Re: svn commit: r259449 - in stable/8: . crypto/heimdal/lib/gssapi/krb5 sys/sys

Sun, 15 Dec 2013 20:16:51 -0800 

On Mon, 16 Dec 2013, Hiroki Sato wrote:


Benjamin Kaduk <b...@freebsd.org> wrote
 in <alpine.gso.1.10.1312152248100.27...@multics.mit.edu>:

bj> On Sun, 15 Dec 2013, Glen Barber wrote:
bj>
bj> > On Mon, Dec 16, 2013 at 02:30:57AM +0000, Benjamin Kaduk wrote:
bj> >> Author: bjk (doc committer)
bj> >> Date: Mon Dec 16 02:30:56 2013
bj> >> New Revision: 259449
bj> >> URL: http://svnweb.freebsd.org/changeset/base/259449
bj> >>
bj> >> Log:
bj> >>   MFC r259286,259424,259425:
bj> >>     Apply patch from upstream Heimdal for encoding fix
bj> >>
bj> >>     RFC 4402 specifies the implementation of the gss_pseudo_random()
bj> >>     function for the krb5 mechanism (and the C bindings therein).
bj> >>     The implementation uses a PRF+ function that concatenates the output
bj> >>     of individual krb5 pseudo-random operations produced with a counter
bj> >>     and seed.  The original implementation of this function in Heimdal
bj> >>     incorrectly encoded the counter as a little-endian integer, but the
bj> >>     RFC specifies the counter encoding as big-endian.  The implementation
bj> >>     initializes the counter to zero, so the first block of output (16
bj> >>     octets,
bj> >>     for the modern AES enctypes 17 and 18) is unchanged.  (RFC 4402
bj> >>     specifies
bj> >>     that the counter should begin at 1, but both existing implementations
bj> >>     begin with zero and it looks like the standard will be re-issued, 
with
bj> >>     test vectors, to begin at zero.)
bj> >>
bj> >
bj> > This breaks stable/8 build.
bj>
bj> Looking...

It seems tsize = min(desired_output_len, output.length) and
/output.length/tsize/ just after the p+= line are missing for
stable/9 and /8.
Yes, a difference between heimdal 1.1 and 1.5.1. I was not happy that Nico put an unrelated change in the bug fix, but for head it is best to take upstream's patch as-is, to avoid causing conflicts for future imports. 

The fix is just to revert the unrelated hunk of the patch to prf.c.

-Ben
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to