, uint8_t out[K5_SHA256_HASHLEN])
 {
     SHA256_CTX ctx;
+    size_t i;
 
     k5_sha256_init(&ctx);
-    k5_sha256_update(&ctx, in->data, in->length);
+    for (i = 0; i < n; i++)
+        k5_sha256_update(&ctx, in[i].data, in[i].length);
     k5_sha256_final(out, &ctx);
     return 0;
 }

diff --git a/src/lib/crypto/crypto_tests/t_sha2.c b/src/lib/crypto/crypto_tests/t_sha2.c
index 12f32869b78f8af40f83e9d82bc28e60efd73bb1..e6fa58498283d867839fb7963e16979afd7b4650 100644 (file)
--- a/src/lib/crypto/crypto_tests/t_sha2.c
+++ b/src/lib/crypto/crypto_tests/t_sha2.c
@@ -125,7 +125,7 @@ hash_test(const struct krb5_hash_provider *hash, struct test *tests)
 
            if (hash == &krb5int_hash_sha256) {
                /* Try again using k5_sha256(). */
-               if (k5_sha256(&iov.data, (uint8_t *)hval.data) != 0)
+               if (k5_sha256(&iov.data, 1, (uint8_t *)hval.data) != 0)
                    abort();
                if (memcmp(hval.data, t->hash, hval.length) != 0)
                    abort();

diff --git a/src/lib/crypto/openssl/sha256.c b/src/lib/crypto/openssl/sha256.c
index fa095d47200dc2e44c9b1b581e79654b5e85dae6..0edd8b7ba71a72ffe7286ed2f01df4dca3e5dd82 100644 (file)
--- a/src/lib/crypto/openssl/sha256.c
+++ b/src/lib/crypto/openssl/sha256.c
@@ -34,16 +34,18 @@
 #include <openssl/evp.h>
 
 krb5_error_code
-k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN])
+k5_sha256(const krb5_data *in, size_t n, uint8_t out[K5_SHA256_HASHLEN])
 {
     EVP_MD_CTX *ctx;
+    size_t i;
     int ok;
 
     ctx = EVP_MD_CTX_new();
     if (ctx == NULL)
         return ENOMEM;
     ok = EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
-    ok = ok && EVP_DigestUpdate(ctx, in->data, in->length);
+    for (i = 0; i < n; i++)
+        ok = ok && EVP_DigestUpdate(ctx, in[i].data, in[i].length);
     ok = ok && EVP_DigestFinal_ex(ctx, out, NULL);
     EVP_MD_CTX_free(ctx);
     return ok ? 0 : ENOMEM;

diff --git a/src/lib/krb5/rcache/rc_conv.c b/src/lib/krb5/rcache/rc_conv.c
index 0e021f5d8e4257e3b993898e7d755cf0846d665b..f2fe528ac34d96ba5cef470d4f1712077930c2a5 100644 (file)
--- a/src/lib/krb5/rcache/rc_conv.c
+++ b/src/lib/krb5/rcache/rc_conv.c
@@ -58,7 +58,7 @@ krb5_rc_hash_message(krb5_context context, const krb5_data *message,
     *out = NULL;
 
     /* Calculate the binary checksum. */
-    retval = k5_sha256(message, cksum);
+    retval = k5_sha256(message, 1, cksum);
     if (retval)
         return retval;