auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seq_num()

Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Andreas Schneider <asn@samba.org> 2019-05-15 08:32:24 +0200
committer: Andrew Bartlett <abartlet@samba.org> 2019-05-21 00:03:21 +0000
commit: 6b413dab0b407610c43e6294a0bea66243bd6c78 (patch)
tree: 18460511b8eaad4646580997f59e236e2f5464db /auth/gensec/schannel.c
parent: d3ea318ba0e54d8391626e827d7c34c686accdba (diff)
download: samba-6b413dab0b407610c43e6294a0bea66243bd6c78.tar.gz
1 files changed, 25 insertions, 2 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 7fb18566dd7..c25232aab37 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -159,10 +159,33 @@ static void netsec_do_seq_num(struct schannel_state *state,
 		static const uint8_t zeros[4];
 		uint8_t sequence_key[16];
 		uint8_t digest1[16];
+		int rc;
+
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      state->creds->session_key,
+				      sizeof(state->creds->session_key),
+				      zeros,
+				      sizeof(zeros),
+				      digest1);
+		if (rc < 0) {
+			return;
+		}
+
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      digest1,
+				      sizeof(digest1),
+				      checksum,
+				      checksum_length,
+				      sequence_key);
+		if (rc < 0) {
+			return;
+		}
+
+		ZERO_ARRAY(digest1);
 
-		hmac_md5(state->creds->session_key, zeros, sizeof(zeros), digest1);
-		hmac_md5(digest1, checksum, checksum_length, sequence_key);
 		arcfour_crypt(seq_num, sequence_key, 8);
+
+		ZERO_ARRAY(sequence_key);
 	}
 
 	state->seq_num++;
author	Andreas Schneider <asn@samba.org>	2019-05-15 08:32:24 +0200
committer	Andrew Bartlett <abartlet@samba.org>	2019-05-21 00:03:21 +0000
commit	6b413dab0b407610c43e6294a0bea66243bd6c78 (patch)
tree	18460511b8eaad4646580997f59e236e2f5464db /auth/gensec/schannel.c
parent	d3ea318ba0e54d8391626e827d7c34c686accdba (diff)
download	samba-6b413dab0b407610c43e6294a0bea66243bd6c78.tar.gz