From noreply at github.com Thu May 10 17:33:28 2018 From: noreply at github.com (GitHub) Date: Thu, 10 May 2018 08:33:28 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 72d4f1: Fix EVP PKCS#11 backend regression (#314, #316) Message-ID: <5af46648a549f_a5e2ab67a4b3c186911a@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/pkcs11-hcrypto-cbc-fix Home: https://github.com/heimdal/heimdal Commit: 72d4f1be618658c456e8693ecfc32bd09230477f https://github.com/heimdal/heimdal/commit/72d4f1be618658c456e8693ecfc32bd09230477f Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- Fix EVP PKCS#11 backend regression (#314, #316) The EVP PKCS#11 backend did not support a subtle hcrypto behaviour for resetting the cryptographic state. This fixes this without regressing issue #194. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Thu May 10 17:38:52 2018 From: noreply at github.com (GitHub) Date: Thu, 10 May 2018 08:38:52 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 2b5b7c: Fix EVP PKCS#11 backend regression (#314, #316) Message-ID: <5af4678c9b8fd_29092ac9034f1c0c9586e@hookshot-fe-5a11256.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/pkcs11-hcrypto-cbc-fix Home: https://github.com/heimdal/heimdal Commit: 2b5b7cfbc703013854112d244746940e8cdd3297 https://github.com/heimdal/heimdal/commit/2b5b7cfbc703013854112d244746940e8cdd3297 Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- Fix EVP PKCS#11 backend regression (#314, #316) The EVP PKCS#11 backend did not support a subtle hcrypto behaviour for resetting the cryptographic state. This fixes this without regressing issue #194. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri May 11 05:21:40 2018 From: noreply at github.com (GitHub) Date: Thu, 10 May 2018 20:21:40 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] a88d00: Fix PKCS#11 hcrypto backend regression (#314, #315... Message-ID: <5af50c44ad756_5bc22adbcd0b3c08434ca@hookshot-fe-5a11256.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/pkcs11-hcrypto-cbc-fix Home: https://github.com/heimdal/heimdal Commit: a88d00660efc0de15514f0957a51954478e31f45 https://github.com/heimdal/heimdal/commit/a88d00660efc0de15514f0957a51954478e31f45 Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/hcrypto/evp-pkcs11.c M lib/hcrypto/evp.h Log Message: ----------- Fix PKCS#11 hcrypto backend regression (#314, #315, #316, #317) 81c778e broke the PKCS#11 hcrypto backend broke for many cases as it did not support cipherstate resetting. (Prior to 81c778e, which was to fix #194, the PKCS#11 backend did not support cipherstate chaining across invocations.) hcrypto backends that maintain cipherstate independently of the hcrypto context IV field need to set EVP_CIPH_ALWAYS_CALL_INIT to avoid the two diverging. Their init function should support resetting the cipherstate independently of key scheduling. Commit: 590be3d7dadb8e17a15261bce9275f37f6dfc917 https://github.com/heimdal/heimdal/commit/590be3d7dadb8e17a15261bce9275f37f6dfc917 Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- hcrypto PKCS#11 backend: allow digest update with NULL (#378) Some callers of EVP_DigestUpdate (such as libntlm) pass NULL as the data argument. PKCS#11 returns CKR_ARGUMENTS_BAD which may poison the context. Pass an empty string to C_DigestUpdate work around this. Compare: https://github.com/heimdal/heimdal/compare/2b5b7cfbc703...590be3d7dadb **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri May 11 05:27:35 2018 From: noreply at github.com (GitHub) Date: Thu, 10 May 2018 20:27:35 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] a88d00: Fix PKCS#11 hcrypto backend regression (#314, #315... Message-ID: <5af50da76eabb_689a2ae040333c0455ac@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: a88d00660efc0de15514f0957a51954478e31f45 https://github.com/heimdal/heimdal/commit/a88d00660efc0de15514f0957a51954478e31f45 Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/hcrypto/evp-pkcs11.c M lib/hcrypto/evp.h Log Message: ----------- Fix PKCS#11 hcrypto backend regression (#314, #315, #316, #317) 81c778e broke the PKCS#11 hcrypto backend broke for many cases as it did not support cipherstate resetting. (Prior to 81c778e, which was to fix #194, the PKCS#11 backend did not support cipherstate chaining across invocations.) hcrypto backends that maintain cipherstate independently of the hcrypto context IV field need to set EVP_CIPH_ALWAYS_CALL_INIT to avoid the two diverging. Their init function should support resetting the cipherstate independently of key scheduling. Commit: 590be3d7dadb8e17a15261bce9275f37f6dfc917 https://github.com/heimdal/heimdal/commit/590be3d7dadb8e17a15261bce9275f37f6dfc917 Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- hcrypto PKCS#11 backend: allow digest update with NULL (#378) Some callers of EVP_DigestUpdate (such as libntlm) pass NULL as the data argument. PKCS#11 returns CKR_ARGUMENTS_BAD which may poison the context. Pass an empty string to C_DigestUpdate work around this. Compare: https://github.com/heimdal/heimdal/compare/a2822719e6f9...590be3d7dadb **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri May 11 05:53:57 2018 From: noreply at github.com (GitHub) Date: Thu, 10 May 2018 20:53:57 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 6a1bb9: hcrypto PKCS#11 backend: allow digest update with ... Message-ID: <5af513d54f4ed_5adc2ab5cef9bc047313@hookshot-fe-5a11256.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 6a1bb953230a2095a9ef7b9f1e979cf519ac616b https://github.com/heimdal/heimdal/commit/6a1bb953230a2095a9ef7b9f1e979cf519ac616b Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- hcrypto PKCS#11 backend: allow digest update with NULL (#378) In the PKCS#11 backend, add an assertion check to p11_md_update() to validate that the data length is zero if the data is NULL. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri May 11 12:20:38 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 03:20:38 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] ebf7f0: initial support for Solaris doors Message-ID: <5af56e76dba87_62022b085c0b9c14788bf@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: ebf7f0c7af23f8f40feaec4b1e35cfb5670a833b https://github.com/heimdal/heimdal/commit/ebf7f0c7af23f8f40feaec4b1e35cfb5670a833b Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/ipc/client.c M lib/ipc/heim-ipc.h M lib/ipc/server.c M lib/ipc/tc.c M lib/ipc/ts.c Log Message: ----------- initial support for Solaris doors **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri May 11 12:52:12 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 03:52:12 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9518f2: hcrypto PKCS#11 backend: don't leak sessions on di... Message-ID: <5af575dcd7699_68882ad47ddb3c0c52170@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9518f2965b4d0daef0eda733c31c6c26ccae20a4 https://github.com/heimdal/heimdal/commit/9518f2965b4d0daef0eda733c31c6c26ccae20a4 Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- hcrypto PKCS#11 backend: don't leak sessions on digest reinit Clients of the EVP API can reinitialize message digest contexts without destroying them. The PKCS#11 backend assumed they were only used once, and was leaking session handles upon reinitialization. This fix disposes of any existing PKCS#11 message digest context in the initialization method. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri May 11 13:34:13 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 04:34:13 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] bd0b6f: hcrypto WinCNG backend: don't leak handles on dige... Message-ID: <5af57fb590623_69c22ac21f2c1bfc3747a@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: bd0b6f8c2b8663e372b713769b554984b2d929ae https://github.com/heimdal/heimdal/commit/bd0b6f8c2b8663e372b713769b554984b2d929ae Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/hcrypto/evp-wincng.c Log Message: ----------- hcrypto WinCNG backend: don't leak handles on digest reinit Similar fix to 9518f296, but for the WinCNG EVP backend. Commit: 3224a282a65bfcabfb730112b53a89f95341f8b3 https://github.com/heimdal/heimdal/commit/3224a282a65bfcabfb730112b53a89f95341f8b3 Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/hcrypto/evp-wincng.c Log Message: ----------- hcrypto WinCNG backend: don't leak handles on crypto reinit Similar fix to a88d0066, but for the WinCNG EVP backend. However this is just a fix for leaking handles if the same EVP context is used with a new key; there is no functionality issue as cipherstate is maintained directly in the EVP context, not internally by WinCNG. Compare: https://github.com/heimdal/heimdal/compare/9518f2965b4d...3224a282a65b **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri May 11 15:01:01 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 06:01:01 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] a748eb: Cleanup Message-ID: <5af5940d345ca_2c8f2b0de897dc1054f0@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: a748eb8ce080c7c840c74c74850444b2df41a307 https://github.com/heimdal/heimdal/commit/a748eb8ce080c7c840c74c74850444b2df41a307 Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/ipc/client.c Log Message: ----------- Cleanup Commit: c01abcd4bac353e1a299fac815bfa4ccd589e4a2 https://github.com/heimdal/heimdal/commit/c01abcd4bac353e1a299fac815bfa4ccd589e4a2 Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M lib/krb5/kcm.h Log Message: ----------- remove old socket/door KCM paths Commit: dd48b9b280c4c2d18a0242347cc8d101b993504f https://github.com/heimdal/heimdal/commit/dd48b9b280c4c2d18a0242347cc8d101b993504f Author: Luke Howard Date: 2018-05-11 (Fri, 11 May 2018) Changed paths: M kcm/config.c M kcm/kcm.8 M kcm/kcm_locl.h M kcm/main.c M kdc/digest-service.c Log Message: ----------- Enable doors again in KCM, digest service Compare: https://github.com/heimdal/heimdal/compare/ebf7f0c7af23...dd48b9b280c4 **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 12 04:07:25 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 19:07:25 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 8a945e: use offsetof, cleanup Message-ID: <5af64c5d730b7_56c52b14af679c0815730@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: 8a945e7ca5bacd2d23259d4eea23fd3e7c24bc27 https://github.com/heimdal/heimdal/commit/8a945e7ca5bacd2d23259d4eea23fd3e7c24bc27 Author: Luke Howard Date: 2018-05-12 (Sat, 12 May 2018) Changed paths: M lib/ipc/client.c Log Message: ----------- use offsetof, cleanup **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 12 05:52:42 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 20:52:42 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 934d5e: hcrypto PKCS#11 backend: Call C_Initialize() on ev... Message-ID: <5af6650ac7a1b_49cd2adb41ca9bfc12395@hookshot-fe-7191cb1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 934d5e09bf3ba0774d303da53446e5ff94daae01 https://github.com/heimdal/heimdal/commit/934d5e09bf3ba0774d303da53446e5ff94daae01 Author: Luke Howard Date: 2018-05-12 (Sat, 12 May 2018) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- hcrypto PKCS#11 backend: Call C_Initialize() on every hcrypto call This is required as the PKCS#11 library needs to be reinitialized after forking. This was causing a problem with ipropd. This fix appears to incur a repeatable 10ms performance penalty on aes-test. Caching the initialization status using a once control and invalidating it on fork provided no measurable performance benefit on Solaris 11. Other approaches would not be thread-safe or would involve more intrusive code changes, such as exposing heimbase's atomics. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 12 05:58:35 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 20:58:35 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] bd2c2e: hcrypto WinCNG backend: zero rgb{Hash, Key}Object o... Message-ID: <5af6666bbe7c7_451c2ab87e04bc10240de@hookshot-fe-d252ca1.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: bd2c2eb8bdc60e54de96771d37439bee3a85d4c7 https://github.com/heimdal/heimdal/commit/bd2c2eb8bdc60e54de96771d37439bee3a85d4c7 Author: Luke Howard Date: 2018-05-12 (Sat, 12 May 2018) Changed paths: M lib/hcrypto/evp-wincng.c Log Message: ----------- hcrypto WinCNG backend: zero rgb{Hash,Key}Object on reinit In the interest of being paranoid, when a WinCNG crypto or digest context is being reinitialized, zero out the backing store as well as destroying the handle. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 12 06:20:04 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 21:20:04 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 75a2a2: initial support for Solaris doors Message-ID: <5af66b74daf51_15382b1a14b0bc0c508c7@hookshot-fe-31feec6.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: 75a2a2735d19f5600eb37356cb8bafd481628d51 https://github.com/heimdal/heimdal/commit/75a2a2735d19f5600eb37356cb8bafd481628d51 Author: Luke Howard Date: 2018-05-12 (Sat, 12 May 2018) Changed paths: M kcm/config.c M kcm/kcm.8 M kcm/kcm_locl.h M kcm/main.c M kdc/digest-service.c M lib/ipc/client.c M lib/ipc/heim-ipc.h M lib/ipc/server.c M lib/ipc/tc.c M lib/ipc/ts.c M lib/krb5/kcm.h Log Message: ----------- initial support for Solaris doors **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 12 06:21:56 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 21:21:56 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 2a23fa: initial support for Solaris doors Message-ID: <5af66be447693_49b72b23172bbc082164b@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: 2a23fac75c07ec1a42dc808328ddd2b122b0ef61 https://github.com/heimdal/heimdal/commit/2a23fac75c07ec1a42dc808328ddd2b122b0ef61 Author: Luke Howard Date: 2018-05-12 (Sat, 12 May 2018) Changed paths: M kcm/config.c M kcm/kcm.8 M kcm/kcm_locl.h M kcm/main.c M kdc/digest-service.c M lib/ipc/client.c M lib/ipc/heim-ipc.h M lib/ipc/server.c M lib/ipc/tc.c M lib/ipc/ts.c M lib/krb5/kcm.h Log Message: ----------- initial support for Solaris doors **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 12 06:45:29 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 21:45:29 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 0c51e7: IPC: use getpeerucred() API correctly (#382) Message-ID: <5af67169b24c3_45af2b1703d07c04783e8@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 0c51e7c6abb2129e744cd932b2ccd013f2374214 https://github.com/heimdal/heimdal/commit/0c51e7c6abb2129e744cd932b2ccd013f2374214 Author: Luke Howard Date: 2018-05-12 (Sat, 12 May 2018) Changed paths: M lib/ipc/server.c Log Message: ----------- IPC: use getpeerucred() API correctly (#382) The ucred_t argument must be initialized to zero otherwise it is assumed to point to allocated memory. Also, the logic is inverted: getpeerucred() returns zero on success, not failure. Commit: fef64ade9fac66ae3e4d1f6cad0e9dda0af9235e https://github.com/heimdal/heimdal/commit/fef64ade9fac66ae3e4d1f6cad0e9dda0af9235e Author: Luke Howard Date: 2018-05-12 (Sat, 12 May 2018) Changed paths: M lib/ipc/common.c Log Message: ----------- IPC: fail gracefully in heim_ipc_cred_get_XXX if cred is NULL (#382) Compare: https://github.com/heimdal/heimdal/compare/bd2c2eb8bdc6...fef64ade9fac **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 12 06:45:32 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 21:45:32 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] fc6327: better error handling Message-ID: <5af6716c48253_4eae2ae3bf38bbfc25858@hookshot-fe-5a11256.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: fc6327cce98456bb561a897b10979c1c4a6f7d7e https://github.com/heimdal/heimdal/commit/fc6327cce98456bb561a897b10979c1c4a6f7d7e Author: Luke Howard Date: 2018-05-12 (Sat, 12 May 2018) Changed paths: M lib/ipc/server.c Log Message: ----------- better error handling **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 12 06:46:09 2018 From: noreply at github.com (GitHub) Date: Fri, 11 May 2018 21:46:09 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 80c74a: initial support for Solaris doors Message-ID: <5af6719151f97_428d2ac91f925c08583ea@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: 80c74af4e9b7ae1a7a52ee49495441ac255b0b16 https://github.com/heimdal/heimdal/commit/80c74af4e9b7ae1a7a52ee49495441ac255b0b16 Author: Luke Howard Date: 2018-05-12 (Sat, 12 May 2018) Changed paths: M kcm/config.c M kcm/kcm.8 M kcm/kcm_locl.h M kcm/main.c M kdc/digest-service.c M lib/ipc/client.c M lib/ipc/heim-ipc.h M lib/ipc/server.c M lib/ipc/tc.c M lib/ipc/ts.c M lib/krb5/kcm.h Log Message: ----------- initial support for Solaris doors **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun May 13 06:40:50 2018 From: noreply at github.com (GitHub) Date: Sat, 12 May 2018 21:40:50 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 72b061: KCM: restore support for Solaris doors IPC mechani... Message-ID: <5af7c1d2e02bf_53fb2ace6e305c0c586f0@hookshot-fe-5a11256.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: 72b061e1a23a6350e730ef09e8405e8cc03c414d https://github.com/heimdal/heimdal/commit/72b061e1a23a6350e730ef09e8405e8cc03c414d Author: Luke Howard Date: 2018-05-13 (Sun, 13 May 2018) Changed paths: M kcm/config.c M kcm/kcm.8 M kcm/kcm_locl.h M kcm/main.c M kdc/digest-service.c M lib/ipc/client.c M lib/ipc/heim-ipc.h M lib/ipc/server.c M lib/ipc/tc.c M lib/ipc/ts.c M lib/krb5/kcm.h Log Message: ----------- KCM: restore support for Solaris doors IPC mechanism (#379) This patch restores support for the Solaris doors IPC mechanism, removed from KCM when lib/ipc was added. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun May 13 07:13:15 2018 From: noreply at github.com (GitHub) Date: Sat, 12 May 2018 22:13:15 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] a7c0a7: KCM: restore support for Solaris doors IPC mechani... Message-ID: <5af7c96bd247e_49d02ad17314dc183855b@hookshot-fe-7191cb1.