From owner-svn-src-all@FreeBSD.ORG Mon Dec 16 03:48:53 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 097CCE96; Mon, 16 Dec 2013 03:48:53 +0000 (UTC) Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 08D4D1DBC; Mon, 16 Dec 2013 03:48:51 +0000 (UTC) X-AuditID: 1209190c-b7f7f6d000000bbd-80-52ae782210c6 Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id C3.C5.03005.2287EA25; Sun, 15 Dec 2013 22:48:50 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id rBG3mnrc001867; Sun, 15 Dec 2013 22:48:49 -0500 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id rBG3mkTW029404 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 15 Dec 2013 22:48:48 -0500 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id rBG3mkiX017764; Sun, 15 Dec 2013 22:48:46 -0500 (EST) Date: Sun, 15 Dec 2013 22:48:46 -0500 (EST) From: Benjamin Kaduk X-X-Sender: kaduk@multics.mit.edu To: Glen Barber Subject: Re: svn commit: r259449 - in stable/8: . crypto/heimdal/lib/gssapi/krb5 sys/sys In-Reply-To: <20131216034043.GK1446@glenbarber.us> Message-ID: References: <201312160230.rBG2UvH5008664@svn.freebsd.org> <20131216034043.GK1446@glenbarber.us> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupkleLIzCtJLcpLzFFi42IRYrdT0VWqWBdksOKAhMWkOa9ZLfY3H2Cz +NM+hcXiz6aFrBY9i88wWWzbvJfdgc1jxqf5LAGMUVw2Kak5mWWpRfp2CVwZ9+euYS5YzFWx 4/U/pgbGJo4uRk4OCQETiUnLNzFC2GISF+6tZ+ti5OIQEpjNJPHpXDM7hLORUWLRwV2MEM4h Jokdv0+yQDgNjBLvZ89jAelnEdCWODRlHyuIzSagJvF4bzMrxFxFic2nJjGD2CJA9rK1z8DG MgssZZTYuXcfkMPBISwQJXH9bgVIDaeAkcSUpY/A6nkFHCU2H7kPNkdIIF6iYe9fsFtFBXQk Vu+fwgJRIyhxcuYTMJtZwFLi3J/rbBMYhWYhSc1CklrAyLSKUTYlt0o3NzEzpzg1Wbc4OTEv L7VI11AvN7NELzWldBMjKMQ5JXl2ML45qHSIUYCDUYmHV8FyXZAQa2JZcWXuIUZJDiYlUV62 cqAQX1J+SmVGYnFGfFFpTmrxIUYJDmYlEd6Yq2uDhHhTEiurUovyYVLSHCxK4rw3OeyDhATS E0tSs1NTC1KLYLIyHBxKErw8IEMFi1LTUyvSMnNKENJMHJwgw3mAhr8sA6rhLS5IzC3OTIfI n2JUlBLn/QCSEABJZJTmwfXCUtArRnGgV4R534JU8QDTF1z3K6DBTECDvfesAhlckoiQkmpg XLvy94fVsYopb4UmP3wStOnUwWUFYeqMy6V79sw5mn31wGxbvYObo5fxvW4WzM6uakzaq3Vq Y0/UVI28u8ut5rxrCp54zeLy/HUTde5nqwQ9uHy1a2bo4j9JTbGSbz965+7s2dV0Ns9G43W1 zOqPUu+ZOjlqr8efVlBgOSXpvHHnGuNflZv+VSqxFGckGmoxFxUnAgDFFRfEHAMAAA== Cc: Benjamin Kaduk , svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org, svn-src-stable@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Dec 2013 03:48:53 -0000 On Sun, 15 Dec 2013, Glen Barber wrote: > On Mon, Dec 16, 2013 at 02:30:57AM +0000, Benjamin Kaduk wrote: >> Author: bjk (doc committer) >> Date: Mon Dec 16 02:30:56 2013 >> New Revision: 259449 >> URL: http://svnweb.freebsd.org/changeset/base/259449 >> >> Log: >> MFC r259286,259424,259425: >> Apply patch from upstream Heimdal for encoding fix >> >> RFC 4402 specifies the implementation of the gss_pseudo_random() >> function for the krb5 mechanism (and the C bindings therein). >> The implementation uses a PRF+ function that concatenates the output >> of individual krb5 pseudo-random operations produced with a counter >> and seed. The original implementation of this function in Heimdal >> incorrectly encoded the counter as a little-endian integer, but the >> RFC specifies the counter encoding as big-endian. The implementation >> initializes the counter to zero, so the first block of output (16 octets, >> for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 specifies >> that the counter should begin at 1, but both existing implementations >> begin with zero and it looks like the standard will be re-issued, with >> test vectors, to begin at zero.) >> > > This breaks stable/8 build. Looking... -Ben