From owner-svn-src-stable@FreeBSD.ORG Mon Dec 16 02:25:29 2013 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 80A48459; Mon, 16 Dec 2013 02:25:29 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6C27216D0; Mon, 16 Dec 2013 02:25:29 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rBG2PTDv005651; Mon, 16 Dec 2013 02:25:29 GMT (envelope-from bjk@svn.freebsd.org) Received: (from bjk@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id rBG2PSwj005645; Mon, 16 Dec 2013 02:25:28 GMT (envelope-from bjk@svn.freebsd.org) Message-Id: <201312160225.rBG2PSwj005645@svn.freebsd.org> From: Benjamin Kaduk Date: Mon, 16 Dec 2013 02:25:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r259448 - in stable/9: . crypto/heimdal/lib/gssapi/krb5 sys/sys X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Dec 2013 02:25:29 -0000 Author: bjk (doc committer) Date: Mon Dec 16 02:25:28 2013 New Revision: 259448 URL: http://svnweb.freebsd.org/changeset/base/259448 Log: MFC r259286,259424,259425: Apply patch from upstream Heimdal for encoding fix RFC 4402 specifies the implementation of the gss_pseudo_random() function for the krb5 mechanism (and the C bindings therein). The implementation uses a PRF+ function that concatenates the output of individual krb5 pseudo-random operations produced with a counter and seed. The original implementation of this function in Heimdal incorrectly encoded the counter as a little-endian integer, but the RFC specifies the counter encoding as big-endian. The implementation initializes the counter to zero, so the first block of output (16 octets, for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 specifies that the counter should begin at 1, but both existing implementations begin with zero and it looks like the standard will be re-issued, with test vectors, to begin at zero.) This is upstream's commit f85652af868e64811f2b32b815d4198e7f9017f6, from 13 October, 2013: % Fix krb5's gss_pseudo_random() (n is big-endian) % % The first enctype RFC3961 prf output length's bytes are correct because % the little- and big-endian representations of unsigned zero are the % same. The second block of output was wrong because the counter was not % being encoded as big-endian. % % This change could break applications. But those applications would not % have been interoperating with other implementations anyways (in % particular: MIT's). Bump __FreeBSD_version accordingly and add a note in UPDATING. Approved by: hrs (mentor, src committer) Modified: stable/9/UPDATING (contents, props changed) stable/9/crypto/heimdal/lib/gssapi/krb5/prf.c stable/9/sys/sys/param.h Directory Properties: stable/9/crypto/heimdal/ (props changed) stable/9/sys/ (props changed) stable/9/sys/sys/ (props changed) Modified: stable/9/UPDATING ============================================================================== --- stable/9/UPDATING Mon Dec 16 02:04:28 2013 (r259447) +++ stable/9/UPDATING Mon Dec 16 02:25:28 2013 (r259448) @@ -11,6 +11,17 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20131216: + The behavior of gss_pseudo_random() for the krb5 mechanism + has changed, for applications requesting a longer random string + than produced by the underlying enctype's pseudo-random() function. + In particular, the random string produced from a session key of + enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will + be different at the 17th octet and later, after this change. + The counter used in the PRF+ construction is now encoded as a + big-endian integer in accordance with RFC 4402. + __FreeBSD_version is bumped to 902505. + 20130930: 9.2-RELEASE. Modified: stable/9/crypto/heimdal/lib/gssapi/krb5/prf.c ============================================================================== --- stable/9/crypto/heimdal/lib/gssapi/krb5/prf.c Mon Dec 16 02:04:28 2013 (r259447) +++ stable/9/crypto/heimdal/lib/gssapi/krb5/prf.c Mon Dec 16 02:25:28 2013 (r259448) @@ -117,7 +117,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_ num = 0; p = prf_out->value; while(desired_output_len > 0) { - _gsskrb5_encode_om_uint32(num, input.data); + _gsskrb5_encode_be_om_uint32(num, input.data); ret = krb5_crypto_prf(context, crypto, &input, &output); if (ret) { OM_uint32 junk; @@ -129,7 +129,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_ return GSS_S_FAILURE; } memcpy(p, output.data, min(desired_output_len, output.length)); - p += output.length; + p += tsize; desired_output_len -= output.length; krb5_data_free(&output); num++; Modified: stable/9/sys/sys/param.h ============================================================================== --- stable/9/sys/sys/param.h Mon Dec 16 02:04:28 2013 (r259447) +++ stable/9/sys/sys/param.h Mon Dec 16 02:25:28 2013 (r259448) @@ -58,7 +58,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 902504 /* Master, propagated to newvers */ +#define __FreeBSD_version 902505 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,