summaryrefslogtreecommitdiff
path: root/auth
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2019-05-15 08:32:24 +0200
committerAndrew Bartlett <abartlet@samba.org>2019-05-21 00:03:21 +0000
commit6b413dab0b407610c43e6294a0bea66243bd6c78 (patch)
tree18460511b8eaad4646580997f59e236e2f5464db /auth
parentd3ea318ba0e54d8391626e827d7c34c686accdba (diff)
downloadsamba-6b413dab0b407610c43e6294a0bea66243bd6c78.tar.gz
auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seq_num()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r--auth/gensec/schannel.c27
1 files changed, 25 insertions, 2 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 7fb18566dd7..c25232aab37 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -159,10 +159,33 @@ static void netsec_do_seq_num(struct schannel_state *state,
static const uint8_t zeros[4];
uint8_t sequence_key[16];
uint8_t digest1[16];
+ int rc;
+
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ state->creds->session_key,
+ sizeof(state->creds->session_key),
+ zeros,
+ sizeof(zeros),
+ digest1);
+ if (rc < 0) {
+ return;
+ }
+
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ digest1,
+ sizeof(digest1),
+ checksum,
+ checksum_length,
+ sequence_key);
+ if (rc < 0) {
+ return;
+ }
+
+ ZERO_ARRAY(digest1);
- hmac_md5(state->creds->session_key, zeros, sizeof(zeros), digest1);
- hmac_md5(digest1, checksum, checksum_length, sequence_key);
arcfour_crypt(seq_num, sequence_key, 8);
+
+ ZERO_ARRAY(sequence_key);
}
state->seq_num++;