pull up r25418 from trunk

 ------------------------------------------------------------------------
 r25418 | ghudson | 2011-10-28 11:45:03 -0400 (Fri, 28 Oct 2011) | 9 lines

 ticket: 6994
 subject: Fix intermediate key length in hmac-md5 checksum
 target_version: 1.10
 tags: pullup

 When using hmac-md5, the intermediate key length is the output of the
 hash function (128 bits), not the input key length.  Relevant if the
 input key is not an RC4 key.

ticket: 6994
version_fixed: 1.10
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-10@25449 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/krb/checksum_hmac_md5.c b/src/lib/crypto/krb/checksum_hmac_md5.c
index 6c5f6175de7e49637bd63d850ee0adf1156a8fc4..8145875ba9278348d3f2f141366b9d6cd52e1c29 100644 (file)
--- a/src/lib/crypto/krb/checksum_hmac_md5.c
+++ b/src/lib/crypto/krb/checksum_hmac_md5.c
@@ -59,7 +59,7 @@ krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
         ret = krb5int_hmac(ctp->hash, key, &iov, 1, &ds);
         if (ret)
             goto cleanup;
-        ks.length = key->keyblock.length;
+        ks.length = ds.length;
         ks.contents = (krb5_octet *) ds.data;
         keyblock = &ks;
     } else  /* For md5-hmac, just use the key. */