Add an UPDATING entry for the gss_pseudo_random behavior change

Approved by: hrs (mentor, src committer)
author: bjk <bjk@FreeBSD.org> 2013-12-15 19:18:18 +0000
committer: bjk <bjk@FreeBSD.org> 2013-12-15 19:18:18 +0000
commit: 7e319869c921d672f2bef2117037ca005d90552c (patch)
tree: 98fdb3915fbf93f614924a1b096b5dd0ca1ddeed /UPDATING
parent: d35f2b1b07f1ed5c5514ec399f758effa8d2da06 (diff)
download: FreeBSD-src-7e319869c921d672f2bef2117037ca005d90552c.zip
FreeBSD-src-7e319869c921d672f2bef2117037ca005d90552c.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/UPDATING b/UPDATING
index c734d06..040492d 100644
--- a/UPDATING
+++ b/UPDATING
@@ -31,6 +31,17 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20131213:
+	The behavior of gss_pseudo_random() for the krb5 mechanism
+	has changed, for applications requesting a longer random string
+	than produced by the underlying enctype's pseudo-random() function.
+	In particular, the random string produced from a session key of
+	enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
+	be different at the 17th octet and later, after this change.
+	The counter used in the PRF+ construction is now encoded as a
+	big-endian integer in accordance with RFC 4402.
+	__FreeBSD_version is bumped to 1100004.
+
 20131108:
 	The WITHOUT_ATF build knob has been removed and its functionality
 	has been subsumed into the more generic WITHOUT_TESTS.  If you were
author	bjk <bjk@FreeBSD.org>	2013-12-15 19:18:18 +0000
committer	bjk <bjk@FreeBSD.org>	2013-12-15 19:18:18 +0000
commit	7e319869c921d672f2bef2117037ca005d90552c (patch)
tree	98fdb3915fbf93f614924a1b096b5dd0ca1ddeed /UPDATING
parent	d35f2b1b07f1ed5c5514ec399f758effa8d2da06 (diff)
download	FreeBSD-src-7e319869c921d672f2bef2117037ca005d90552c.zip FreeBSD-src-7e319869c921d672f2bef2117037ca005d90552c.tar.gz