MFC r295134,r298338,r298655:
r295134 (by cem):
kcrypto_aes: Use separate sessions for AES and SHA1
Some hardware supports AES acceleration but not SHA1, e.g., AES-NI
extensions. It is useful to have accelerated AES even if SHA1 must be
software.
Suggested by: asomers
r298338 (by cem):
kgssapi(4): Don't allow user-provided arguments to overrun stack buffer
An over-long path argument to gssd_syscall could overrun the stack sockaddr_un
buffer. Fix gssd_syscall to not permit that.
If an over-long path is provided, gssd_syscall now returns EINVAL.
It looks like PRIV_NFS_DAEMON isn't granted anywhere, so my best guess is that
this is likely only triggerable by root.
CID:
1006751
r298655 (by cem):
kgssapi: Don't leak memory in error cases
CIDs:
1007046,
1007047,
1007048
git-svn-id: svn://svn.freebsd.org/base/stable/10@299617
ccf9f872-aa2e-dd11-9fc8-
001c23d0bc1f