From: Greg Hudson Date: Fri, 18 Feb 2011 15:06:57 +0000 (+0000) Subject: Fix a conceptual bug in r24639: the intermediate key container length X-Git-Tag: krb5-1.10-alpha1~587 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=5f0f1d3160f729a0876e6c24a32aa448089fd461;p=krb5.git Fix a conceptual bug in r24639: the intermediate key container length should be the hash's output size, not its block size. (The bug did not show up in testing because it is harmless in practice; MD5 has a larger block size than output size.) ticket: 6869 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24641 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/krb/checksum/hmac_md5.c b/src/lib/crypto/krb/checksum/hmac_md5.c index f0ec60479..784b746f5 100644 --- a/src/lib/crypto/krb/checksum/hmac_md5.c +++ b/src/lib/crypto/krb/checksum/hmac_md5.c @@ -52,7 +52,7 @@ krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp, return KRB5_BAD_ENCTYPE; if (ctp->ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) { /* Compute HMAC(key, "signaturekey\0") to get the signing key ks. */ - ret = alloc_data(&ds, ctp->hash->blocksize); + ret = alloc_data(&ds, ctp->hash->hashsize); if (ret != 0) goto cleanup;