search for: safe_memset

...0.0919 libdovecot.so.0.0.0 io_loop_handler_run 36 0.4729 libdovecot.so.0.0.0 imap_parser_reset 227 2.9817 libdovecot.so.0.0.0 pool_alloconly_unref 7339 96.4009 libdovecot.so.0.0.0 pool_alloconly_clear 7710 3.2463 libdovecot.so.0.0.0 safe_memset 7710 100.000 libdovecot.so.0.0.0 safe_memset [self] ------- 1 0.0148 libdovecot.so.0.0.0 i_stream_limit_read 2 0.0296 libdovecot.so.0.0.0 i_stream_header_filt(..) 6 0.0888 libdovecot.so.0.0.0 imap_parser_destroy 8 0.1184 li...

...irst_message, ",", request->client_final_message_without_proof, NULL); - hmac_init(&ctx, request->salted_password, - sizeof(request->salted_password), &hash_method_sha1); - hmac_update(&ctx, "Server Key", 10); - hmac_final(&ctx, server_key); - - safe_memset(request->salted_password, 0, - sizeof(request->salted_password)); - - hmac_init(&ctx, server_key, sizeof(server_key), &hash_method_sha1); + hmac_init(&ctx, request->server_key->data, request->server_key->used, + &hash_method_sha1); hmac_update(&ctx, a...

...a1_update(&ctx, "Server Key", 10); - hmac_sha1_final(&ctx, server_key); + hmac_init(&ctx, request->salted_password, + sizeof(request->salted_password), &hash_method_sha1); + hmac_update(&ctx, "Server Key", 10); + hmac_final(&ctx, server_key); safe_memset(request->salted_password, 0, sizeof(request->salted_password)); - hmac_sha1_init(&ctx, server_key, sizeof(server_key)); - hmac_sha1_update(&ctx, auth_message, strlen(auth_message)); - hmac_sha1_final(&ctx, server_signature); + hmac_init(&ctx, server_key, sizeof(server...

Hello, attached patch contains small NTLM fixes: - open code ntlmssp_des_encrypt_triad() function; - add two missing safe_memset(). It's not safe to leave NTLM hashes on the stack, because they are plain password equivalents. Please consider applying. Best regards. -- Andrey Panin | Linux and UNIX system administrator pazke at donpac.ru | PGP key: wwwkeys.pgp.net -------------- next part -------------- diff -urp...

...arlier to this list. I changed it, based on the suggestions by Andrey Panin (AP). Also some other parts have been changed, summary as follows: [sha2.h] - typedef of context dropped for consistency (AP) - removed ifndef SHA2_TYPES part (AP) - removed sha256() prototype [sha2.c] - added lib.h and safe_memset.h includes - added static const to sha256_h0[8] and sha256_k[64] (AP) - replaced memset with safe_memset - used standard types from stdint.h: (AP) - uint32 -> uint32_t - uint8 -> uint8_t - removed strings.h include - removed PACK64 and UNPACK64 (defined but not used) The updated patc...

...len = 0; while (len < max_chars && ((const char *) str)[len] != '\0') len++; */ len = strnlen(str, max_chars); And after changes strdup drop down on the profile list. This is output from oprofile: samples % symbol name 28000 10.9764 p_strdup 8507 3.3349 safe_memset 7857 3.0801 .plt 7627 2.9899 buffer_write 6871 2.6935 parse_body_add_block And after (about four times smaller samples, but shows everything): samples % symbol name 9595 26.2625 parse_next_body_to_boundary 8247 22.5729 parse_body_add_block 772 2.1130 .plt...

...after '\r' addition (to dest), It didn't skip '\n' in source buffer. I think this was buggy in earlier code, and '\n' was skipped (this piece of code is used very rare). Please check this out. This can help in huge e-mail systems :P And another problem. Why You use safe_memset instead of memset? Now this function have the largest impact in Dovecot performance. Another on list is t_push. Regards, Len7hir -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dovecot-patch1.diff URL: <http://dovecot.org/pipermail/dovecot...

