From owner-svn-src-stable@FreeBSD.ORG Mon Dec 16 07:01:13 2013 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CB11D8F9; Mon, 16 Dec 2013 07:01:13 +0000 (UTC) Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B62401E28; Mon, 16 Dec 2013 07:01:12 +0000 (UTC) X-AuditID: 12074425-b7fd96d000000c39-0a-52aea536c448 Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 12.4D.03129.735AEA25; Mon, 16 Dec 2013 02:01:11 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id rBG719J7014145; Mon, 16 Dec 2013 02:01:10 -0500 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id rBG716eT011981 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 16 Dec 2013 02:01:08 -0500 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id rBG71586012698; Mon, 16 Dec 2013 02:01:05 -0500 (EST) Date: Mon, 16 Dec 2013 02:01:05 -0500 (EST) From: Benjamin Kaduk To: gjb@freebsd.org Subject: Re: svn commit: r259449 - in stable/8: . crypto/heimdal/lib/gssapi/krb5 sys/sys In-Reply-To: Message-ID: References: <201312160230.rBG2UvH5008664@svn.freebsd.org> <20131216034043.GK1446@glenbarber.us> <20131216.130052.128049839311409145.hrs@allbsd.org> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmleLIzCtJLcpLzFFi42IRYrdT0TVfui7IYMsFFotJc16zWuxvPsBm cat9FbPFn/YpLBZ/Ni1ktehZfIbJYtvmvewO7B4zPs1nCWCM4rJJSc3JLEst0rdL4Mq4svAU U8Fx4Yol12YxNTBO4O9i5OSQEDCRWPOzkxnCFpO4cG89WxcjF4eQwGwmid0bfjJBOBsZJf7N 3AblHGKSOLb4GwuE08Ao8XXhZRaQfhYBbYkVizaxgthsAioSM99sZAOxRQSEJdY9OAc2l1ng CKPExbZZQEUcHMICURLX71aA1HAKOEm87LoHVs8r4CjRvbGPHWLBf0aJ/beWgSVEBXQkVu+f wgJRJChxcuYTMJtZwFLi3J/rbBMYBWchSc1CklrAyLSKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI 10IvN7NELzWldBMjOKxdVHcwTjikdIhRgINRiYdX0XJdkBBrYllxZe4hRkkOJiVR3olzgUJ8 SfkplRmJxRnxRaU5qcWHGCU4mJVEeGOurg0S4k1JrKxKLcqHSUlzsCiJ897isA8SEkhPLEnN Tk0tSC2CycpwcChJ8OotARoqWJSanlqRlplTgpBm4uAEGc4DNNwEpIa3uCAxtzgzHSJ/ilFR Spz33WKghABIIqM0D64XlnZeMYoDvSLM6w7SzgNMWXDdr4AGMwEN9t6zCmRwSSJCSqqB0Ue/ 54TWgo8dJwJqjly6p7dQpap610R5x3Xu3FfdT1dNLzlz+cSEiX0mj373vd6+lePd7W/dsRqu NlfzG/jFij7VmzQf3rzs4twapwc7tmbu2S2l+uzGIrXC3kLn7OyfDetFjm52qzaeXfz67SY7 1rtHVeW/eZbtate5V2HWkReunpt8jiVPQYmlOCPRUIu5qDgRAMKJ89MWAwAA Cc: Benjamin Kaduk , src-committers@freebsd.org, svn-src-stable@freebsd.org, svn-src-all@freebsd.org, Hiroki Sato , svn-src-stable-8@freebsd.org X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Dec 2013 07:01:13 -0000 On Sun, 15 Dec 2013, Benjamin Kaduk wrote: > On Mon, 16 Dec 2013, Hiroki Sato wrote: > >> Benjamin Kaduk wrote >> in : >> >> bj> On Sun, 15 Dec 2013, Glen Barber wrote: >> bj> >> bj> > On Mon, Dec 16, 2013 at 02:30:57AM +0000, Benjamin Kaduk wrote: >> bj> >> Author: bjk (doc committer) >> bj> >> Date: Mon Dec 16 02:30:56 2013 >> bj> >> New Revision: 259449 >> bj> >> URL: http://svnweb.freebsd.org/changeset/base/259449 >> bj> >> >> bj> >> Log: >> bj> >> MFC r259286,259424,259425: >> bj> >> Apply patch from upstream Heimdal for encoding fix >> bj> >> >> bj> >> RFC 4402 specifies the implementation of the gss_pseudo_random() >> bj> >> function for the krb5 mechanism (and the C bindings therein). >> bj> >> The implementation uses a PRF+ function that concatenates the >> output >> bj> >> of individual krb5 pseudo-random operations produced with a >> counter >> bj> >> and seed. The original implementation of this function in >> Heimdal >> bj> >> incorrectly encoded the counter as a little-endian integer, but >> the >> bj> >> RFC specifies the counter encoding as big-endian. The >> implementation >> bj> >> initializes the counter to zero, so the first block of output >> (16 >> bj> >> octets, >> bj> >> for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 >> bj> >> specifies >> bj> >> that the counter should begin at 1, but both existing >> implementations >> bj> >> begin with zero and it looks like the standard will be >> re-issued, with >> bj> >> test vectors, to begin at zero.) >> bj> >> >> bj> > >> bj> > This breaks stable/8 build. >> bj> >> bj> Looking... >> >> It seems tsize = min(desired_output_len, output.length) and >> /output.length/tsize/ just after the p+= line are missing for >> stable/9 and /8. > > Yes, a difference between heimdal 1.1 and 1.5.1. I was not happy that Nico > put an unrelated change in the bug fix, but for head it is best to take > upstream's patch as-is, to avoid causing conflicts for future imports. > > The fix is just to revert the unrelated hunk of the patch to prf.c. Committed in r259451 and r259452. Sorry for the breakage, and thanks for the prompt report. I guess my eyes failed to differentiate between "Heimdal 1.1" and "Heimdal 1.5.1" while looking at the logs deciding whether the merge was necessary. -Ben