summaryrefslogtreecommitdiff
path: root/auth
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2019-05-15 08:32:58 +0200
committerAndrew Bartlett <abartlet@samba.org>2019-05-21 00:03:21 +0000
commit71926c6e4fea2123265e44e29d1e9d446299c80b (patch)
treec4464b91a0f28f1f63ca9026d812ee005a403034 /auth
parent6b413dab0b407610c43e6294a0bea66243bd6c78 (diff)
downloadsamba-71926c6e4fea2123265e44e29d1e9d446299c80b.tar.gz
auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r--auth/gensec/schannel.c26
1 files changed, 24 insertions, 2 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index c25232aab37..5c1afa8810b 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -224,17 +224,39 @@ static void netsec_do_seal(struct schannel_state *state,
static const uint8_t zeros[4];
uint8_t digest2[16];
uint8_t sess_kf0[16];
+ int rc;
int i;
for (i = 0; i < 16; i++) {
sess_kf0[i] = state->creds->session_key[i] ^ 0xf0;
}
- hmac_md5(sess_kf0, zeros, 4, digest2);
- hmac_md5(digest2, seq_num, 8, sealing_key);
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ sess_kf0,
+ sizeof(sess_kf0),
+ zeros,
+ 4,
+ digest2);
+ if (rc < 0) {
+ ZERO_ARRAY(digest2);
+ return;
+ }
+
+ rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+ digest2,
+ sizeof(digest2),
+ seq_num,
+ 8,
+ sealing_key);
+ ZERO_ARRAY(digest2);
+ if (rc < 0) {
+ return;
+ }
arcfour_crypt(confounder, sealing_key, 8);
arcfour_crypt(data, sealing_key, length);
+
+ ZERO_ARRAY(sealing_key);
}
}