dovecot: SMD5 scheme was broken, it was using SHA1 constants.
dovecot at dovecot.org
dovecot at dovecot.org
Sat Jun 16 03:45:12 EEST 2007
details: http://hg.dovecot.org/dovecot/rev/f71e234d72e4
changeset: 5757:f71e234d72e4
user: Timo Sirainen <tss at iki.fi>
date: Sat Jun 16 03:45:09 2007 +0300
description:
SMD5 scheme was broken, it was using SHA1 constants.
diffstat:
1 file changed, 3 insertions(+), 3 deletions(-)
src/auth/password-scheme.c | 6 +++---
diffs (23 lines):
diff -r 69a95671da35 -r f71e234d72e4 src/auth/password-scheme.c
--- a/src/auth/password-scheme.c Sat Jun 16 01:38:33 2007 +0300
+++ b/src/auth/password-scheme.c Sat Jun 16 03:45:09 2007 +0300
@@ -371,8 +371,8 @@ smd5_generate(const char *plaintext, con
unsigned char *digest, *salt;
struct md5_context ctx;
- digest = t_malloc(SHA1_RESULTLEN + SSHA_SALT_LEN);
- salt = digest + SHA1_RESULTLEN;
+ digest = t_malloc(MD5_RESULTLEN + SMD5_SALT_LEN);
+ salt = digest + MD5_RESULTLEN;
random_fill(salt, SMD5_SALT_LEN);
md5_init(&ctx);
@@ -381,7 +381,7 @@ smd5_generate(const char *plaintext, con
md5_final(&ctx, digest);
*raw_password_r = digest;
- *size_r = SHA1_RESULTLEN + SSHA_SALT_LEN;
+ *size_r = MD5_RESULTLEN + SMD5_SALT_LEN;
}
static bool smd5_verify(const char *plaintext, const char *user,
More information about the dovecot-cvs
mailing list