Fix a conceptual bug in r24639: the intermediate key container length
authorGreg Hudson <ghudson@mit.edu>
Fri, 18 Feb 2011 15:06:57 +0000 (15:06 +0000)
committerGreg Hudson <ghudson@mit.edu>
Fri, 18 Feb 2011 15:06:57 +0000 (15:06 +0000)
should be the hash's output size, not its block size.  (The bug did
not show up in testing because it is harmless in practice; MD5 has a
larger block size than output size.)

ticket: 6869

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24641 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/crypto/krb/checksum/hmac_md5.c

index f0ec6047925a7b257de00a70998da48e5db382cd..784b746f52dc1257e20d51797ccd7180985926d3 100644 (file)
@@ -52,7 +52,7 @@ krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
         return KRB5_BAD_ENCTYPE;
     if (ctp->ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) {
        /* Compute HMAC(key, "signaturekey\0") to get the signing key ks. */
-        ret = alloc_data(&ds, ctp->hash->blocksize);
+        ret = alloc_data(&ds, ctp->hash->hashsize);
        if (ret != 0)
            goto cleanup;