krb5/Avoid-alignment-warnings-in-openssl-rc4.c.patch

From c39a5710d0e4039a4f2bbd53ec284eb89d3b83c4 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 6 May 2019 15:14:49 -0400
Subject: [PATCH] Avoid alignment warnings in openssl rc4.c

Add a comment to k5_arcfour_init_state() explaining how we stretch the
krb5_data cipher state contract.  Use void * casts when interpreting
the data pointer to avoid alignment warnings.

[ghudson@mit.edu: moved and expanded comment; rewrote commit message]

(cherry picked from commit 1cd41d76c12fc1cea0a8bf0d6a40f34623c60d6d)
---
 src/lib/crypto/openssl/enc_provider/rc4.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c
index 7f3c086ed..a65d57b7a 100644
--- a/src/lib/crypto/openssl/enc_provider/rc4.c
+++ b/src/lib/crypto/openssl/enc_provider/rc4.c
@@ -57,7 +57,7 @@ struct arcfour_state {
 
 /* In-place IOV crypto */
 static krb5_error_code
-k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data,
+k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
                    size_t num_data)
 {
     size_t i;
@@ -66,7 +66,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data,
     EVP_CIPHER_CTX *ctx = NULL;
     struct arcfour_state *arcstate;
 
-    arcstate = (state != NULL) ? (struct arcfour_state *) state->data : NULL;
+    arcstate = (state != NULL) ? (void *)state->data : NULL;
     if (arcstate != NULL) {
         ctx = arcstate->ctx;
         if (arcstate->loopback != arcstate)
@@ -113,7 +113,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data,
 static void
 k5_arcfour_free_state(krb5_data *state)
 {
-    struct arcfour_state *arcstate = (struct arcfour_state *) state->data;
+    struct arcfour_state *arcstate = (void *)state->data;
 
     EVP_CIPHER_CTX_free(arcstate->ctx);
     free(arcstate);
@@ -125,6 +125,15 @@ k5_arcfour_init_state(const krb5_keyblock *key,
 {
     struct arcfour_state *arcstate;
 
+    /*
+     * The cipher state here is a saved pointer to a struct arcfour_state
+     * object, rather than a flat byte array as in most enc providers.  The
+     * object includes a loopback pointer to detect if if the caller made a
+     * copy of the krb5_data value or otherwise assumed it was a simple byte
+     * array.  When we cast the data pointer back, we need to go through void *
+     * to avoid increased alignment warnings.
+     */
+
     /* Create a state structure with an uninitialized context. */
     arcstate = calloc(1, sizeof(*arcstate));
     if (arcstate == NULL)
Add missing newlines to deprecation warnings Switch to upstream's ksu path patch 2019-05-22 14:59:16 +00:00			`From c39a5710d0e4039a4f2bbd53ec284eb89d3b83c4 Mon Sep 17 00:00:00 2001`
Pull in 2019-05-02 static analysis updates 2019-05-10 17:50:56 +00:00			`From: Robbie Harwood <rharwood@redhat.com>`
			`Date: Mon, 6 May 2019 15:14:49 -0400`
			`Subject: [PATCH] Avoid alignment warnings in openssl rc4.c`

			`Add a comment to k5_arcfour_init_state() explaining how we stretch the`
			`krb5_data cipher state contract. Use void * casts when interpreting`
			`the data pointer to avoid alignment warnings.`

			`[ghudson@mit.edu: moved and expanded comment; rewrote commit message]`

			`(cherry picked from commit 1cd41d76c12fc1cea0a8bf0d6a40f34623c60d6d)`
			`---`
			`src/lib/crypto/openssl/enc_provider/rc4.c \| 15 ++++++++++++---`
			`1 file changed, 12 insertions(+), 3 deletions(-)`

			`diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c`
			`index 7f3c086ed..a65d57b7a 100644`
			`--- a/src/lib/crypto/openssl/enc_provider/rc4.c`
			`+++ b/src/lib/crypto/openssl/enc_provider/rc4.c`
			`@@ -57,7 +57,7 @@ struct arcfour_state {`

			`/* In-place IOV crypto */`
			`static krb5_error_code`
			`-k5_arcfour_docrypt(krb5_key key,const krb5_data state, krb5_crypto_iov data,`
			`+k5_arcfour_docrypt(krb5_key key, const krb5_data state, krb5_crypto_iov data,`
			`size_t num_data)`
			`{`
			`size_t i;`
			`@@ -66,7 +66,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data state, krb5_crypto_iov data,`
			`EVP_CIPHER_CTX *ctx = NULL;`
			`struct arcfour_state *arcstate;`

			`- arcstate = (state != NULL) ? (struct arcfour_state *) state->data : NULL;`
			`+ arcstate = (state != NULL) ? (void *)state->data : NULL;`
			`if (arcstate != NULL) {`
			`ctx = arcstate->ctx;`
			`if (arcstate->loopback != arcstate)`
			`@@ -113,7 +113,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data state, krb5_crypto_iov data,`
			`static void`
			`k5_arcfour_free_state(krb5_data *state)`
			`{`
			`- struct arcfour_state arcstate = (struct arcfour_state ) state->data;`
			`+ struct arcfour_state arcstate = (void )state->data;`

			`EVP_CIPHER_CTX_free(arcstate->ctx);`
			`free(arcstate);`
			`@@ -125,6 +125,15 @@ k5_arcfour_init_state(const krb5_keyblock *key,`
			`{`
			`struct arcfour_state *arcstate;`

			`+ /*`
			`+ * The cipher state here is a saved pointer to a struct arcfour_state`
			`+ * object, rather than a flat byte array as in most enc providers. The`
			`+ * object includes a loopback pointer to detect if if the caller made a`
			`+ * copy of the krb5_data value or otherwise assumed it was a simple byte`
			`+ * array. When we cast the data pointer back, we need to go through void *`
			`+ * to avoid increased alignment warnings.`
			`+ */`
			`+`
			`/* Create a state structure with an uninitialized context. */`
			`arcstate = calloc(1, sizeof(*arcstate));`
			`if (arcstate == NULL)`