[Heimdal-source-changes] [heimdal/heimdal] a88d00: Fix PKCS#11 hcrypto backend regression (#314, #315...

Fre May 11 05:27:35 CEST 2018

  Branch: refs/heads/master
  Home:   https://github.com/heimdal/heimdal
  Commit: a88d00660efc0de15514f0957a51954478e31f45
      https://github.com/heimdal/heimdal/commit/a88d00660efc0de15514f0957a51954478e31f45
  Author: Luke Howard <lukeh at padl.com>
  Date:   2018-05-11 (Fri, 11 May 2018)

  Changed paths:
    M lib/hcrypto/evp-pkcs11.c
    M lib/hcrypto/evp.h

  Log Message:
  -----------
  Fix PKCS#11 hcrypto backend regression (#314, #315, #316, #317)

81c778e broke the PKCS#11 hcrypto backend broke for many cases as it did
not support cipherstate resetting. (Prior to 81c778e, which was to fix #194,
the PKCS#11 backend did not support cipherstate chaining across invocations.)

hcrypto backends that maintain cipherstate independently of the hcrypto
context IV field need to set EVP_CIPH_ALWAYS_CALL_INIT to avoid the two
diverging. Their init function should support resetting the cipherstate
independently of key scheduling.

  Commit: 590be3d7dadb8e17a15261bce9275f37f6dfc917
      https://github.com/heimdal/heimdal/commit/590be3d7dadb8e17a15261bce9275f37f6dfc917
  Author: Luke Howard <lukeh at padl.com>
  Date:   2018-05-11 (Fri, 11 May 2018)

  Changed paths:
    M lib/hcrypto/evp-pkcs11.c

  Log Message:
  -----------
  hcrypto PKCS#11 backend: allow digest update with NULL (#378)

Some callers of EVP_DigestUpdate (such as libntlm) pass NULL as the
data argument. PKCS#11 returns CKR_ARGUMENTS_BAD which may poison
the context. Pass an empty string to C_DigestUpdate work around this.

Compare: https://github.com/heimdal/heimdal/compare/a2822719e6f9...590be3d7dadb
      **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.