From 6d931b7ce12ea2082b0f2fdb53c6b43fed93cfb2 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 16 Feb 2011 22:52:41 +0000 Subject: [PATCH] hmac-md5 checksum doesn't work with DES keys krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC. The container for this key should be allocated using the HMAC output size (which is the hash blocksize), not the original key size. This bug was causing the function to fail with DES keys, which can be used with hmac-md5 in PAC signatures. ticket: 6869 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24639 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/krb/checksum/hmac_md5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/crypto/krb/checksum/hmac_md5.c b/src/lib/crypto/krb/checksum/hmac_md5.c index 48129075d..f0ec60479 100644 --- a/src/lib/crypto/krb/checksum/hmac_md5.c +++ b/src/lib/crypto/krb/checksum/hmac_md5.c @@ -52,7 +52,7 @@ krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp, return KRB5_BAD_ENCTYPE; if (ctp->ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) { /* Compute HMAC(key, "signaturekey\0") to get the signing key ks. */ - ret = alloc_data(&ds, key->keyblock.length); + ret = alloc_data(&ds, ctp->hash->blocksize); if (ret != 0) goto cleanup; -- 2.26.2