Date: Mon, 16 Dec 2013 02:01:05 -0500 (EST) From: Benjamin Kaduk <kaduk@MIT.EDU> To: gjb@freebsd.org Cc: Benjamin Kaduk <bjk@freebsd.org>, src-committers@freebsd.org, svn-src-stable@freebsd.org, svn-src-all@freebsd.org, Hiroki Sato <hrs@freebsd.org>, svn-src-stable-8@freebsd.org Subject: Re: svn commit: r259449 - in stable/8: . crypto/heimdal/lib/gssapi/krb5 sys/sys Message-ID: <alpine.GSO.1.10.1312160157150.27579@multics.mit.edu> In-Reply-To: <alpine.GSO.1.10.1312152313540.27579@multics.mit.edu> References: <201312160230.rBG2UvH5008664@svn.freebsd.org> <20131216034043.GK1446@glenbarber.us> <alpine.GSO.1.10.1312152248100.27579@multics.mit.edu> <20131216.130052.128049839311409145.hrs@allbsd.org> <alpine.GSO.1.10.1312152313540.27579@multics.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 15 Dec 2013, Benjamin Kaduk wrote: > On Mon, 16 Dec 2013, Hiroki Sato wrote: > >> Benjamin Kaduk <bjk@FreeBSD.org> wrote >> in <alpine.GSO.1.10.1312152248100.27579@multics.mit.edu>: >> >> bj> On Sun, 15 Dec 2013, Glen Barber wrote: >> bj> >> bj> > On Mon, Dec 16, 2013 at 02:30:57AM +0000, Benjamin Kaduk wrote: >> bj> >> Author: bjk (doc committer) >> bj> >> Date: Mon Dec 16 02:30:56 2013 >> bj> >> New Revision: 259449 >> bj> >> URL: http://svnweb.freebsd.org/changeset/base/259449 >> bj> >> >> bj> >> Log: >> bj> >> MFC r259286,259424,259425: >> bj> >> Apply patch from upstream Heimdal for encoding fix >> bj> >> >> bj> >> RFC 4402 specifies the implementation of the gss_pseudo_random() >> bj> >> function for the krb5 mechanism (and the C bindings therein). >> bj> >> The implementation uses a PRF+ function that concatenates the >> output >> bj> >> of individual krb5 pseudo-random operations produced with a >> counter >> bj> >> and seed. The original implementation of this function in >> Heimdal >> bj> >> incorrectly encoded the counter as a little-endian integer, but >> the >> bj> >> RFC specifies the counter encoding as big-endian. The >> implementation >> bj> >> initializes the counter to zero, so the first block of output >> (16 >> bj> >> octets, >> bj> >> for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 >> bj> >> specifies >> bj> >> that the counter should begin at 1, but both existing >> implementations >> bj> >> begin with zero and it looks like the standard will be >> re-issued, with >> bj> >> test vectors, to begin at zero.) >> bj> >> >> bj> > >> bj> > This breaks stable/8 build. >> bj> >> bj> Looking... >> >> It seems tsize = min(desired_output_len, output.length) and >> /output.length/tsize/ just after the p+= line are missing for >> stable/9 and /8. > > Yes, a difference between heimdal 1.1 and 1.5.1. I was not happy that Nico > put an unrelated change in the bug fix, but for head it is best to take > upstream's patch as-is, to avoid causing conflicts for future imports. > > The fix is just to revert the unrelated hunk of the patch to prf.c. Committed in r259451 and r259452. Sorry for the breakage, and thanks for the prompt report. I guess my eyes failed to differentiate between "Heimdal 1.1" and "Heimdal 1.5.1" while looking at the logs deciding whether the merge was necessary. -Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.GSO.1.10.1312160157150.27579>