krb5.git/src/lib/crypto, branch master-mechdconf Unnamed repository; edit this file 'description' to name the repository. Modernize default_state.c 2014-03-25T22:08:21+00:00 Greg Hudson ghudson@mit.edu 2014-03-25T14:52:38+00:00 7d87754d7d4c0398c0504f2cae0937c0d005a339 Use alloc_data() and empty_data() where appropriate. Keep mainline logic to the left where possible. Name the output parameter of krb5int_des_init_state with an _out suffix. Use a professional tone in comments. Partly based on a patch from Alok Menghrajani. 
Use alloc_data() and empty_data() where appropriate.  Keep mainline
logic to the left where possible.  Name the output parameter of
krb5int_des_init_state with an _out suffix.  Use a professional tone
in comments.  Partly based on a patch from Alok Menghrajani.
Eliminate internal fixed-width type wrappers 2014-02-26T21:15:20+00:00 Greg Hudson ghudson@mit.edu 2014-02-01T21:26:51+00:00 1041af9f85e4be342339475cf5c8878fef1de10d Directly use stdint.h names for integer types in preference to the various internal names we have made up for them. 
Directly use stdint.h names for integer types in preference to the
various internal names we have made up for them.
Get rid of builtin AES uitypes.h 2014-02-26T21:15:20+00:00 Greg Hudson ghudson@mit.edu 2014-02-01T20:23:58+00:00 42cc0d3cd2cfa02a6ba9b3e0b94000e73d83ff92 Remove uitypes.h and just include stdint.h; all we need from it is uint{8,16,32}_t. 
Remove uitypes.h and just include stdint.h; all we need from it is
uint{8,16,32}_t.
Clean up AES-NI code 2014-01-10T21:01:16+00:00 Tom Yu tlyu@mit.edu 2014-01-10T20:45:45+00:00 d658d91bb16adb5410ee2b34437630ee43cbd939 Items in .data other than shuffle_mask are unused; delete them. Delete the unused macro load_and_inc4. Move shuffle_mask to .rodata. 
Items in .data other than shuffle_mask are unused; delete them.
Delete the unused macro load_and_inc4.  Move shuffle_mask to .rodata.
Avoid text relocations in iaesx86.s 2014-01-10T20:04:32+00:00 Tom Yu tlyu@mit.edu 2014-01-10T20:04:32+00:00 3847aa109e8ff3f2781d53315f81e8d29ee35892 Use PC-relative addressing to avoid runtime text relocations on i386. Adapted patch from Nalin Dahyabhai. ticket: 7815 target_version: 1.12.1 tags: pullup 
Use PC-relative addressing to avoid runtime text relocations on i386.

Adapted patch from Nalin Dahyabhai.

ticket: 7815
target_version: 1.12.1
tags: pullup
Mark AESNI files as not needing executable stacks 2014-01-03T18:50:48+00:00 Greg Hudson ghudson@mit.edu 2014-01-03T18:50:48+00:00 c64e39c69a9a7ee32c00b0cf7918f6274a565544 Some Linux systems now come with facilities to mark the stack as non-executable, making it more difficult to exploit buffer overrun bugs. For this to work, object files built from assembly need a section added to note whether they require an executable stack. Patch from Dhiru Kholia with comments added. More information at: https://bugzilla.redhat.com/show_bug.cgi?id=1045699 https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart ticket: 7813 target_version: 1.12.1 tags: pullup 
Some Linux systems now come with facilities to mark the stack as
non-executable, making it more difficult to exploit buffer overrun
bugs.  For this to work, object files built from assembly need a
section added to note whether they require an executable stack.

Patch from Dhiru Kholia with comments added.  More information at:
https://bugzilla.redhat.com/show_bug.cgi?id=1045699
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

ticket: 7813
target_version: 1.12.1
tags: pullup
Remove a warning in AES string-to-key 2013-11-16T04:38:15+00:00 Greg Hudson ghudson@mit.edu 2013-11-16T04:38:15+00:00 e08db4b3097e31c9fd42e870b641ad97155cab39 On 32-bit platforms, the code to translate an iteration count of 0 to 2^32 can trigger a compiler warning. Since we will basically never accept an iteration count that high (right now we reject anything above 2^24), just reject it out of hand. 
On 32-bit platforms, the code to translate an iteration count of 0 to
2^32 can trigger a compiler warning.  Since we will basically never
accept an iteration count that high (right now we reject anything
above 2^24), just reject it out of hand.
Enforce minimum PBKDF2 iteration count 2013-11-15T22:42:37+00:00 Tom Yu tlyu@mit.edu 2013-11-15T21:11:32+00:00 7a7736a3ea321aeb4b281ae2712e27becb00d720 Also add a testing interface to allow weak iteration counts. (Published test vectors use weak iteration counts.) ticket: 7465 target_version: 1.12 tags: pullup 
Also add a testing interface to allow weak iteration counts.
(Published test vectors use weak iteration counts.)

ticket: 7465
target_version: 1.12
tags: pullup
Use constant-time comparisons for checksums 2013-10-03T19:26:00+00:00 Greg Hudson ghudson@mit.edu 2013-10-02T21:58:06+00:00 07d68eec2788bfe80686608813f644838707c168 






Use k5calloc instead of k5alloc where appropriate
2013-07-12T00:39:51+00:00

Greg Hudson
ghudson@mit.edu

2013-07-12T00:39:51+00:00

443ce5fef316e3dc324fe84557a06b069dbe33f9

Wherever we use k5alloc with a multiplication in the size parameter,,
use the new k5calloc helper function instead.





Wherever we use k5alloc with a multiplication in the size parameter,,
use the new k5calloc helper function instead.