svn rev #24639: trunk/src/lib/crypto/krb/checksum/
ghudson@MIT.EDU
ghudson at MIT.EDU
Wed Feb 16 17:52:41 EST 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24639
Commit By: ghudson
Log Message:
ticket: 6869
subject: hmac-md5 checksum doesn't work with DES keys
target_version: 1.9
tags: pullup
krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC.
The container for this key should be allocated using the HMAC output
size (which is the hash blocksize), not the original key size. This
bug was causing the function to fail with DES keys, which can be used
with hmac-md5 in PAC signatures.
Changed Files:
U trunk/src/lib/crypto/krb/checksum/hmac_md5.c
Modified: trunk/src/lib/crypto/krb/checksum/hmac_md5.c
===================================================================
--- trunk/src/lib/crypto/krb/checksum/hmac_md5.c 2011-02-14 00:13:17 UTC (rev 24638)
+++ trunk/src/lib/crypto/krb/checksum/hmac_md5.c 2011-02-16 22:52:41 UTC (rev 24639)
@@ -52,7 +52,7 @@
return KRB5_BAD_ENCTYPE;
if (ctp->ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) {
/* Compute HMAC(key, "signaturekey\0") to get the signing key ks. */
- ret = alloc_data(&ds, key->keyblock.length);
+ ret = alloc_data(&ds, ctp->hash->blocksize);
if (ret != 0)
goto cleanup;
More information about the cvs-krb5
mailing list