Fix intermediate key length in hmac-md5 checksum
authorGreg Hudson <ghudson@mit.edu>
Fri, 28 Oct 2011 15:45:03 +0000 (15:45 +0000)
committerGreg Hudson <ghudson@mit.edu>
Fri, 28 Oct 2011 15:45:03 +0000 (15:45 +0000)
When using hmac-md5, the intermediate key length is the output of the
hash function (128 bits), not the input key length.  Relevant if the
input key is not an RC4 key.

ticket: 6994
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25418 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/crypto/krb/checksum_hmac_md5.c

index 6c5f6175de7e49637bd63d850ee0adf1156a8fc4..8145875ba9278348d3f2f141366b9d6cd52e1c29 100644 (file)
@@ -59,7 +59,7 @@ krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
         ret = krb5int_hmac(ctp->hash, key, &iov, 1, &ds);
         if (ret)
             goto cleanup;
-        ks.length = key->keyblock.length;
+        ks.length = ds.length;
         ks.contents = (krb5_octet *) ds.data;
         keyblock = &ks;
     } else  /* For md5-hmac, just use the key. */