Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Dec 2013 03:09:29 +0000 (UTC)
From:      Benjamin Kaduk <bjk@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r259286 - head/crypto/heimdal/lib/gssapi/krb5
Message-ID:  <201312130309.rBD39TTm016016@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bjk (doc committer)
Date: Fri Dec 13 03:09:29 2013
New Revision: 259286
URL: http://svnweb.freebsd.org/changeset/base/259286

Log:
  Apply patch from upstream Heimdal for encoding fix
  
  RFC 4402 specifies the implementation of the gss_pseudo_random()
  function for the krb5 mechanism (and the C bindings therein).
  The implementation uses a PRF+ function that concatenates the output
  of individual krb5 pseudo-random operations produced with a counter
  and seed.  The original implementation of this function in Heimdal
  incorrectly encoded the counter as a little-endian integer, but the
  RFC specifies the counter encoding as big-endian.  The implementation
  initializes the counter to zero, so the first block of output (16 octets,
  for the modern AES enctypes 17 and 18) is unchanged.  (RFC 4402 specifies
  that the counter should begin at 1, but both existing implementations
  begin with zero and it looks like the standard will be re-issued, with
  test vectors, to begin at zero.)
  
  This is upstream's commit f85652af868e64811f2b32b815d4198e7f9017f6,
  from 13 October, 2013:
  % Fix krb5's gss_pseudo_random() (n is big-endian)
  %
  % The first enctype RFC3961 prf output length's bytes are correct because
  % the little- and big-endian representations of unsigned zero are the
  % same.  The second block of output was wrong because the counter was not
  % being encoded as big-endian.
  %
  % This change could break applications.  But those applications would not
  % have been interoperating with other implementations anyways (in
  % particular: MIT's).
  
  Approved by:	hrs (mentor, src committer)
  MFC after:	3 days

Modified:
  head/crypto/heimdal/lib/gssapi/krb5/prf.c

Modified: head/crypto/heimdal/lib/gssapi/krb5/prf.c
==============================================================================
--- head/crypto/heimdal/lib/gssapi/krb5/prf.c	Fri Dec 13 02:47:41 2013	(r259285)
+++ head/crypto/heimdal/lib/gssapi/krb5/prf.c	Fri Dec 13 03:09:29 2013	(r259286)
@@ -119,7 +119,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_
     while(dol > 0) {
 	size_t tsize;
 
-	_gsskrb5_encode_om_uint32(num, input.data);
+	_gsskrb5_encode_be_om_uint32(num, input.data);
 
 	ret = krb5_crypto_prf(context, crypto, &input, &output);
 	if (ret) {
@@ -133,7 +133,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_
 
 	tsize = min(dol, output.length);
 	memcpy(p, output.data, tsize);
-	p += output.length;
+	p += tsize;
 	dol -= tsize;
 	krb5_data_free(&output);
 	num++;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312130309.rBD39TTm016016>