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: a7c0a7f0f5ba26c7e5773003feabeac6917ccbf2 https://github.com/heimdal/heimdal/commit/a7c0a7f0f5ba26c7e5773003feabeac6917ccbf2 Author: Luke Howard Date: 2018-05-13 (Sun, 13 May 2018) Changed paths: M kcm/config.c M kcm/kcm.8 M kcm/kcm_locl.h M kcm/main.c M kdc/digest-service.c M lib/ipc/client.c M lib/ipc/heim-ipc.h M lib/ipc/server.c M lib/ipc/tc.c M lib/ipc/ts.c M lib/krb5/kcm.h Log Message: ----------- KCM: restore support for Solaris doors IPC mechanism (#379) This patch restores support for the Solaris doors IPC mechanism, removed from KCM when lib/ipc was added. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun May 13 07:18:41 2018 From: noreply at github.com (GitHub) Date: Sat, 12 May 2018 22:18:41 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 952c7b: default to doors Message-ID: <5af7cab112632_63932ad741e77c0832968@hookshot-fe-cace476.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: 952c7babea6fa2d7257fe03eb765629c8ce258df https://github.com/heimdal/heimdal/commit/952c7babea6fa2d7257fe03eb765629c8ce258df Author: Luke Howard Date: 2018-05-13 (Sun, 13 May 2018) Changed paths: M lib/ipc/client.c Log Message: ----------- default to doors **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun May 13 07:30:53 2018 From: noreply at github.com (GitHub) Date: Sat, 12 May 2018 22:30:53 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 321c9f: KCM: restore support for Solaris doors IPC mechani... Message-ID: <5af7cd8d13874_7ac72ac6fcb1dc10580af@hookshot-fe-b0febf1.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: 321c9f0a55d9935618658d925773fc8002b82c2b https://github.com/heimdal/heimdal/commit/321c9f0a55d9935618658d925773fc8002b82c2b Author: Luke Howard Date: 2018-05-13 (Sun, 13 May 2018) Changed paths: M kcm/config.c M kcm/kcm.8 M kcm/kcm_locl.h M kcm/main.c M kdc/digest-service.c M lib/ipc/client.c M lib/ipc/heim-ipc.h M lib/ipc/server.c M lib/ipc/tc.c M lib/ipc/ts.c M lib/krb5/kcm.h Log Message: ----------- KCM: restore support for Solaris doors IPC mechanism (#379) This patch restores support for the Solaris doors IPC mechanism, removed from KCM when lib/ipc was added. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun May 13 07:34:12 2018 From: noreply at github.com (GitHub) Date: Sat, 12 May 2018 22:34:12 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 73fde3: KCM: restore support for Solaris doors IPC mechani... Message-ID: <5af7ce549d2c2_44702ac47ee81c108915a@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/lukeh/solaris-doors Home: https://github.com/heimdal/heimdal Commit: 73fde337579bb74e49b5cda4c9a0cfb63017d1cd https://github.com/heimdal/heimdal/commit/73fde337579bb74e49b5cda4c9a0cfb63017d1cd Author: Luke Howard Date: 2018-05-13 (Sun, 13 May 2018) Changed paths: M kcm/config.c M kcm/kcm.8 M kcm/kcm_locl.h M kcm/main.c M kdc/digest-service.c M lib/ipc/client.c M lib/ipc/heim-ipc.h M lib/ipc/server.c M lib/ipc/tc.c M lib/ipc/ts.c M lib/krb5/kcm.h Log Message: ----------- KCM: restore support for Solaris doors IPC mechanism (#379) This patch restores support for the Solaris doors IPC mechanism, removed from KCM when lib/ipc was added. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun May 13 07:42:06 2018 From: noreply at github.com (GitHub) Date: Sat, 12 May 2018 22:42:06 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 73fde3: KCM: restore support for Solaris doors IPC mechani... Message-ID: <5af7d02e73492_21a452aaf5f97bc042612b@hookshot-fe-dfcc362.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 73fde337579bb74e49b5cda4c9a0cfb63017d1cd https://github.com/heimdal/heimdal/commit/73fde337579bb74e49b5cda4c9a0cfb63017d1cd Author: Luke Howard Date: 2018-05-13 (Sun, 13 May 2018) Changed paths: M kcm/config.c M kcm/kcm.8 M kcm/kcm_locl.h M kcm/main.c M kdc/digest-service.c M lib/ipc/client.c M lib/ipc/heim-ipc.h M lib/ipc/server.c M lib/ipc/tc.c M lib/ipc/ts.c M lib/krb5/kcm.h Log Message: ----------- KCM: restore support for Solaris doors IPC mechanism (#379) This patch restores support for the Solaris doors IPC mechanism, removed from KCM when lib/ipc was added. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun May 13 09:53:34 2018 From: noreply at github.com (GitHub) Date: Sun, 13 May 2018 00:53:34 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] defde8: IPC: do not use alloca() in Solaris doors backend Message-ID: <5af7eefe71848_73c82aef7c1f7c14856e3@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: defde8be686e6145979598e959b62814a64d8b7a https://github.com/heimdal/heimdal/commit/defde8be686e6145979598e959b62814a64d8b7a Author: Luke Howard Date: 2018-05-13 (Sun, 13 May 2018) Changed paths: M lib/ipc/server.c Log Message: ----------- IPC: do not use alloca() in Solaris doors backend **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sun May 13 13:22:31 2018 From: noreply at github.com (GitHub) Date: Sun, 13 May 2018 04:22:31 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] c5db6e: IPC: Solaris doors backend: fix uninitialized vari... Message-ID: <5af81ff79b111_1962af152badc187852c@hookshot-fe-da92815.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: c5db6e691a1d9921fde23e54e8c7a5a579e3d565 https://github.com/heimdal/heimdal/commit/c5db6e691a1d9921fde23e54e8c7a5a579e3d565 Author: Luke Howard Date: 2018-05-13 (Sun, 13 May 2018) Changed paths: M lib/ipc/server.c Log Message: ----------- IPC: Solaris doors backend: fix uninitialized variables When replying to a door call, if allocating the buffer using malloc() fails, we return EAGAIN to the client to avoid it hanging, using a variable on the stack. However in this case the code did not reset the reply length, which would result in it reading past the end of the stack. At the expense of a goto, this patch uses the same path for returning an error as if it was generating by the application. Also, ensure that reply->length is set to zero when returning an error; it shouldn't affect the client as it will not read this in the event of a non-zero return code, but it avoids leaking uninitialized memory. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon May 14 04:18:31 2018 From: noreply at github.com (GitHub) Date: Sun, 13 May 2018 19:18:31 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 927185: IPC: Solaris doors backend: avoid using TLS where ... Message-ID: <5af8f1f7e0d30_45b32af09f8efc14166ce@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 927185e732df87c140cb0b92937d29ebbcf1172f https://github.com/heimdal/heimdal/commit/927185e732df87c140cb0b92937d29ebbcf1172f Author: Luke Howard Date: 2018-05-14 (Mon, 14 May 2018) Changed paths: M lib/ipc/server.c Log Message: ----------- IPC: Solaris doors backend: avoid using TLS where possible Optimistically delay using thread-local storage for the door reply buffer until we actually need to allocate from the heap. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Tue May 15 13:29:43 2018 From: noreply at github.com (GitHub) Date: Tue, 15 May 2018 04:29:43 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 2c2376: test_rfc3961: Add HMAC tests Message-ID: <5afac4a76645e_5b792b28bad1bc0413854@hookshot-fe-da92815.cp1-iad.github.net.mail> Branch: refs/heads/sxw/iovecs Home: https://github.com/heimdal/heimdal Commit: 2c23767a9343d9a0dad76776194fb4c13fc834f3 https://github.com/heimdal/heimdal/commit/2c23767a9343d9a0dad76776194fb4c13fc834f3 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/test_rfc3961.c Log Message: ----------- test_rfc3961: Add HMAC tests Add some HMAC-SHA1 tests using the test vectors in RFC2202 Commit: 13055ff684272e8061accb581cfe852de9e99a1f https://github.com/heimdal/heimdal/commit/13055ff684272e8061accb581cfe852de9e99a1f Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/hcrypto/hmac.c M lib/hcrypto/hmac.h M lib/hcrypto/version-script.map Log Message: ----------- hcrypto: Add HMAC_CTX_new and HMAC_CTX_free Add a pair of functions which can be used to allocate and free an HMAC_CTX structure on the heap. This means that the caller doesn't need to know the size of the underlying structure. Commit: a2403a061d07655251723cefdc5403fa486bccdb https://github.com/heimdal/heimdal/commit/a2403a061d07655251723cefdc5403fa486bccdb Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Add _krb5_crypto_iov_should_sign helper function Add a helper function which contains the knowledge about whether a particular portion of a krb5_crypto_iovec should be signed or not. Commit: a51a3cc9984521c30e12c4638c5aaf60206042ee https://github.com/heimdal/heimdal/commit/a51a3cc9984521c30e12c4638c5aaf60206042ee Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add _krb5_evp_digest_iov Add a function which can apply an EVP message digest algorithm over a set of iovecs to produce a signature. Commit: bcb2d52d2870f0f9de2b476b0f6674912607ba7a