Date: Mon, 16 Dec 2013 13:00:52 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: bjk@FreeBSD.org Cc: gjb@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org, svn-src-stable-8@FreeBSD.org, svn-src-stable@FreeBSD.org Subject: Re: svn commit: r259449 - in stable/8: . crypto/heimdal/lib/gssapi/krb5 sys/sys Message-ID: <20131216.130052.128049839311409145.hrs@allbsd.org> In-Reply-To: <alpine.GSO.1.10.1312152248100.27579@multics.mit.edu> References: <201312160230.rBG2UvH5008664@svn.freebsd.org> <20131216034043.GK1446@glenbarber.us> <alpine.GSO.1.10.1312152248100.27579@multics.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Mon_Dec_16_13_00_52_2013_160)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Benjamin Kaduk <bjk@FreeBSD.org> wrote in <alpine.GSO.1.10.1312152248100.27579@multics.mit.edu>: bj> On Sun, 15 Dec 2013, Glen Barber wrote: bj> bj> > On Mon, Dec 16, 2013 at 02:30:57AM +0000, Benjamin Kaduk wrote: bj> >> Author: bjk (doc committer) bj> >> Date: Mon Dec 16 02:30:56 2013 bj> >> New Revision: 259449 bj> >> URL: http://svnweb.freebsd.org/changeset/base/259449 bj> >> bj> >> Log: bj> >> MFC r259286,259424,259425: bj> >> Apply patch from upstream Heimdal for encoding fix bj> >> bj> >> RFC 4402 specifies the implementation of the gss_pseudo_random() bj> >> function for the krb5 mechanism (and the C bindings therein). bj> >> The implementation uses a PRF+ function that concatenates the output bj> >> of individual krb5 pseudo-random operations produced with a counter bj> >> and seed. The original implementation of this function in Heimdal bj> >> incorrectly encoded the counter as a little-endian integer, but the bj> >> RFC specifies the counter encoding as big-endian. The implementation bj> >> initializes the counter to zero, so the first block of output (16 bj> >> octets, bj> >> for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 bj> >> specifies bj> >> that the counter should begin at 1, but both existing implementations bj> >> begin with zero and it looks like the standard will be re-issued, with bj> >> test vectors, to begin at zero.) bj> >> bj> > bj> > This breaks stable/8 build. bj> bj> Looking... It seems tsize = min(desired_output_len, output.length) and /output.length/tsize/ just after the p+= line are missing for stable/9 and /8. -- Hiroki ----Security_Multipart(Mon_Dec_16_13_00_52_2013_160)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (FreeBSD) iEYEABECAAYFAlKuevQACgkQTyzT2CeTzy3rUwCcD/fYpZHzXBhncLeRiV9a3D11 yjQAn1zP4JtqBMdibYjtE51yYzAkzfuh =YZOy -----END PGP SIGNATURE----- ----Security_Multipart(Mon_Dec_16_13_00_52_2013_160)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131216.130052.128049839311409145.hrs>