From owner-svn-src-stable-8@FreeBSD.ORG Mon Dec 16 03:40:46 2013 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A46B9D0F; Mon, 16 Dec 2013 03:40:46 +0000 (UTC) Received: from mail0.glenbarber.us (mail0.glenbarber.us [208.86.227.67]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 742FC1D4E; Mon, 16 Dec 2013 03:40:46 +0000 (UTC) Received: from glenbarber.us (unknown [IPv6:2001:470:8:1205:5604:a6ff:fe3a:96ea]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: gjb) by mail0.glenbarber.us (Postfix) with ESMTPSA id B624222A4F; Mon, 16 Dec 2013 03:40:44 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.8.3 mail0.glenbarber.us B624222A4F Authentication-Results: mail0.glenbarber.us; dkim=none reason="no signature"; dkim-adsp=none Date: Sun, 15 Dec 2013 22:40:43 -0500 From: Glen Barber To: Benjamin Kaduk Subject: Re: svn commit: r259449 - in stable/8: . crypto/heimdal/lib/gssapi/krb5 sys/sys Message-ID: <20131216034043.GK1446@glenbarber.us> References: <201312160230.rBG2UvH5008664@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="M9kwpIYUMbI/2cCx" Content-Disposition: inline In-Reply-To: <201312160230.rBG2UvH5008664@svn.freebsd.org> X-Operating-System: FreeBSD 11.0-CURRENT amd64 User-Agent: Mutt/1.5.22 (2013-10-16) Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Dec 2013 03:40:46 -0000 --M9kwpIYUMbI/2cCx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 16, 2013 at 02:30:57AM +0000, Benjamin Kaduk wrote: > Author: bjk (doc committer) > Date: Mon Dec 16 02:30:56 2013 > New Revision: 259449 > URL: http://svnweb.freebsd.org/changeset/base/259449 >=20 > Log: > MFC r259286,259424,259425: > Apply patch from upstream Heimdal for encoding fix > =20 > RFC 4402 specifies the implementation of the gss_pseudo_random() > function for the krb5 mechanism (and the C bindings therein). > The implementation uses a PRF+ function that concatenates the output > of individual krb5 pseudo-random operations produced with a counter > and seed. The original implementation of this function in Heimdal > incorrectly encoded the counter as a little-endian integer, but the > RFC specifies the counter encoding as big-endian. The implementation > initializes the counter to zero, so the first block of output (16 oct= ets, > for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 speci= fies > that the counter should begin at 1, but both existing implementations > begin with zero and it looks like the standard will be re-issued, with > test vectors, to begin at zero.) > =20 This breaks stable/8 build. Glen --M9kwpIYUMbI/2cCx Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCAAGBQJSrnY7AAoJELls3eqvi17QHvwP/jR7CKp7Jdj6L+nzmCk6u6nR lKFdkwNjnG/b2W+Rr4KVREZGReNe1+t++OnFrSgo3HuWc5Ou8ulXKHeg4NSRinf2 3RO2gLNZhSi6EH3GHdgRronJcRi4N9Fo91n0CV3uUQswA6CeMD9150sgaKEH91r4 CH9cXGO5XBiws1wlAkUpYq74Yg8urREyMqxgbPC/iQV6KUCKCEczfpc/aGD8B5Tn 32Ytk0U3XhHQHrVvZxwx3w15HEztQSD7aPclgaq599wOLt9wqQELkaQd8DmxJdVm UzqMcHc6c6JMTNGmr9eEftGPoMAfcI6ws7sa+JQVZPW9GJRik5YeQC5dfmth92Gr e62YwJ8+99WCnOYcRsH8charCaNfaIc3TsCklwU8QfusFNZS+GojhU0WnRSbW5v2 KuJ7sl9nH02DoN2UspFhTNX0OXroOJgZUeV9y98veBnEpnI+BJAY/Naul8Ya17wE WnoVUaib8GOmoPevIx1CjxrZJtJC3uyJKhXF9HwUwa2LqAjolilNatbzFYBDnjRP TvdPD8NnuMMPT2+QJU+tZaKY7QXQbj872a8zjgyw7yCW37U5diTnJ1gOdb/EXO8k aO9nE8j2wdqJpr9u8Yrhg5kLgykfDHzxr4Zg5ecRHVlcOxUYiD+2SHV4pbzq+RUu iUV2m96IaeSO/xlN88zI =kaj+ -----END PGP SIGNATURE----- --M9kwpIYUMbI/2cCx--