diff options
author | Andreas Schneider <asn@samba.org> | 2019-05-15 08:33:18 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-05-21 00:03:22 +0000 |
commit | 6aa30669a1825333a4ad985ce331fd9e2b7fe9da (patch) | |
tree | 5b0abb3b2e56e8ba329a1c6708ab3f3b388c20eb /auth | |
parent | 71926c6e4fea2123265e44e29d1e9d446299c80b (diff) | |
download | samba-6aa30669a1825333a4ad985ce331fd9e2b7fe9da.tar.gz |
auth:gensec: Use GnuTLS HMAC MD5 and MD5 in netsec_do_sign()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/schannel.c | 60 |
1 files changed, 49 insertions, 11 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index 5c1afa8810b..7a15e17a9c6 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -321,32 +321,70 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state, } else { uint8_t packet_digest[16]; static const uint8_t zeros[4]; - MD5_CTX ctx; + gnutls_hash_hd_t hash_hnd = NULL; + int rc; - MD5Init(&ctx); - MD5Update(&ctx, zeros, 4); + rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + if (rc < 0) { + if (rc == GNUTLS_E_UNWANTED_ALGORITHM) { + return NT_STATUS_HASH_NOT_SUPPORTED; + } + return NT_STATUS_NO_MEMORY; + } + + rc = gnutls_hash(hash_hnd, zeros, sizeof(zeros)); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return NT_STATUS_INTERNAL_ERROR; + } if (confounder) { SSVAL(header, 0, NL_SIGN_HMAC_MD5); SSVAL(header, 2, NL_SEAL_RC4); SSVAL(header, 4, 0xFFFF); SSVAL(header, 6, 0x0000); - MD5Update(&ctx, header, 8); - MD5Update(&ctx, confounder, 8); + rc = gnutls_hash(hash_hnd, header, 8); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return NT_STATUS_INTERNAL_ERROR; + } + rc = gnutls_hash(hash_hnd, confounder, 8); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return NT_STATUS_INTERNAL_ERROR; + } } else { SSVAL(header, 0, NL_SIGN_HMAC_MD5); SSVAL(header, 2, NL_SEAL_NONE); SSVAL(header, 4, 0xFFFF); SSVAL(header, 6, 0x0000); - MD5Update(&ctx, header, 8); + rc = gnutls_hash(hash_hnd, header, 8); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return NT_STATUS_INTERNAL_ERROR; + } + } + rc = gnutls_hash(hash_hnd, data, length); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return NT_STATUS_INTERNAL_ERROR; } - MD5Update(&ctx, data, length); - MD5Final(packet_digest, &ctx); + gnutls_hash_deinit(hash_hnd, packet_digest); - hmac_md5(state->creds->session_key, - packet_digest, sizeof(packet_digest), - checksum); + rc = gnutls_hmac_fast(GNUTLS_MAC_MD5, + state->creds->session_key, + sizeof(state->creds->session_key), + packet_digest, + sizeof(packet_digest), + checksum); + ZERO_ARRAY(packet_digest); + if (rc < 0) { + if (rc == GNUTLS_E_UNWANTED_ALGORITHM) { + return NT_STATUS_HASH_NOT_SUPPORTED; + } + return NT_STATUS_INTERNAL_ERROR; + } } return NT_STATUS_OK; |