krb5: Stash the HMAC context in the krb5_crypto object

Store the EVP HMAC context in the krb5_crypto object so that we don't have to allocate it for every hashing operating we perform.
2018-05-14 14:21:41 +01:00
parent e50faea7f0
commit b9b8e76376
4 changed files with 17 additions and 4 deletions
--- a/lib/krb5/crypto-aes-sha2.c
+++ b/lib/krb5/crypto-aes-sha2.c
@@ -74,7 +74,8 @@ SP_HMAC_SHA2_checksum(krb5_context context,
    if (ret)
 	return ret;

-    ret = _krb5_evp_hmac_iov(context, key, iov, niov, hmac, &hmaclen, md, NULL);
+    ret = _krb5_evp_hmac_iov(context, crypto, key, iov, niov, hmac,
+                             &hmaclen, md, NULL);
    if (ret)
        return ret;

--- a/lib/krb5/crypto-evp.c
+++ b/lib/krb5/crypto-evp.c
@@ -114,6 +114,7 @@ out:

 krb5_error_code
 _krb5_evp_hmac_iov(krb5_context context,
+                   krb5_crypto crypto,
                   struct _krb5_key_data *key,
                   const struct krb5_crypto_iov *iov,
                   int niov,
@@ -126,7 +127,13 @@ _krb5_evp_hmac_iov(krb5_context context,
    krb5_data current = {0, 0};
    int i;

-    ctx = HMAC_CTX_new();
+    if (crypto != NULL) {
+	if (crypto->hmacctx == NULL)
+	    crypto->hmacctx = HMAC_CTX_new();
+	ctx = crypto->hmacctx;
+    } else {
+	ctx = HMAC_CTX_new();
+    }
    if (ctx == NULL)
        return krb5_enomem(context);

@@ -150,7 +157,8 @@ _krb5_evp_hmac_iov(krb5_context context,

    HMAC_Final(ctx, hmac, hmaclen);

-    HMAC_CTX_free(ctx);
+    if (crypto == NULL)
+        HMAC_CTX_free(ctx);

    return 0;
 }
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -329,7 +329,7 @@ _krb5_SP_HMAC_SHA1_checksum(krb5_context context,
    unsigned char hmac[EVP_MAX_MD_SIZE];
    unsigned int hmaclen = sizeof(hmac);

-    ret = _krb5_evp_hmac_iov(context, key, iov, niov, hmac, &hmaclen,
+    ret = _krb5_evp_hmac_iov(context, crypto, key, iov, niov, hmac, &hmaclen,
                             EVP_sha1(), NULL);

    heim_assert(result->checksum.length <= hmaclen,
@@ -2526,6 +2526,9 @@ krb5_crypto_destroy(krb5_context context,
    if (crypto->mdctx)
 	EVP_MD_CTX_destroy(crypto->mdctx);

+    if (crypto->hmacctx)
+	HMAC_CTX_free(crypto->hmacctx);
+
    free (crypto);
    return 0;
 }
--- a/lib/krb5/crypto.h
+++ b/lib/krb5/crypto.h
@@ -205,6 +205,7 @@ struct krb5_crypto_data {
    struct _krb5_encryption_type *et;
    struct _krb5_key_data key;
    EVP_MD_CTX *mdctx;
+    HMAC_CTX *hmacctx;
    int num_key_usage;
    struct _krb5_key_usage *key_usage;
 };