summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--UPDATING11
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/prf.c4
-rw-r--r--sys/sys/param.h2
3 files changed, 14 insertions, 3 deletions
diff --git a/UPDATING b/UPDATING
index e3fd236..cee1817 100644
--- a/UPDATING
+++ b/UPDATING
@@ -16,6 +16,17 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20131216:
+ The behavior of gss_pseudo_random() for the krb5 mechanism
+ has changed, for applications requesting a longer random string
+ than produced by the underlying enctype's pseudo-random() function.
+ In particular, the random string produced from a session key of
+ enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
+ be different at the 17th octet and later, after this change.
+ The counter used in the PRF+ construction is now encoded as a
+ big-endian integer in accordance with RFC 4402.
+ __FreeBSD_version is bumped to 1000701.
+
20131031:
The default version of mtree is nmtree which is obtained from
NetBSD. The output is generally the same, but may vary
diff --git a/crypto/heimdal/lib/gssapi/krb5/prf.c b/crypto/heimdal/lib/gssapi/krb5/prf.c
index 162a309..671ab2c 100644
--- a/crypto/heimdal/lib/gssapi/krb5/prf.c
+++ b/crypto/heimdal/lib/gssapi/krb5/prf.c
@@ -119,7 +119,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
while(dol > 0) {
size_t tsize;
- _gsskrb5_encode_om_uint32(num, input.data);
+ _gsskrb5_encode_be_om_uint32(num, input.data);
ret = krb5_crypto_prf(context, crypto, &input, &output);
if (ret) {
@@ -133,7 +133,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
tsize = min(dol, output.length);
memcpy(p, output.data, tsize);
- p += output.length;
+ p += tsize;
dol -= tsize;
krb5_data_free(&output);
num++;
diff --git a/sys/sys/param.h b/sys/sys/param.h
index 2c7bcb0..6adce3b 100644
--- a/sys/sys/param.h
+++ b/sys/sys/param.h
@@ -58,7 +58,7 @@
* in the range 5 to 9.
*/
#undef __FreeBSD_version
-#define __FreeBSD_version 1000700 /* Master, propagated to newvers */
+#define __FreeBSD_version 1000701 /* Master, propagated to newvers */
/*
* __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,
OpenPOWER on IntegriCloud