[11901] in Kerberos-V5-bugs
[krbdev.mit.edu #6869] SVN Commit
daemon@ATHENA.MIT.EDU (Tom Yu via RT)
Fri Feb 18 23:34:15 2011
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Tom Yu via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6869@krbdev.mit.edu>
Message-ID: <rt-6869-33813.5.76807355119193@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6869'":;"'AdminCc of krbdev.mit.edu Ticket #6869'":;@MIT.EDU
Date: Fri, 18 Feb 2011 23:34:12 -0500 (EST)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
pull up r24639, r24641 from trunk
------------------------------------------------------------------------
r24641 | ghudson | 2011-02-18 07:06:57 -0800 (Fri, 18 Feb 2011) | 7 lines
ticket: 6869
Fix a conceptual bug in r24639: the intermediate key container length
should be the hash's output size, not its block size. (The bug did
not show up in testing because it is harmless in practice; MD5 has a
larger block size than output size.)
------------------------------------------------------------------------
r24639 | ghudson | 2011-02-16 14:52:41 -0800 (Wed, 16 Feb 2011) | 11 lines
ticket: 6869
subject: hmac-md5 checksum doesn't work with DES keys
target_version: 1.9
tags: pullup
krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC.
The container for this key should be allocated using the HMAC output
size (which is the hash blocksize), not the original key size. This
bug was causing the function to fail with DES keys, which can be used
with hmac-md5 in PAC signatures.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24643
Commit By: tlyu
Revision: 24643
Changed Files:
U branches/krb5-1-9/src/lib/crypto/krb/checksum/hmac_md5.c
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