https://github.com/heimdal/heimdal/commit/bcb2d52d2870f0f9de2b476b0f6674912607ba7a Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add _krb5_evp_hmac_iov Add a function which will perform an HMAC over a set of iovecs, using the hcrypto provided HMAC functions. Join contiguous iovecs together before passing them to the hash function so we make as few calls into the hash as possible. Commit: d09cf275e3a8d1ccd992a1409d80c5a5b1f9ada2 https://github.com/heimdal/heimdal/commit/d09cf275e3a8d1ccd992a1409d80c5a5b1f9ada2 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h M lib/krb5/pac.c Log Message: ----------- krb5: Use iovecs for internal checksum handling Modify the signature of the checksum operation in the krb5_checksum_type structure so that it processes iovecs rather than solid blocks of data. Update all of the implementations of these functions for all of the checksum types that we support so that they process iovecs, either by iterating through the iovec in each function, or by calling _krb5_evp_digest_iov or _krb5_evp_hmac_iov() Update callers of these functions so that they turn their single blocks of data into a single iovec of the correct type before calling checksum Commit: 9d6a2ec74e3991b2862dc388a4919302bf90e8f7 https://github.com/heimdal/heimdal/commit/9d6a2ec74e3991b2862dc388a4919302bf90e8f7 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Use iovecs internally for checksum verification When verifying checksums, pass iovecs through to the individual verify routines. Commit: 5e4426dca4ac79dca543e90c31765c1a2ea52178 https://github.com/heimdal/heimdal/commit/5e4426dca4ac79dca543e90c31765c1a2ea52178 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/test_rfc3961.c Log Message: ----------- test_rfc3961: Add performance tests for HMAC-SHA1 Add a selection of performance tests for HMAC-SHA1 to the RFC3961 library tests. Commit: 69e9c757d3199c9ac7aac712b705175bb40bb1c5 https://github.com/heimdal/heimdal/commit/69e9c757d3199c9ac7aac712b705175bb40bb1c5 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c M lib/krb5/test_rfc3961.c Log Message: ----------- krb5: Use EVP HMAC() function for HMAC-SHA1 Use the EVP HMAC() function that we use for SHA2 HMACs for SHA1 as well. Commit: 73521ac4e0806eacb4d3f310fff00ed4ee4cdbc0 https://github.com/heimdal/heimdal/commit/73521ac4e0806eacb4d3f310fff00ed4ee4cdbc0 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovecs throughout krb5_create_checksum_iov Rather than flattening the iovecs supplied to krb5_create_checksum_iov into a malloc()'d memory block, refactor the function so that they can be passed straight through to the backend hash functions. Commit: f50652a76e5851fd27a6d24700d6ffd0396aab53 https://github.com/heimdal/heimdal/commit/f50652a76e5851fd27a6d24700d6ffd0396aab53 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Reorder checks in _key_schedule _krb5_find_enctype is a moderately expensive operation, as it does a linear search of the enctype lists. Avoid calling it in _key_schedule when we already have a key schedule in place. This change makes the most common check the first in the function. Commit: a4ce4a50fcc090072464a389b6c81e39b78f1ad7 https://github.com/heimdal/heimdal/commit/a4ce4a50fcc090072464a389b6c81e39b78f1ad7 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Implement krb5_verify_checksum_iov with iovecs Instead of flattening the iovecs passed into krb5_verify_checksum_iov, create a new internal verify_checksum_iov function which passes iovecs down onto the individual ->verify or ->checksum functions. Commit: ddcad54692888c3f0f12e59a5dc0bc3d6b1ca8c5 https://github.com/heimdal/heimdal/commit/ddcad54692888c3f0f12e59a5dc0bc3d6b1ca8c5 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-evp.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h M lib/krb5/pac.c M lib/krb5/test_rfc3961.c Log Message: ----------- krb5: Optionally pass a crypto context to hash functions Creating and destroying an EVP_CTX_MD structure with every hash operation is very expensive. Speed things up by caching one within the krb5_crypto structure. krb5_crypto can already only be safely used by one thread at a time - adding a message digest context here shouldn't introduce any further threading risks. Users of the stashed context must be careful to ensure that they call no other hash functions whilst they are in the middle of using the context. Commit: e78bae60633df0c7920db77bc62233de8ac175c3 https://github.com/heimdal/heimdal/commit/e78bae60633df0c7920db77bc62233de8ac175c3 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-evp.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Stash the HMAC context in the krb5_crypto object Store the EVP HMAC context in the krb5_crypto object so that we don't have to allocate it for every hashing operating we perform. Commit: 4e97a40b231fc946869ee289cf85781e5aed4683 https://github.com/heimdal/heimdal/commit/4e97a40b231fc946869ee289cf85781e5aed4683 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/hcrypto/hmac.c Log Message: ----------- hcrypto: Make more buffers persist across HMAC operations If we don't change MD algorithm across two calls to HMAC_Init_ex using the same context, don't bother reallocating all of our buffers. Commit: b477ae0942c5427914d8b563eeb691f592840bd7 https://github.com/heimdal/heimdal/commit/b477ae0942c5427914d8b563eeb691f592840bd7 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Expand list of vector types that are hashed So that we can eventually use iovec hashes with encrypt, as well as sign operations, add CRYPTO_TYPE_HEADER and CRYPTO_TYPE_PADDING to the list of iovecs which will be hashed. Commit: 1b33d2f4626f314c30103eee0d34ce4626c3e942 https://github.com/heimdal/heimdal/commit/1b33d2f4626f314c30103eee0d34ce4626c3e942 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Actually 0 padding When we decide we need to zero the padding iovec, do so with 0, not with the length that we've determined. This had no effect because we zero the padding properly later, but it should be fixed, so that things still work when the later memset() goes away. Commit: 9941ce290925b12a46eb5067bcfa0f1e841751e9 https://github.com/heimdal/heimdal/commit/9941ce290925b12a46eb5067bcfa0f1e841751e9 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovec checksum in krb5_encrypt_iov_ivec Use the iovec checksum routines in krb5_encrypt_iov_ivec. This still marshalls all of the iovecs together to perform the encryption operation, but this change halves the amount of time spent on data marshalling in this function. Commit: 3cc97c2b91b4c52a3c7f0a478123456f1482c2af https://github.com/heimdal/heimdal/commit/3cc97c2b91b4c52a3c7f0a478123456f1482c2af Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Add an optional encrypt_iov function to encryption types Add a encrypt_iov function pointer to all of our encryption types which can be used to implement an iovec based encryption routine. Modify krb5_encrypt_iov so that it calls the iovec based routine if it is available. Commit: 9fc7a70a1f3fbc141db83d142bc486e335d6bc54 https://github.com/heimdal/heimdal/commit/9fc7a70a1f3fbc141db83d142bc486e335d6bc54 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add EVP iovec encryption routines Add iovec routines for both padded CBC, and CTS EVP based encryption. These routines go to great lengths to minimise the number of times we call EVP_Cipher. With some EVP implementations (such as OpenSSL's AES-NI) there is a significant entrance and exit overhead from this routine, due to the use of SIMD vectors for the ivec. Commit: 099640f3b87ea099a270e7e2760df2cfbc09dc74 https://github.com/heimdal/heimdal/commit/099640f3b87ea099a270e7e2760df2cfbc09dc74 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto.c Log Message: ----------- krb5: Add a verify mode for the HMAC_SHA1 checksum Add a verify operation for this checksum. If a verify operation isn't defined, then the verify_checksum code has to dynamically allocate and free a block of memory for the computed checksum, which can be a significant overhead when performing bulk data encryption. Commit: 5058808535439b1fe9c87940192164f8f8c4219a https://github.com/heimdal/heimdal/commit/5058808535439b1fe9c87940192164f8f8c4219a Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovecs for krb5_decrypt_iov_ivec When we have an underlying iovec encryption function, use iovecs for checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than coalescing iovecs into a single memory buffer. Compare: https://github.com/heimdal/heimdal/compare/2c23767a9343^...505880853543 **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Tue May 15 16:22:14 2018 From: noreply at github.com (GitHub) Date: Tue, 15 May 2018 07:22:14 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 694d1e: krb5: Store a digest context in the crypto structu... Message-ID: <5afaed168f84a_3bc12ac381f15c1055793@hookshot-fe-7191cb1.cp1-iad.github.net.mail> Branch: refs/heads/sxw/iovecs Home: https://github.com/heimdal/heimdal Commit: 694d1eefe5d3422e1378730e008381c6c14e6d07 https://github.com/heimdal/heimdal/commit/694d1eefe5d3422e1378730e008381c6c14e6d07 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-evp.