K 10
svn:author
V 4
ngie
K 8
svn:date
V 27
2016-05-13T08:25:06.096815Z
K 7
svn:log
V 791
MFC r295134,r298338,r298655:

r295134 (by cem):

kcrypto_aes: Use separate sessions for AES and SHA1

Some hardware supports AES acceleration but not SHA1, e.g., AES-NI
extensions.  It is useful to have accelerated AES even if SHA1 must be
software.

Suggested by:	asomers

r298338 (by cem):

kgssapi(4): Don't allow user-provided arguments to overrun stack buffer

An over-long path argument to gssd_syscall could overrun the stack sockaddr_un
buffer.  Fix gssd_syscall to not permit that.

If an over-long path is provided, gssd_syscall now returns EINVAL.

It looks like PRIV_NFS_DAEMON isn't granted anywhere, so my best guess is that
this is likely only triggerable by root.

CID:		1006751

r298655 (by cem):

kgssapi: Don't leak memory in error cases

CIDs:		1007046, 1007047, 1007048

END