diff options
-rw-r--r-- | UPDATING | 11 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/krb5/prf.c | 4 | ||||
-rw-r--r-- | sys/sys/param.h | 2 |
3 files changed, 14 insertions, 3 deletions
@@ -16,6 +16,17 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20131216: + The behavior of gss_pseudo_random() for the krb5 mechanism + has changed, for applications requesting a longer random string + than produced by the underlying enctype's pseudo-random() function. + In particular, the random string produced from a session key of + enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will + be different at the 17th octet and later, after this change. + The counter used in the PRF+ construction is now encoded as a + big-endian integer in accordance with RFC 4402. + __FreeBSD_version is bumped to 1000701. + 20131031: The default version of mtree is nmtree which is obtained from NetBSD. The output is generally the same, but may vary diff --git a/crypto/heimdal/lib/gssapi/krb5/prf.c b/crypto/heimdal/lib/gssapi/krb5/prf.c index 162a309..671ab2c 100644 --- a/crypto/heimdal/lib/gssapi/krb5/prf.c +++ b/crypto/heimdal/lib/gssapi/krb5/prf.c @@ -119,7 +119,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, while(dol > 0) { size_t tsize; - _gsskrb5_encode_om_uint32(num, input.data); + _gsskrb5_encode_be_om_uint32(num, input.data); ret = krb5_crypto_prf(context, crypto, &input, &output); if (ret) { @@ -133,7 +133,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, tsize = min(dol, output.length); memcpy(p, output.data, tsize); - p += output.length; + p += tsize; dol -= tsize; krb5_data_free(&output); num++; diff --git a/sys/sys/param.h b/sys/sys/param.h index 2c7bcb0..6adce3b 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -58,7 +58,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1000700 /* Master, propagated to newvers */ +#define __FreeBSD_version 1000701 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, |