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h M lib/krb5/pac.c M lib/krb5/test_rfc3961.c Log Message: ----------- krb5: Store a digest context in the crypto structure Creating and destroying an EVP_CTX_MD structure with every hash operation is very expensive. Speed things up by caching one within the krb5_crypto structure. krb5_crypto can already only be safely used by one thread at a time - adding a message digest context here shouldn't introduce any further threading risks. Users of the stashed context must be careful to ensure that they call no other hash functions whilst they are in the middle of using the context. Commit: 39c66891a9083122df8eaae1d3d0226b739cc33c https://github.com/heimdal/heimdal/commit/39c66891a9083122df8eaae1d3d0226b739cc33c Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-evp.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Stash the HMAC context in the krb5_crypto object Store the EVP HMAC context in the krb5_crypto object so that we don't have to allocate it for every hashing operating we perform. Commit: 1d4c1db2c6bfea6978e922d9dc07b6d41a9ba596 https://github.com/heimdal/heimdal/commit/1d4c1db2c6bfea6978e922d9dc07b6d41a9ba596 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/hcrypto/hmac.c Log Message: ----------- hcrypto: Make more buffers persist across HMAC operations If we don't change MD algorithm across two calls to HMAC_Init_ex using the same context, don't bother reallocating all of our buffers. Commit: a5129667cbce04b50e98c6df71baf750ab770d9f https://github.com/heimdal/heimdal/commit/a5129667cbce04b50e98c6df71baf750ab770d9f Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Expand list of vector types that are hashed So that we can eventually use iovec hashes with encrypt, as well as sign operations, add CRYPTO_TYPE_HEADER and CRYPTO_TYPE_PADDING to the list of iovecs which will be hashed. Commit: 3a54994aabdfc3246287e146ab9682c66572034f https://github.com/heimdal/heimdal/commit/3a54994aabdfc3246287e146ab9682c66572034f Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Actually 0 padding When we decide we need to zero the padding iovec, do so with 0, not with the length that we've determined. This had no effect because we zero the padding properly later, but it should be fixed, so that things still work when the later memset() goes away. Commit: 0dac5d279eb8ee0292d88f681832734af69c8a93 https://github.com/heimdal/heimdal/commit/0dac5d279eb8ee0292d88f681832734af69c8a93 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovec checksum in krb5_encrypt_iov_ivec Use the iovec checksum routines in krb5_encrypt_iov_ivec. This still marshalls all of the iovecs together to perform the encryption operation, but this change halves the amount of time spent on data marshalling in this function. Commit: f0d96ce32c5e5ff3425f1313c2a2e736128bc5c9 https://github.com/heimdal/heimdal/commit/f0d96ce32c5e5ff3425f1313c2a2e736128bc5c9 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Add an optional encrypt_iov function to encryption types Add a encrypt_iov function pointer to all of our encryption types which can be used to implement an iovec based encryption routine. Modify krb5_encrypt_iov so that it calls the iovec based routine if it is available. Commit: c5e30f965031c0f2bb30f55ce0b12dd0c9524900 https://github.com/heimdal/heimdal/commit/c5e30f965031c0f2bb30f55ce0b12dd0c9524900 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add EVP iovec encryption routines Add iovec routines for both padded CBC, and CTS EVP based encryption. These routines go to great lengths to minimise the number of times we call EVP_Cipher. With some EVP implementations (such as OpenSSL's AES-NI) there is a significant entrance and exit overhead from this routine, due to the use of SIMD vectors for the ivec. Commit: ba38ef608418d8dc64dd6bc1dbf08e5c869c2752 https://github.com/heimdal/heimdal/commit/ba38ef608418d8dc64dd6bc1dbf08e5c869c2752 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto.c Log Message: ----------- krb5: Add a verify mode for the HMAC_SHA1 checksum Add a verify operation for this checksum. If a verify operation isn't defined, then the verify_checksum code has to dynamically allocate and free a block of memory for the computed checksum, which can be a significant overhead when performing bulk data encryption. Commit: 4dff725c5924991ec1e979b31f67b6dc7faf587c https://github.com/heimdal/heimdal/commit/4dff725c5924991ec1e979b31f67b6dc7faf587c Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovecs for krb5_decrypt_iov_ivec When we have an underlying iovec encryption function, use iovecs for checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than coalescing iovecs into a single memory buffer. Compare: https://github.com/heimdal/heimdal/compare/505880853543...4dff725c5924 **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Tue May 15 16:59:35 2018 From: noreply at github.com (GitHub) Date: Tue, 15 May 2018 07:59:35 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] afac43: hcrypto: Add HMAC_CTX_new and HMAC_CTX_free Message-ID: <5afaf5d73ca86_42b22ac63a589c0864234@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/sxw/iovecs Home: https://github.com/heimdal/heimdal Commit: afac436710b4c015f6c0fabc5524be38318cdb12 https://github.com/heimdal/heimdal/commit/afac436710b4c015f6c0fabc5524be38318cdb12 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/hcrypto/hmac.c M lib/hcrypto/hmac.h M lib/hcrypto/libhcrypto-exports.def M lib/hcrypto/version-script.map Log Message: ----------- hcrypto: Add HMAC_CTX_new and HMAC_CTX_free Add a pair of functions which can be used to allocate and free an HMAC_CTX structure on the heap. This means that the caller doesn't need to know the size of the underlying structure. Commit: 6eca043847e008682761a5da30d67425c11540be https://github.com/heimdal/heimdal/commit/6eca043847e008682761a5da30d67425c11540be Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Add _krb5_crypto_iov_should_sign helper function Add a helper function which contains the knowledge about whether a particular portion of a krb5_crypto_iovec should be signed or not. Commit: 25ec6d8f0cb2c58798c0aeb627ba73e0f06d6ddd https://github.com/heimdal/heimdal/commit/25ec6d8f0cb2c58798c0aeb627ba73e0f06d6ddd Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add _krb5_evp_digest_iov Add a function which can apply an EVP message digest algorithm over a set of iovecs to produce a signature. Commit: 1e2b3715228f492b1861c213427e32aad33b3d34 https://github.com/heimdal/heimdal/commit/1e2b3715228f492b1861c213427e32aad33b3d34 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add _krb5_evp_hmac_iov Add a function which will perform an HMAC over a set of iovecs, using the hcrypto provided HMAC functions. Join contiguous iovecs together before passing them to the hash function so we make as few calls into the hash as possible. Commit: 56d21e9e299d043f0fe5550519e5fde0c99892d4 https://github.com/heimdal/heimdal/commit/56d21e9e299d043f0fe5550519e5fde0c99892d4 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h M lib/krb5/pac.c Log Message: ----------- krb5: Use iovecs for internal checksum handling Modify the signature of the checksum operation in the krb5_checksum_type structure so that it processes iovecs rather than solid blocks of data. Update all of the implementations of these functions for all of the checksum types that we support so that they process iovecs, either by iterating through the iovec in each function, or by calling _krb5_evp_digest_iov or _krb5_evp_hmac_iov() Update callers of these functions so that they turn their single blocks of data into a single iovec of the correct type before calling checksum Commit: 2161a0c592265b0d164143a5a4bc339eefa8225a https://github.com/heimdal/heimdal/commit/2161a0c592265b0d164143a5a4bc339eefa8225a Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Use iovecs internally for checksum verification When verifying checksums, pass iovecs through to the individual verify routines. Commit: 291fad7a8e415628e0181716771751611d80683d https://github.com/heimdal/heimdal/commit/291fad7a8e415628e0181716771751611d80683d Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/test_rfc3961.c Log Message: ----------- test_rfc3961: Add performance tests for HMAC-SHA1 Add a selection of performance tests for HMAC-SHA1 to the RFC3961 library tests. Commit: 76ac41e2865ffd9359f12c50c67cc808f656fb43 https://github.com/heimdal/heimdal/commit/76ac41e2865ffd9359f12c50c67cc808f656fb43 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c M lib/krb5/test_rfc3961.c Log Message: ----------- krb5: Use EVP HMAC() function for HMAC-SHA1 Use the EVP HMAC() function that we use for SHA2 HMACs for SHA1 as well. Commit: f79f773e3c29c4da06ab364f72e40767101eea28 