...;pw_passwd) == 0; + + if (strncmp(vpw->pw_passwd, "$1$", 3) == 0) + password_crypt = md5_crypt(password, vpw->pw_passwd); + else password_crypt = crypt(password, vpw->pw_passwd); + + result = strcmp(password_crypt, vpw->pw_passwd) == 0; safe_memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd)); if (!result) {

...code: - Prototype for sha256_transf is added to sha2.h - sha256_get_digest() is added to sha2{.h,.c} - Code for UNROLL_LOOPS is removed - Support for SHA224,SHA384,SHA512 was removed - Functions are renamed to match those in sha1{.h,.c} - SHA256_DIGEST_SIZE is renamed to SHA256_RESULTLEN I can add safe_memset calls if requested. Patch is attached and can also be found at http://www.malochia.nl/dovecot/sha256.patch Kind regards, Jasper -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: sha256.patch URL: <http://dovecot.org/pipermail/dovecot/at...

...UTH_CLIENT_RESULT_CONTINUE; + + reply.reply_idx = 0; + reply.data_size = strlen(prompt2); + callback(&reply, prompt2, auth_request->conn); + } else { + char *pass = p_strndup(unsafe_data_stack_pool, data, data_size); + + passdb->verify_plain(auth_request, pass, verify_callback); + + safe_memset(pass, 0, strlen(pass)); + } + + return TRUE; +} + +static int +mech_login_auth_initial(struct auth_request *auth_request, + struct auth_client_request_new *request, + const unsigned char *data __attr_unused__, + mech_callback_t *callback) +{ + struct auth_client_request_repl...

....reply_idx = 0; + reply.data_size = 0; + callback(&reply, "", auth_request->conn); + + return TRUE; +} + +static void +mech_rpa_auth_free(struct auth_request *auth_request) +{ + struct rpa_auth_request *auth = + (struct rpa_auth_request *)auth_request; + + if (auth->pwd_md5) + safe_memset(auth->pwd_md5, 0, 16); + + pool_unref(auth_request->pool); +} + +static struct auth_request *mech_rpa_auth_new(void) +{ + struct rpa_auth_request *auth; + pool_t pool; + + pool = pool_alloconly_create("rpa_auth_request", 256); + auth = p_new(pool, struct rpa_auth_request, 1); + auth...

...digest", get_log_prefix(auth_request)); + mech_auth_finish(auth_request, NULL, 0, FALSE); + return; + } + + md5_init(&ctx); + md5_update(&ctx, auth->challenge, strlen(auth->challenge)); + md5_update(&ctx, credentials, strlen(credentials)); + md5_final(&ctx, digest); + + safe_memset((void *) credentials, 0, strlen(credentials)); + + mech_auth_finish(auth_request, NULL, 0, + memcmp(digest, remote_digest, 16) ? FALSE : TRUE); +} + +static int +mech_apop_auth_initial(struct auth_request *auth_request, + struct auth_client_request_new *request, + const unsigned char *data,...

....libs/libssl_iostream_openssl.so: undefined reference to `p_strdup' .libs/libssl_iostream_openssl.so: undefined reference to `ssl_iostream_handshake' .libs/libssl_iostream_openssl.so: undefined reference to `o_stream_unref' .libs/libssl_iostream_openssl.so: undefined reference to `safe_memset' .libs/libssl_iostream_openssl.so: undefined reference to `i_stream_alloc' .libs/libssl_iostream_openssl.so: undefined reference to `i_stream_get_data_size' .libs/libssl_iostream_openssl.so: undefined reference to `o_stream_get_buffer_used_size' .libs/libssl_iostream_openssl.so: u...

...equest_log_info(request, "x-plain-submit", + "non-submit login"); + auth_request_fail(request); + } + } else { auth_request_verify_plain(request, pass, plain_verify_callback); @@ -64,6 +79,14 @@ safe_memset(pass, 0, strlen(pass)); } +/* APPLE - urlauth */ +static void +mech_plain_auth_continue(struct auth_request *request, + const unsigned char *data, size_t data_size) +{ + mech_plain_auth_continue_submit(request, data, data_size, FALSE); +} + static struct auth_request *mech_plain_auth_new(voi...