[Heimdal-source-changes] [heimdal/heimdal] 299642: krb5: Add EVP iovec encryption routines

GitHub noreply at github.com
Sat May 19 17:20:01 CEST 2018 

  Branch: refs/heads/sxw/iovecs
  Home:   https://github.com/heimdal/heimdal
  Commit: 2996421d34402830dcaccf1aa80f85af121fc6e7
      https://github.com/heimdal/heimdal/commit/2996421d34402830dcaccf1aa80f85af121fc6e7
  Author: Simon Wilkinson <sxw at auristor.com>
  Date:   2018-05-18 (Fri, 18 May 2018)

  Changed paths:
    M lib/krb5/crypto-aes-sha1.c
    M lib/krb5/crypto-des3.c
    M lib/krb5/crypto-evp.c

  Log Message:
  -----------
  krb5: Add EVP iovec encryption routines

Add iovec routines for both padded CBC, and CTS EVP based encryption.

These routines go to great lengths to minimise the number of times
we call EVP_Cipher. With some EVP implementations (such as OpenSSL's
AES-NI) there is a significant entrance and exit overhead from this
routine, due to the use of SIMD vectors for the ivec.


  Commit: 95750d384eab09aa357ed1d7ab90617570056bca
      https://github.com/heimdal/heimdal/commit/95750d384eab09aa357ed1d7ab90617570056bca
  Author: Simon Wilkinson <sxw at auristor.com>
  Date:   2018-05-18 (Fri, 18 May 2018)

  Changed paths:
    M lib/krb5/crypto-aes-sha1.c
    M lib/krb5/crypto.c

  Log Message:
  -----------
  krb5: Add a verify mode for the HMAC_SHA1 checksum

Add a verify operation for this checksum. If a verify operation isn't
defined, then the verify_checksum code has to dynamically allocate and
free a block of memory for the computed checksum, which can be a
significant overhead when performing bulk data encryption.


  Commit: a26b618df86b35f2dda121521ad5238845cb00ec
      https://github.com/heimdal/heimdal/commit/a26b618df86b35f2dda121521ad5238845cb00ec
  Author: Simon Wilkinson <sxw at auristor.com>
  Date:   2018-05-18 (Fri, 18 May 2018)

  Changed paths:
    M lib/krb5/crypto.c

  Log Message:
  -----------
  krb5: Use iovecs for krb5_decrypt_iov_ivec

When we have an underlying iovec encryption function, use iovecs for
checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than
coalescing iovecs into a single memory buffer.


Compare: https://github.com/heimdal/heimdal/compare/c6d2bb879360...a26b618df86b
      **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the Heimdal-source-changes mailing list