https://github.com/heimdal/heimdal/commit/f79f773e3c29c4da06ab364f72e40767101eea28 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovecs throughout krb5_create_checksum_iov Rather than flattening the iovecs supplied to krb5_create_checksum_iov into a malloc()'d memory block, refactor the function so that they can be passed straight through to the backend hash functions. Commit: 067080918c67ee50adb096b6ead7b12b187246ad https://github.com/heimdal/heimdal/commit/067080918c67ee50adb096b6ead7b12b187246ad Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Reorder checks in _key_schedule _krb5_find_enctype is a moderately expensive operation, as it does a linear search of the enctype lists. Avoid calling it in _key_schedule when we already have a key schedule in place. This change makes the most common check the first in the function. Commit: f3f668537391734fe6a3ed26ed6bcf91bc21674d https://github.com/heimdal/heimdal/commit/f3f668537391734fe6a3ed26ed6bcf91bc21674d Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Implement krb5_verify_checksum_iov with iovecs Instead of flattening the iovecs passed into krb5_verify_checksum_iov, create a new internal verify_checksum_iov function which passes iovecs down onto the individual ->verify or ->checksum functions. Commit: 9901c19a67324f0bf29c400078f2971ad14e0378 https://github.com/heimdal/heimdal/commit/9901c19a67324f0bf29c400078f2971ad14e0378 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-evp.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h M lib/krb5/pac.c M lib/krb5/test_rfc3961.c Log Message: ----------- krb5: Store a digest context in the crypto structure Creating and destroying an EVP_CTX_MD structure with every hash operation is very expensive. Speed things up by caching one within the krb5_crypto structure. krb5_crypto can already only be safely used by one thread at a time - adding a message digest context here shouldn't introduce any further threading risks. Users of the stashed context must be careful to ensure that they call no other hash functions whilst they are in the middle of using the context. Commit: 18518752c5303dc494b3dd163853817ce873ce3a https://github.com/heimdal/heimdal/commit/18518752c5303dc494b3dd163853817ce873ce3a Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-evp.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Stash the HMAC context in the krb5_crypto object Store the EVP HMAC context in the krb5_crypto object so that we don't have to allocate it for every hashing operating we perform. Commit: 1c874031a75c81425609c88816b444c3943f87b2 https://github.com/heimdal/heimdal/commit/1c874031a75c81425609c88816b444c3943f87b2 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/hcrypto/hmac.c Log Message: ----------- hcrypto: Make more buffers persist across HMAC operations If we don't change MD algorithm across two calls to HMAC_Init_ex using the same context, don't bother reallocating all of our buffers. Commit: d88ae98368e62a4da64cf7559d20d900ab310ac1 https://github.com/heimdal/heimdal/commit/d88ae98368e62a4da64cf7559d20d900ab310ac1 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Expand list of vector types that are hashed So that we can eventually use iovec hashes with encrypt, as well as sign operations, add CRYPTO_TYPE_HEADER and CRYPTO_TYPE_PADDING to the list of iovecs which will be hashed. Commit: 639849411ac31bbabbd8a9fab852e31b2014b3f1 https://github.com/heimdal/heimdal/commit/639849411ac31bbabbd8a9fab852e31b2014b3f1 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Actually 0 padding When we decide we need to zero the padding iovec, do so with 0, not with the length that we've determined. This had no effect because we zero the padding properly later, but it should be fixed, so that things still work when the later memset() goes away. Commit: 40596182d93d9fcdc133f1650361c430a57c46c4 https://github.com/heimdal/heimdal/commit/40596182d93d9fcdc133f1650361c430a57c46c4 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovec checksum in krb5_encrypt_iov_ivec Use the iovec checksum routines in krb5_encrypt_iov_ivec. This still marshalls all of the iovecs together to perform the encryption operation, but this change halves the amount of time spent on data marshalling in this function. Commit: 6d4ea847b08aa16a01daf45c4ba6d104aaa64c88 https://github.com/heimdal/heimdal/commit/6d4ea847b08aa16a01daf45c4ba6d104aaa64c88 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Add an optional encrypt_iov function to encryption types Add a encrypt_iov function pointer to all of our encryption types which can be used to implement an iovec based encryption routine. Modify krb5_encrypt_iov so that it calls the iovec based routine if it is available. Commit: 6642d049ee33541438a0121d1c0b69c5737dfbf6 https://github.com/heimdal/heimdal/commit/6642d049ee33541438a0121d1c0b69c5737dfbf6 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add EVP iovec encryption routines Add iovec routines for both padded CBC, and CTS EVP based encryption. These routines go to great lengths to minimise the number of times we call EVP_Cipher. With some EVP implementations (such as OpenSSL's AES-NI) there is a significant entrance and exit overhead from this routine, due to the use of SIMD vectors for the ivec. Commit: 23c41b70822c1bec6d8f43f39eb27d3d66482920 https://github.com/heimdal/heimdal/commit/23c41b70822c1bec6d8f43f39eb27d3d66482920 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto.c Log Message: ----------- krb5: Add a verify mode for the HMAC_SHA1 checksum Add a verify operation for this checksum. If a verify operation isn't defined, then the verify_checksum code has to dynamically allocate and free a block of memory for the computed checksum, which can be a significant overhead when performing bulk data encryption. Commit: c6d2bb8793604cd62d92be022c8097f39317dd18 https://github.com/heimdal/heimdal/commit/c6d2bb8793604cd62d92be022c8097f39317dd18 Author: Simon Wilkinson Date: 2018-05-15 (Tue, 15 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovecs for krb5_decrypt_iov_ivec When we have an underlying iovec encryption function, use iovecs for checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than coalescing iovecs into a single memory buffer. Compare: https://github.com/heimdal/heimdal/compare/4dff725c5924...c6d2bb879360 **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 19 17:20:01 2018 From: noreply at github.com (GitHub) Date: Sat, 19 May 2018 08:20:01 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 299642: krb5: Add EVP iovec encryption routines Message-ID: <5b0040a1727d4_3e1d2ab595ee1c0c2739d@hookshot-fe-7191cb1.cp1-iad.github.net.mail> Branch: refs/heads/sxw/iovecs Home: https://github.com/heimdal/heimdal Commit: 2996421d34402830dcaccf1aa80f85af121fc6e7 https://github.com/heimdal/heimdal/commit/2996421d34402830dcaccf1aa80f85af121fc6e7 Author: Simon Wilkinson Date: 2018-05-18 (Fri, 18 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add EVP iovec encryption routines Add iovec routines for both padded CBC, and CTS EVP based encryption. These routines go to great lengths to minimise the number of times we call EVP_Cipher. With some EVP implementations (such as OpenSSL's AES-NI) there is a significant entrance and exit overhead from this routine, due to the use of SIMD vectors for the ivec. Commit: 95750d384eab09aa357ed1d7ab90617570056bca https://github.com/heimdal/heimdal/commit/95750d384eab09aa357ed1d7ab90617570056bca Author: Simon Wilkinson Date: 2018-05-18 (Fri, 18 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto.c Log Message: ----------- krb5: Add a verify mode for the HMAC_SHA1 checksum Add a verify operation for this checksum. If a verify operation isn't defined, then the verify_checksum code has to dynamically allocate and free a block of memory for the computed checksum, which can be a significant overhead when performing bulk data encryption. Commit: a26b618df86b35f2dda121521ad5238845cb00ec https://github.com/heimdal/heimdal/commit/a26b618df86b35f2dda121521ad5238845cb00ec Author: Simon Wilkinson Date: 2018-05-18 (Fri, 18 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovecs for krb5_decrypt_iov_ivec When we have an underlying iovec encryption function, use iovecs for checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than coalescing iovecs into a single memory buffer. Compare: https://github.com/heimdal/heimdal/compare/c6d2bb879360...a26b618df86b **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Wed May 23 15:54:30 2018 From: noreply at github.com (GitHub) Date: Wed, 23 May 2018 06:54:30 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] ae62cc: test_rfc3961: Add HMAC tests Message-ID: <5b05729663418_e0f2b2222bb9c1073394@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: ae62cc2341c6f1bfbe96bb5749556a5435b62ad0 https://github.com/heimdal/heimdal/commit/ae62cc2341c6f1bfbe96bb5749556a5435b62ad0 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/test_rfc3961.c