svn commit: r259449 - in stable/8: . crypto/heimdal/lib/gssapi/krb5 sys/sys
Benjamin Kaduk
bjk at freebsd.org
Mon Dec 16 04:15:52 UTC 2013
On Mon, 16 Dec 2013, Hiroki Sato wrote:
> Benjamin Kaduk <bjk at FreeBSD.org> wrote
> in <alpine.GSO.1.10.1312152248100.27579 at multics.mit.edu>:
>
> bj> On Sun, 15 Dec 2013, Glen Barber wrote:
> bj>
> bj> > On Mon, Dec 16, 2013 at 02:30:57AM +0000, Benjamin Kaduk wrote:
> bj> >> Author: bjk (doc committer)
> bj> >> Date: Mon Dec 16 02:30:56 2013
> bj> >> New Revision: 259449
> bj> >> URL: http://svnweb.freebsd.org/changeset/base/259449
> bj> >>
> bj> >> Log:
> bj> >> MFC r259286,259424,259425:
> bj> >> Apply patch from upstream Heimdal for encoding fix
> bj> >>
> bj> >> RFC 4402 specifies the implementation of the gss_pseudo_random()
> bj> >> function for the krb5 mechanism (and the C bindings therein).
> bj> >> The implementation uses a PRF+ function that concatenates the output
> bj> >> of individual krb5 pseudo-random operations produced with a counter
> bj> >> and seed. The original implementation of this function in Heimdal
> bj> >> incorrectly encoded the counter as a little-endian integer, but the
> bj> >> RFC specifies the counter encoding as big-endian. The implementation
> bj> >> initializes the counter to zero, so the first block of output (16
> bj> >> octets,
> bj> >> for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402
> bj> >> specifies
> bj> >> that the counter should begin at 1, but both existing implementations
> bj> >> begin with zero and it looks like the standard will be re-issued, with
> bj> >> test vectors, to begin at zero.)
> bj> >>
> bj> >
> bj> > This breaks stable/8 build.
> bj>
> bj> Looking...
>
> It seems tsize = min(desired_output_len, output.length) and
> /output.length/tsize/ just after the p+= line are missing for
> stable/9 and /8.
Yes, a difference between heimdal 1.1 and 1.5.1. I was not happy that
Nico put an unrelated change in the bug fix, but for head it is best to
take upstream's patch as-is, to avoid causing conflicts for future
imports.
The fix is just to revert the unrelated hunk of the patch to prf.c.
-Ben
More information about the svn-src-stable-8
mailing list