In draft -07, PRF will be untruncated HMAC

heimdal · Nov 27, 2015 · 2a34fa2 · 2a34fa2
1 parent 280176e
commit 2a34fa2
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/lib/krb5/crypto-aes-sha2.c b/lib/krb5/crypto-aes-sha2.c
@@ -138,7 +138,6 @@ AES_SHA2_PRF(krb5_context context,
     krb5_error_code ret;
     struct _krb5_key_data kd;
     struct _krb5_checksum_type *ct;
-    struct _krb5_key_type *kt;
     Checksum result;
 
     kd.key = NULL;
@@ -150,10 +149,9 @@ AES_SHA2_PRF(krb5_context context,
 	return ret;
 
     ct = crypto->et->keyed_checksum;
-    kt = crypto->et->keytype;
 
-    /* PRF is truncated to key length, not default checksum length */
-    ret = krb5_data_alloc(&result.checksum, kt->size);
+    /* PRF is untruncated (double length) HMAC */
+    ret = krb5_data_alloc(&result.checksum, 2 * ct->checksumsize);
     if (ret) {
 	krb5_free_keyblock(context, kd.key);
 	return ret;