svn commit: r259449 - in stable/8: . crypto/heimdal/lib/gssapi/krb5 sys/sys
Benjamin Kaduk
bjk at freebsd.org
Mon Dec 16 03:48:53 UTC 2013
On Sun, 15 Dec 2013, Glen Barber wrote:
> On Mon, Dec 16, 2013 at 02:30:57AM +0000, Benjamin Kaduk wrote:
>> Author: bjk (doc committer)
>> Date: Mon Dec 16 02:30:56 2013
>> New Revision: 259449
>> URL: http://svnweb.freebsd.org/changeset/base/259449
>>
>> Log:
>> MFC r259286,259424,259425:
>> Apply patch from upstream Heimdal for encoding fix
>>
>> RFC 4402 specifies the implementation of the gss_pseudo_random()
>> function for the krb5 mechanism (and the C bindings therein).
>> The implementation uses a PRF+ function that concatenates the output
>> of individual krb5 pseudo-random operations produced with a counter
>> and seed. The original implementation of this function in Heimdal
>> incorrectly encoded the counter as a little-endian integer, but the
>> RFC specifies the counter encoding as big-endian. The implementation
>> initializes the counter to zero, so the first block of output (16 octets,
>> for the modern AES enctypes 17 and 18) is unchanged. (RFC 4402 specifies
>> that the counter should begin at 1, but both existing implementations
>> begin with zero and it looks like the standard will be re-issued, with
>> test vectors, to begin at zero.)
>>
>
> This breaks stable/8 build.
Looking...
-Ben
More information about the svn-src-stable
mailing list