Log Message: ----------- test_rfc3961: Add HMAC tests Add some HMAC-SHA1 tests using the test vectors in RFC2202 Commit: c1eb9828f4191842d89744d041d74e399b7d9ca3 https://github.com/heimdal/heimdal/commit/c1eb9828f4191842d89744d041d74e399b7d9ca3 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/hcrypto/hmac.c M lib/hcrypto/hmac.h M lib/hcrypto/libhcrypto-exports.def M lib/hcrypto/version-script.map Log Message: ----------- hcrypto: Add HMAC_CTX_new and HMAC_CTX_free Add a pair of functions which can be used to allocate and free an HMAC_CTX structure on the heap. This means that the caller doesn't need to know the size of the underlying structure. Commit: eb5eae59a4beb53a44dcf13a083496192b8092b4 https://github.com/heimdal/heimdal/commit/eb5eae59a4beb53a44dcf13a083496192b8092b4 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Add _krb5_crypto_iov_should_sign helper function Add a helper function which contains the knowledge about whether a particular portion of a krb5_crypto_iovec should be signed or not. Commit: cb632bfdeb12e86e12ffde06479b92ac4c089273 https://github.com/heimdal/heimdal/commit/cb632bfdeb12e86e12ffde06479b92ac4c089273 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add _krb5_evp_digest_iov Add a function which can apply an EVP message digest algorithm over a set of iovecs to produce a signature. Commit: 3484f092e50969858ca4a3145fd364ec123e4dff https://github.com/heimdal/heimdal/commit/3484f092e50969858ca4a3145fd364ec123e4dff Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add _krb5_evp_hmac_iov Add a function which will perform an HMAC over a set of iovecs, using the hcrypto provided HMAC functions. Join contiguous iovecs together before passing them to the hash function so we make as few calls into the hash as possible. Commit: ca756f0f7fbfba9483c9a1a5ae58f34d96a5e7bb https://github.com/heimdal/heimdal/commit/ca756f0f7fbfba9483c9a1a5ae58f34d96a5e7bb Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h M lib/krb5/pac.c Log Message: ----------- krb5: Use iovecs for internal checksum handling Modify the signature of the checksum operation in the krb5_checksum_type structure so that it processes iovecs rather than solid blocks of data. Update all of the implementations of these functions for all of the checksum types that we support so that they process iovecs, either by iterating through the iovec in each function, or by calling _krb5_evp_digest_iov or _krb5_evp_hmac_iov() Update callers of these functions so that they turn their single blocks of data into a single iovec of the correct type before calling checksum Commit: 8f947638c76b0d9cb2990a32b54f6196a3b9a4dc https://github.com/heimdal/heimdal/commit/8f947638c76b0d9cb2990a32b54f6196a3b9a4dc Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Use iovecs internally for checksum verification When verifying checksums, pass iovecs through to the individual verify routines. Commit: 9a6675292697d51e7a371bd902a85eba970e7c12 https://github.com/heimdal/heimdal/commit/9a6675292697d51e7a371bd902a85eba970e7c12 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/test_rfc3961.c Log Message: ----------- test_rfc3961: Add performance tests for HMAC-SHA1 Add a selection of performance tests for HMAC-SHA1 to the RFC3961 library tests. Commit: c2271cfbfb12192fb82ab775c927c426a05fcb23 https://github.com/heimdal/heimdal/commit/c2271cfbfb12192fb82ab775c927c426a05fcb23 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto.c M lib/krb5/test_rfc3961.c Log Message: ----------- krb5: Use EVP HMAC() function for HMAC-SHA1 Use the EVP HMAC() function that we use for SHA2 HMACs for SHA1 as well. Commit: aedc1fd4bd93be5405a4ce06e2761b4aeffbd678 https://github.com/heimdal/heimdal/commit/aedc1fd4bd93be5405a4ce06e2761b4aeffbd678 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovecs throughout krb5_create_checksum_iov Rather than flattening the iovecs supplied to krb5_create_checksum_iov into a malloc()'d memory block, refactor the function so that they can be passed straight through to the backend hash functions. Commit: 152a23f2cee89656cf6bf0b415e11e02879ee579 https://github.com/heimdal/heimdal/commit/152a23f2cee89656cf6bf0b415e11e02879ee579 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Reorder checks in _key_schedule _krb5_find_enctype is a moderately expensive operation, as it does a linear search of the enctype lists. Avoid calling it in _key_schedule when we already have a key schedule in place. This change makes the most common check the first in the function. Commit: fa1e998b53c551cd76275bd27f293263d356255a https://github.com/heimdal/heimdal/commit/fa1e998b53c551cd76275bd27f293263d356255a Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Implement krb5_verify_checksum_iov with iovecs Instead of flattening the iovecs passed into krb5_verify_checksum_iov, create a new internal verify_checksum_iov function which passes iovecs down onto the individual ->verify or ->checksum functions. Commit: e50faea7f01738f4638e21f820c12619d64f0ee8 https://github.com/heimdal/heimdal/commit/e50faea7f01738f4638e21f820c12619d64f0ee8 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-evp.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h M lib/krb5/pac.c M lib/krb5/test_rfc3961.c Log Message: ----------- krb5: Store a digest context in the crypto structure Creating and destroying an EVP_CTX_MD structure with every hash operation is very expensive. Speed things up by caching one within the krb5_crypto structure. krb5_crypto can already only be safely used by one thread at a time - adding a message digest context here shouldn't introduce any further threading risks. Users of the stashed context must be careful to ensure that they call no other hash functions whilst they are in the middle of using the context. Commit: b9b8e763762554daaf110429a02e361b00b00d4c https://github.com/heimdal/heimdal/commit/b9b8e763762554daaf110429a02e361b00b00d4c Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-evp.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Stash the HMAC context in the krb5_crypto object Store the EVP HMAC context in the krb5_crypto object so that we don't have to allocate it for every hashing operating we perform. Commit: 2d84fc65bbde4d1a65f864f89abefaac08be3057 https://github.com/heimdal/heimdal/commit/2d84fc65bbde4d1a65f864f89abefaac08be3057 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/hcrypto/hmac.c Log Message: ----------- hcrypto: Make more buffers persist across HMAC operations If we don't change MD algorithm across two calls to HMAC_Init_ex using the same context, don't bother reallocating all of our buffers. Commit: 550067f6d00131762ed3ec6da11761416da4fc53 https://github.com/heimdal/heimdal/commit/550067f6d00131762ed3ec6da11761416da4fc53 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Expand list of vector types that are hashed So that we can eventually use iovec hashes with encrypt, as well as sign operations, add CRYPTO_TYPE_HEADER and CRYPTO_TYPE_PADDING to the list of iovecs which will be hashed. Commit: c45c0d3c66bb5281dfd775d5b4323e846722c432 https://github.com/heimdal/heimdal/commit/c45c0d3c66bb5281dfd775d5b4323e846722c432 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Actually 0 padding When we decide we need to zero the padding iovec, do so with 0, not with the length that we've determined. This had no effect because we zero the padding properly later, but it should be fixed, so that things still work when the later memset() goes away. Commit: 62a8fc89bcd04a51d6557f4248943e7c46dbcbb3 https://github.com/heimdal/heimdal/commit/62a8fc89bcd04a51d6557f4248943e7c46dbcbb3 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovec checksum in krb5_encrypt_iov_ivec Use the iovec checksum routines in krb5_encrypt_iov_ivec. This still marshalls all of the iovecs together to perform the encryption operation, but this change halves the amount of time spent on data marshalling in this function. Commit: 57f7373583678143fc653b888d02c19989cf938c https://github.com/heimdal/heimdal/commit/57f7373583678143fc653b888d02c19989cf938c Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto-arcfour.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-null.