From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 16 Feb 2011 22:52:41 +0000 (+0000)
Subject: hmac-md5 checksum doesn't work with DES keys
X-Git-Tag: krb5-1.10-alpha1~589
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6d931b7ce12ea2082b0f2fdb53c6b43fed93cfb2;p=thirdparty%2Fkrb5.git

hmac-md5 checksum doesn't work with DES keys

krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC.
The container for this key should be allocated using the HMAC output
size (which is the hash blocksize), not the original key size.  This
bug was causing the function to fail with DES keys, which can be used
with hmac-md5 in PAC signatures.

ticket: 6869
target_version: 1.9
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24639 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/krb/checksum/hmac_md5.c b/src/lib/crypto/krb/checksum/hmac_md5.c
index 48129075d0..f0ec604792 100644
--- a/src/lib/crypto/krb/checksum/hmac_md5.c
+++ b/src/lib/crypto/krb/checksum/hmac_md5.c
@@ -52,7 +52,7 @@ krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
         return KRB5_BAD_ENCTYPE;
     if (ctp->ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) {
 	/* Compute HMAC(key, "signaturekey\0") to get the signing key ks. */
-	ret = alloc_data(&ds, key->keyblock.length);
+        ret = alloc_data(&ds, ctp->hash->blocksize);
 	if (ret != 0)
 	    goto cleanup;