From owner-svn-src-stable@FreeBSD.ORG Mon Dec 16 04:15:52 2013 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5D394E77; Mon, 16 Dec 2013 04:15:52 +0000 (UTC) Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 42BD81FD7; Mon, 16 Dec 2013 04:15:50 +0000 (UTC) X-AuditID: 1209190e-b7efb6d000000bb9-81-52ae7e751ff6 Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id C0.F7.03001.57E7EA25; Sun, 15 Dec 2013 23:15:49 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id rBG4FmSS003819; Sun, 15 Dec 2013 23:15:48 -0500 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id rBG4FjU5004832 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 15 Dec 2013 23:15:47 -0500 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id rBG4FjhL021229; Sun, 15 Dec 2013 23:15:45 -0500 (EST) Date: Sun, 15 Dec 2013 23:15:45 -0500 (EST) From: Benjamin Kaduk X-X-Sender: kaduk@multics.mit.edu To: Hiroki Sato Subject: Re: svn commit: r259449 - in stable/8: . crypto/heimdal/lib/gssapi/krb5 sys/sys In-Reply-To: <20131216.130052.128049839311409145.hrs@allbsd.org> Message-ID: References: <201312160230.rBG2UvH5008664@svn.freebsd.org> <20131216034043.GK1446@glenbarber.us> <20131216.130052.128049839311409145.hrs@allbsd.org> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphleLIzCtJLcpLzFFi42IRYrdT0S2tWxdkcPeIosWkOa9ZLfY3H2Cz uNW+itniT/sUFos/mxayWvQsPsNksW3zXnYHdo8Zn+azBDBGcdmkpOZklqUW6dslcGXc+TiH peCwQMXGrbcYGxif8HQxcnJICJhIvHwzhw3CFpO4cG89mC0kMJtJ4umJnC5GLiB7I6PEx9tb GCGcQ0wSj14tYoNwGhgl5i++yQjSwiKgLTHx6yRWEJtNQE3i8d5mVoixihKbT01i7mLk4BAB svuPeIP0MgssZZQ4Nf8kWFxYIEri+t0KkHJOAQeJ508WsIGEeQUcJRY9t4FYdZJR4kjnJrCR ogI6Eqv3T2EBsXkFBCVOznwCZjMLWEqc+3OdbQKj0CwkqVlIUgsYmVYxyqbkVunmJmbmFKcm 6xYnJ+blpRbpGuvlZpbopaaUbmIEBTqnJN8Oxq8HlQ4xCnAwKvHwKliuCxJiTSwrrsw9xCjJ waQkyruqBijEl5SfUpmRWJwRX1Sak1p8iFGCg1lJhDfm6togId6UxMqq1KJ8mJQ0B4uSOO9N DvsgIYH0xJLU7NTUgtQimKwMB4eSBO+dWqChgkWp6akVaZk5JQhpJg5OkOE8QMN3gNTwFhck 5hZnpkPkTzEqSonzrgFJCIAkMkrz4HphiegVozjQK8K830GqeIBJDK77FdBgJqDB3ntWgQwu SURISTUwTiqzMFrdtlHNRuijz/cVmu/lBUJW+c360HbUtvXmBXaN5wfmT/HJWvPbL8k5dOHP 83eEzvUHTXHg9nm2Sez1q1U7KsNPGrkvTRKqft5Z/1h+elRKvANzgdXklBeLu6Z1b2Gbfmfd ln9XpLdqCr+Xs1/Rq/1Aubj6ltyC7zzfghtfbfu1pVVirxJLcUaioRZzUXEiAIYLUfAfAwAA Cc: bjk@freebsd.org, src-committers@freebsd.org, svn-src-stable@freebsd.org, svn-src-all@freebsd.org, gjb@freebsd.org, svn-src-stable-8@freebsd.org X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Dec 2013 04:15:52 -0000 On Mon, 16 Dec 2013, Hiroki Sato wrote: > Benjamin Kaduk wrote > in : > > bj> On Sun, 15 Dec 2013, Glen Barber wrote: > bj> > bj> > On Mon, Dec 16, 2013 at 02:30:57AM +0000, Benjamin Kaduk wrote: > bj> >> Author: bjk (doc committer) > bj> >> Date: Mon Dec 16 02:30:56 2013 > bj> >> New Revision: 259449 > bj> >> URL: http://svnweb.freebsd.org/changeset/base/259449 > bj> >> > bj> >> Log: > bj> >> MFC r259286,259424,259425: > bj> >> Apply patch from upstream Heimdal for encoding fix > bj> >> > bj> >> RFC 4402 specifies the implementation of the gss_pseudo_random() > bj> >> function for the krb5 mechanism (and the C bindings therein). > bj> >> The implementation uses a PRF+ function that concatenates the output > bj> >> of individual krb5 pseudo-random operations produced with a counter > bj> >> and seed. The original implementation of this function in Heimdal > bj> >> incorrectly encoded the counter as a little-endian integer, but the > bj> >> RFC specifies the counter encoding as big-endian. The implementation > bj> >> initializes the counter to zero, so the first block of output (16 > bj> >> octets, > bj> >> for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 > bj> >> specifies > bj> >> that the counter should begin at 1, but both existing implementations > bj> >> begin with zero and it looks like the standard will be re-issued, with > bj> >> test vectors, to begin at zero.) > bj> >> > bj> > > bj> > This breaks stable/8 build. > bj> > bj> Looking... > > It seems tsize = min(desired_output_len, output.length) and > /output.length/tsize/ just after the p+= line are missing for > stable/9 and /8. Yes, a difference between heimdal 1.1 and 1.5.1. I was not happy that Nico put an unrelated change in the bug fix, but for head it is best to take upstream's patch as-is, to avoid causing conflicts for future imports. The fix is just to revert the unrelated hunk of the patch to prf.c. -Ben