Re: svn commit: r259449 - in stable/8: . crypto/heimdal/lib/gssapi/krb5 sys/sys

[Benjamin Kaduk]

On Sun, 15 Dec 2013, Benjamin Kaduk wrote:

On Mon, 16 Dec 2013, Hiroki Sato wrote:
Benjamin Kaduk <b...@freebsd.org> wrote
 in <alpine.gso.1.10.1312152248100.27...@multics.mit.edu>:

bj> On Sun, 15 Dec 2013, Glen Barber wrote:
bj>
bj> > On Mon, Dec 16, 2013 at 02:30:57AM +0000, Benjamin Kaduk wrote:
bj> >> Author: bjk (doc committer)
bj> >> Date: Mon Dec 16 02:30:56 2013
bj> >> New Revision: 259449
bj> >> URL: http://svnweb.freebsd.org/changeset/base/259449
bj> >>
bj> >> Log:
bj> >>   MFC r259286,259424,259425:
bj> >>     Apply patch from upstream Heimdal for encoding fix
bj> >>
bj> >>     RFC 4402 specifies the implementation of the gss_pseudo_random()
bj> >>     function for the krb5 mechanism (and the C bindings therein).
bj> >>     The implementation uses a PRF+ function that concatenates the 
output
bj> >>     of individual krb5 pseudo-random operations produced with a 
counter
bj> >>     and seed.  The original implementation of this function in 
Heimdal
bj> >>     incorrectly encoded the counter as a little-endian integer, but 
the
bj> >>     RFC specifies the counter encoding as big-endian.  The 
implementation
bj> >>     initializes the counter to zero, so the first block of output 
(16
bj> >>     octets,
bj> >>     for the modern AES enctypes 17 and 18) is unchanged.  (RFC 4402
bj> >>     specifies
bj> >>     that the counter should begin at 1, but both existing 
implementations
bj> >>     begin with zero and it looks like the standard will be 
re-issued, with
bj> >>     test vectors, to begin at zero.)
bj> >>
bj> >
bj> > This breaks stable/8 build.
bj>
bj> Looking...

It seems tsize = min(desired_output_len, output.length) and
/output.length/tsize/ just after the p+= line are missing for
stable/9 and /8.

Yes, a difference between heimdal 1.1 and 1.5.1.  I was not happy that Nico 
put an unrelated change in the bug fix, but for head it is best to take 
upstream's patch as-is, to avoid causing conflicts for future imports.

The fix is just to revert the unrelated hunk of the patch to prf.c.

Committed in r259451 and r259452.

Sorry for the breakage, and thanks for the prompt report.
I guess my eyes failed to differentiate between "Heimdal 1.1" and "Heimdal 
1.5.1" while looking at the logs deciding whether the merge was necessary.

-Ben
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"