diff options
| author | Andreas Schneider <asn@samba.org> | 2019-05-15 08:03:31 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2019-05-21 00:03:20 +0000 |
| commit | 2463d1111f2162d0c411b8c5cf6027f2499d5a48 (patch) | |
| tree | 21e6e787e442957babe284454d9b1579de1284a2 /libcli/auth/smbencrypt.c | |
| parent | 152cd8b42617690d9f589a1736ee15fa59ee8787 (diff) | |
| download | samba-2463d1111f2162d0c411b8c5cf6027f2499d5a48.tar.gz | |
libcli:auth: Use GnuTLS MD5 in encode_wkssvc_join_password_buffer()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli/auth/smbencrypt.c')
| -rw-r--r-- | libcli/auth/smbencrypt.c | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index c1ce65388f4..ca1d42b678d 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -906,11 +906,12 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, struct wkssvc_PasswordBuffer **pwd_buf) { uint8_t buffer[516]; - MD5_CTX ctx; + gnutls_hash_hd_t hash_hnd = NULL; struct wkssvc_PasswordBuffer *my_pwd_buf = NULL; DATA_BLOB confounded_session_key; int confounder_len = 8; uint8_t confounder[8]; + int rc; my_pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer); if (!my_pwd_buf) { @@ -923,19 +924,39 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, generate_random_buffer((uint8_t *)confounder, confounder_len); - MD5Init(&ctx); - MD5Update(&ctx, session_key->data, session_key->length); - MD5Update(&ctx, confounder, confounder_len); - MD5Final(confounded_session_key.data, &ctx); + GNUTLS_FIPS140_SET_LAX_MODE(); + + rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + if (rc < 0) { + goto out; + } + + rc = gnutls_hash(hash_hnd, session_key->data, session_key->length); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + goto out; + } + rc = gnutls_hash(hash_hnd, confounder, confounder_len); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + goto out; + } + gnutls_hash_deinit(hash_hnd, confounded_session_key.data); arcfour_crypt_blob(buffer, 516, &confounded_session_key); memcpy(&my_pwd_buf->data[0], confounder, confounder_len); + ZERO_ARRAY(confounder); memcpy(&my_pwd_buf->data[8], buffer, 516); + ZERO_ARRAY(buffer); - data_blob_free(&confounded_session_key); + data_blob_clear_free(&confounded_session_key); *pwd_buf = my_pwd_buf; + +out: + GNUTLS_FIPS140_SET_STRICT_MODE(); + return; } WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, |