Fix intermediate key length in hmac-md5 checksum

pull up r25418 from trunk

 ------------------------------------------------------------------------
 r25418 | ghudson | 2011-10-28 11:45:03 -0400 (Fri, 28 Oct 2011) | 9 lines

 ticket: 6994
 subject: Fix intermediate key length in hmac-md5 checksum
 target_version: 1.10
 tags: pullup

 When using hmac-md5, the intermediate key length is the output of the
 hash function (128 bits), not the input key length.  Relevant if the
 input key is not an RC4 key.

ticket: 7007
version_fixed: 1.9.3
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@25459 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/krb/checksum/hmac_md5.c b/src/lib/crypto/krb/checksum/hmac_md5.c
index 784b746f52dc1257e20d51797ccd7180985926d3..bca2063fb8d0cb113a3c1d4e5803b01f7fb578e8 100644 (file)
--- a/src/lib/crypto/krb/checksum/hmac_md5.c
+++ b/src/lib/crypto/krb/checksum/hmac_md5.c
@@ -61,7 +61,7 @@ krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
        ret = krb5int_hmac(ctp->hash, key, &iov, 1, &ds);
        if (ret)
            goto cleanup;
-       ks.length = key->keyblock.length;
+        ks.length = ds.length;
        ks.contents = (krb5_octet *) ds.data;
        keyblock = &ks;
     } else  /* For md5-hmac, just use the key. */