From 71926c6e4fea2123265e44e29d1e9d446299c80b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 May 2019 08:32:58 +0200
Subject: auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 auth/gensec/schannel.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

(limited to 'auth/gensec/schannel.c')

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index c25232aab37..5c1afa8810b 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -224,17 +224,39 @@ static void netsec_do_seal(struct schannel_state *state,
 		static const uint8_t zeros[4];
 		uint8_t digest2[16];
 		uint8_t sess_kf0[16];
+		int rc;
 		int i;
 
 		for (i = 0; i < 16; i++) {
 			sess_kf0[i] = state->creds->session_key[i] ^ 0xf0;
 		}
 
-		hmac_md5(sess_kf0, zeros, 4, digest2);
-		hmac_md5(digest2, seq_num, 8, sealing_key);
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      sess_kf0,
+				      sizeof(sess_kf0),
+				      zeros,
+				      4,
+				      digest2);
+		if (rc < 0) {
+			ZERO_ARRAY(digest2);
+			return;
+		}
+
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      digest2,
+				      sizeof(digest2),
+				      seq_num,
+				      8,
+				      sealing_key);
+		ZERO_ARRAY(digest2);
+		if (rc < 0) {
+			return;
+		}
 
 		arcfour_crypt(confounder, sealing_key, 8);
 		arcfour_crypt(data, sealing_key, length);
+
+		ZERO_ARRAY(sealing_key);
 	}
 }
 
-- 
cgit v1.2.1