[OpenAFS-devel] Re: rxgk updates
Benjamin Kaduk
kaduk@MIT.EDU
Wed, 11 Dec 2013 16:44:49 -0500 (EST)
On Tue, 10 Dec 2013, Benjamin Kaduk wrote:
> have not yet done so). I have only tested with MIT krb5's gssapi library;
> reports from people building against heimdal will be useful. (The system
> heimdal on my mac is too old to have gss_pseudo_random(), alas.)
Well, maybe "too old" is not quite right, but "too weird to have a usable
gss_pseudo_random()", perhaps.
My FreeBSD machine does have a gss_pseudo_random() that can be coaxed into
working, though. Their gssapi.h for some reason does not define the
GSS_C_PRF_KEY_{FULL,PARTIAL} macros though it does have the function's
prototype. It also encodes the counter with the wrong endianness for its
PRF+, so aes256-cts-hmac-sha1-96 keys don't work, but
aes128-cts-hmac-sha1-96 keys do.
Buildbot points out that my final testing was done without -Wall, so there
are some unused variables and such that break (e.g.) the debian and suse
builds. Future patchsets will address that; the fedora buildbot did build
things okay, though.
-Ben