Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Make zap() more reliable

The gcc assembly version of zap() could still be optimized out under
gcc 5.1 or later, and the krb5int_zap() function could be optimized
out with link-time optimization. Based on work by Zhaomo Yang and
Brian Johannesmeyer, use the C11 memset_s() when available, then fall
back to a memory barrier with gcc or clang, and finally fall back to
using krb5int_zap(). Modify krb5int_zap() to use a volatile pointer
in case link-time optimization is used.

https://github.com/krb5/krb5/commit/c163275f899b201dc2807b3ff2949d5e2ee7d838
Author: Greg Hudson <ghudson@mit.edu>
Commit: c163275f899b201dc2807b3ff2949d5e2ee7d838
Branch: master
src/aclocal.m4 | 2 ++
src/include/k5-int.h | 43 +++++++++++++++++++++++--------------------
src/util/support/zap.c | 5 ++++-
3 files changed, 29 insertions(+), 21 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Use zap() more consistently

Use zap() or zapfree() in places where we previously used memset() to
scrub memory. Reported by Zhaomo Yang and Brian Johannesmeyer.

https://github.com/krb5/krb5/commit/d58cfa06bab766cf1354bc593deea300388072c0
Author: Greg Hudson <ghudson@mit.edu>
Commit: d58cfa06bab766cf1354bc593deea300388072c0
Branch: master
src/kadmin/dbutil/kdb5_create.c | 5 +----
src/kdc/main.c | 3 +--
src/lib/crypto/builtin/enc_provider/rc4.c | 6 ++----
src/lib/gssapi/krb5/delete_sec_context.c | 2 +-
src/lib/gssapi/krb5/export_sec_context.c | 2 +-
src/lib/gssapi/krb5/lucid_context.c | 4 ++--
src/lib/gssapi/mechglue/g_initialize.c | 6 ++----
src/lib/kadm5/srv/svr_principal.c | 9 ++-------
src/lib/krb5/krb/authdata.c | 3 +--
src/lib/krb5/krb/pac.c | 11 +++--------
10 files changed, 16 insertions(+), 35 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Make zap() more reliable

The gcc assembly version of zap() could still be optimized out under
gcc 5.1 or later, and the krb5int_zap() function could be optimized
out with link-time optimization. Based on work by Zhaomo Yang and
Brian Johannesmeyer, use the C11 memset_s() when available, then fall
back to a memory barrier with gcc or clang, and finally fall back to
using krb5int_zap(). Modify krb5int_zap() to use a volatile pointer
in case link-time optimization is used.

(cherry picked from commit c163275f899b201dc2807b3ff2949d5e2ee7d838)

https://github.com/krb5/krb5/commit/100e4aa16ea03faac8346382ee0ba07c84c3df45
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 100e4aa16ea03faac8346382ee0ba07c84c3df45
Branch: krb5-1.15
src/aclocal.m4 | 2 ++
src/include/k5-int.h | 43 +++++++++++++++++++++++--------------------
src/util/support/zap.c | 5 ++++-
3 files changed, 29 insertions(+), 21 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Use zap() more consistently

Use zap() or zapfree() in places where we previously used memset() to
scrub memory. Reported by Zhaomo Yang and Brian Johannesmeyer.

(cherry picked from commit d58cfa06bab766cf1354bc593deea300388072c0)

https://github.com/krb5/krb5/commit/c051de65f9b7432a4e2c400d1a722470c08e6691
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: c051de65f9b7432a4e2c400d1a722470c08e6691
Branch: krb5-1.15
src/kadmin/dbutil/kdb5_create.c | 5 +----
src/kdc/main.c | 3 +--
src/lib/crypto/builtin/enc_provider/rc4.c | 6 ++----
src/lib/gssapi/krb5/delete_sec_context.c | 2 +-
src/lib/gssapi/krb5/export_sec_context.c | 2 +-
src/lib/gssapi/krb5/lucid_context.c | 4 ++--
src/lib/gssapi/mechglue/g_initialize.c | 6 ++----
src/lib/kadm5/srv/svr_principal.c | 9 ++-------
src/lib/krb5/krb/authdata.c | 3 +--
src/lib/krb5/krb/pac.c | 11 +++--------
10 files changed, 16 insertions(+), 35 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Make zap() more reliable

The gcc assembly version of zap() could still be optimized out under
gcc 5.1 or later, and the krb5int_zap() function could be optimized
out with link-time optimization. Based on work by Zhaomo Yang and
Brian Johannesmeyer, use the C11 memset_s() when available, then fall
back to a memory barrier with gcc or clang, and finally fall back to
using krb5int_zap(). Modify krb5int_zap() to use a volatile pointer
in case link-time optimization is used.

(cherry picked from commit c163275f899b201dc2807b3ff2949d5e2ee7d838)

https://github.com/krb5/krb5/commit/f468bec257787f0656c70ef1f247d43be2796245
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: f468bec257787f0656c70ef1f247d43be2796245
Branch: krb5-1.14
src/aclocal.m4 | 2 ++
src/include/k5-int.h | 43 +++++++++++++++++++++++--------------------
src/util/support/zap.c | 5 ++++-
3 files changed, 29 insertions(+), 21 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Use zap() more consistently

Use zap() or zapfree() in places where we previously used memset() to
scrub memory. Reported by Zhaomo Yang and Brian Johannesmeyer.

(back ported from commit d58cfa06bab766cf1354bc593deea300388072c0)

https://github.com/krb5/krb5/commit/39800f15888135f4df337f9b6f97595c75b385ad
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 39800f15888135f4df337f9b6f97595c75b385ad
Branch: krb5-1.14
src/kadmin/dbutil/kdb5_create.c | 8 ++------
src/kdc/main.c | 3 +--
src/lib/crypto/builtin/enc_provider/rc4.c | 6 ++----
src/lib/gssapi/krb5/delete_sec_context.c | 2 +-
src/lib/gssapi/krb5/export_sec_context.c | 2 +-
src/lib/gssapi/krb5/lucid_context.c | 4 ++--
src/lib/gssapi/mechglue/g_initialize.c | 6 ++----
src/lib/kadm5/srv/svr_principal.c | 9 ++-------
src/lib/krb5/krb/authdata.c | 3 +--
src/lib/krb5/krb/pac.c | 11 +++--------
10 files changed, 17 insertions(+), 37 deletions(-)