diff options
author | Andreas Schneider <asn@samba.org> | 2019-05-15 08:32:58 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-05-21 00:03:21 +0000 |
commit | 71926c6e4fea2123265e44e29d1e9d446299c80b (patch) | |
tree | c4464b91a0f28f1f63ca9026d812ee005a403034 /auth | |
parent | 6b413dab0b407610c43e6294a0bea66243bd6c78 (diff) | |
download | samba-71926c6e4fea2123265e44e29d1e9d446299c80b.tar.gz |
auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/schannel.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index c25232aab37..5c1afa8810b 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -224,17 +224,39 @@ static void netsec_do_seal(struct schannel_state *state, static const uint8_t zeros[4]; uint8_t digest2[16]; uint8_t sess_kf0[16]; + int rc; int i; for (i = 0; i < 16; i++) { sess_kf0[i] = state->creds->session_key[i] ^ 0xf0; } - hmac_md5(sess_kf0, zeros, 4, digest2); - hmac_md5(digest2, seq_num, 8, sealing_key); + rc = gnutls_hmac_fast(GNUTLS_MAC_MD5, + sess_kf0, + sizeof(sess_kf0), + zeros, + 4, + digest2); + if (rc < 0) { + ZERO_ARRAY(digest2); + return; + } + + rc = gnutls_hmac_fast(GNUTLS_MAC_MD5, + digest2, + sizeof(digest2), + seq_num, + 8, + sealing_key); + ZERO_ARRAY(digest2); + if (rc < 0) { + return; + } arcfour_crypt(confounder, sealing_key, 8); arcfour_crypt(data, sealing_key, length); + + ZERO_ARRAY(sealing_key); } } |