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- krb5: Add an optional encrypt_iov function to encryption types Add a encrypt_iov function pointer to all of our encryption types which can be used to implement an iovec based encryption routine. Modify krb5_encrypt_iov so that it calls the iovec based routine if it is available. Commit: c611a23d775524376d8b136b6e6021407a232a64 https://github.com/heimdal/heimdal/commit/c611a23d775524376d8b136b6e6021407a232a64 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-des3.c M lib/krb5/crypto-evp.c Log Message: ----------- krb5: Add EVP iovec encryption routines Add iovec routines for both padded CBC, and CTS EVP based encryption. These routines go to great lengths to minimise the number of times we call EVP_Cipher. With some EVP implementations (such as OpenSSL's AES-NI) there is a significant entrance and exit overhead from this routine, due to the use of SIMD vectors for the ivec. Commit: a1c8f029b769697a27e1467a3d79df0241e5d182 https://github.com/heimdal/heimdal/commit/a1c8f029b769697a27e1467a3d79df0241e5d182 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto.c Log Message: ----------- krb5: Add a verify mode for the HMAC_SHA1 checksum Add a verify operation for this checksum. If a verify operation isn't defined, then the verify_checksum code has to dynamically allocate and free a block of memory for the computed checksum, which can be a significant overhead when performing bulk data encryption. Commit: 8e301d44b16f267a69a13d4e24529fb223d4cb10 https://github.com/heimdal/heimdal/commit/8e301d44b16f267a69a13d4e24529fb223d4cb10 Author: Simon Wilkinson Date: 2018-05-23 (Wed, 23 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5: Use iovecs for krb5_decrypt_iov_ivec When we have an underlying iovec encryption function, use iovecs for checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than coalescing iovecs into a single memory buffer. Compare: https://github.com/heimdal/heimdal/compare/927185e732df...8e301d44b16f **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Fri May 25 17:37:59 2018 From: noreply at github.com (GitHub) Date: Fri, 25 May 2018 08:37:59 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] e5b6a3: Windows: add hcrypto headers to SDK Message-ID: <5b082dd723a60_28482b19fd295c1045371@hookshot-fe-d2afb11.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: e5b6a3390ae15dd8c781aae7c42b06bc6b2e9636 https://github.com/heimdal/heimdal/commit/e5b6a3390ae15dd8c781aae7c42b06bc6b2e9636 Author: Jeffrey Altman Date: 2018-05-25 (Fri, 25 May 2018) Changed paths: M packages/windows/sdk/NTMakefile Log Message: ----------- Windows: add hcrypto headers to SDK Create and populated the contents of the out/sdk/inc/hcrypto directory. Change-Id: I9512b67b9adfee807b303471c4b7b977ad186ae7 **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 26 00:15:48 2018 From: noreply at github.com (GitHub) Date: Fri, 25 May 2018 15:15:48 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 7501da: krb5/crypto: Fix a couple of places where return c... Message-ID: <5b088b142c67d_2b5f2ab71f871bfc497fd@hookshot-fe-cace476.cp1-iad.github.net.mail> Branch: refs/heads/sxw/iovec-fixes Home: https://github.com/heimdal/heimdal Commit: 7501da9f678c26544e274756b73bac294a5dddad https://github.com/heimdal/heimdal/commit/7501da9f678c26544e274756b73bac294a5dddad Author: Simon Wilkinson Date: 2018-05-25 (Fri, 25 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5/crypto: Fix a couple of places where return codes weren't The recent iovec changes introduced a couple of places where return codes were being incorrectly discarded. Fix them so errors get back to callers. Commit: 5276e4c603ab26c4c6c6704995723d406b64ce8c https://github.com/heimdal/heimdal/commit/5276e4c603ab26c4c6c6704995723d406b64ce8c Author: Simon Wilkinson Date: 2018-05-25 (Fri, 25 May 2018) Changed paths: M lib/hcrypto/hmac.c M lib/hcrypto/hmac.h Log Message: ----------- hcrypto: Experimental - use fixed sized pad buffers for HMAC gcc generates much faster code if it knows the size of the ipad and opad padding buffers. Make these fixed length, rather than dynamic, even though it increases the amount of working needing done. Commit: 577e02f42cfadbddccaae5324e01e804075ab707 https://github.com/heimdal/heimdal/commit/577e02f42cfadbddccaae5324e01e804075ab707 Author: Simon Wilkinson Date: 2018-05-25 (Fri, 25 May 2018) Changed paths: M kuser/heimtools-commands.in Log Message: ----------- Make Heimdal build, mutter, mutter Compare: https://github.com/heimdal/heimdal/compare/7501da9f678c^...577e02f42cfa **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 26 00:17:42 2018 From: noreply at github.com (GitHub) Date: Fri, 25 May 2018 15:17:42 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5b088b864f278_36082b2a38549c04729b2@hookshot-fe-32b5f5b.cp1-iad.github.net.mail> Branch: refs/heads/sxw/iovec-fixes Home: https://github.com/heimdal/heimdal **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 26 05:46:11 2018 From: noreply at github.com (GitHub) Date: Fri, 25 May 2018 20:46:11 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] f0bc31: krb5/crypto: Fix a couple of places where return c... Message-ID: <5b08d883efef8_75372aaecd803c10547c3@hookshot-fe-88eb02d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: f0bc313cef3873b6e2f790e436d8043c3039e72a https://github.com/heimdal/heimdal/commit/f0bc313cef3873b6e2f790e436d8043c3039e72a Author: Simon Wilkinson Date: 2018-05-25 (Fri, 25 May 2018) Changed paths: M lib/krb5/crypto.c Log Message: ----------- krb5/crypto: Fix a couple of places where return codes weren't The recent iovec changes introduced a couple of places where return codes were being incorrectly discarded. Fix them so errors get back to callers. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Sat May 26 05:46:50 2018 From: noreply at github.com (GitHub) Date: Fri, 25 May 2018 20:46:50 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <5b08d8aa9ef6b_7a5f2adfb8609c1877d8@hookshot-fe-6e9b612.cp1-iad.github.net.mail> Branch: refs/heads/sxw/iovec-fixes Home: https://github.com/heimdal/heimdal **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon May 28 13:05:04 2018 From: noreply at github.com (GitHub) Date: Mon, 28 May 2018 04:05:04 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] c7528f: krb5/crypto: Fix compiler error in new iovec CTS c... Message-ID: <5b0be260a0151_1cfa2b2a5ae41c04875f@hookshot-fe-5a11256.cp1-iad.github.net.mail> Branch: refs/heads/sxw/iovec-fixes Home: https://github.com/heimdal/heimdal Commit: c7528f66d518907764681902f370c7a66c1ecd0d https://github.com/heimdal/heimdal/commit/c7528f66d518907764681902f370c7a66c1ecd0d Author: Simon Wilkinson Date: 2018-05-28 (Mon, 28 May 2018) Changed paths: M lib/krb5/crypto-evp.c Log Message: ----------- krb5/crypto: Fix compiler error in new iovec CTS code Some versions of gcc can't follow the logic in the encryption path of the _krb5_evp_encrypt_iov_cts code, and believe that it is possible for the lastpos structure to be used uninitialised. This isn't actually possible. On entry to the loop, remaining is guaranteed to be both greater than, and a multiple of blocksize. In order to exit the loop, remaining must be set to 0. If cursor.current.length >= remaining, then we set remaining to 0 and also set lastpos. Otherwise, we calculate the number of whole blocks in the current iovec, which must be less than remaining, and subtract that from remaining. Remaining must still be a multiple of and greater than or equal to blocksize. If remaining == blocksize, we set lastpos, and set remaining to 0. Otherwise we consume a single block, and go around again. All of the paths which may set remaining to 0 also set lastpos, so lastpos must be populated when the loop terminates. Coverity has a similiar misconception, albeit with ivec2, which is mistaken for the same reasons. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. From noreply at github.com Mon May 28 14:37:24 2018 From: noreply at github.com (GitHub) Date: Mon, 28 May 2018 05:37:24 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 3046fb: krb5/crypto: Fix compiler error in new iovec CTS c... Message-ID: <5b0bf804b5b79_2e902b1d674afc04549bd@hookshot-fe-265448d.cp1-iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 3046fb914e7bcc14592c6ca4f5c2b2ea25135b41 https://github.com/heimdal/heimdal/commit/3046fb914e7bcc14592c6ca4f5c2b2ea25135b41 Author: Simon Wilkinson Date: 2018-05-28 (Mon, 28 May 2018) Changed paths: M lib/krb5/crypto-evp.c Log Message: ----------- krb5/crypto: Fix compiler error in new iovec CTS code Some versions of gcc can't follow the logic in the encryption path of the _krb5_evp_encrypt_iov_cts code, and believe that it is possible for the lastpos structure to be used uninitialised. This isn't actually possible. On entry to the loop, remaining is guaranteed to be both greater than, and a multiple of blocksize. In order to exit the loop, remaining must be set to 0. If cursor.current.length >= remaining, then we set remaining to 0 and also set lastpos. Otherwise, we calculate the number of whole blocks in the current iovec, which must be less than remaining, and subtract that from remaining. Remaining must still be a multiple of and greater than or equal to blocksize. If remaining == blocksize, we set lastpos, and set remaining to 0. Otherwise we consume a single block, and go around again. All of the paths which may set remaining to 0 also set lastpos, so lastpos must be populated when the loop terminates. Coverity has a similiar misconception, albeit with ivec2, which is mistaken for the same reasons. **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.