From d3ea318ba0e54d8391626e827d7c34c686accdba Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 30 Oct 2018 16:56:54 +0100
Subject: auth:creds: Use GnuTLS MD5 in ntlm creds

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 auth/credentials/credentials_ntlm.c | 39 ++++++++++++++++++++++++++++++-------
 1 file changed, 32 insertions(+), 7 deletions(-)

(limited to 'auth')

diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index eed8924567a..fa632fdeda3 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -28,6 +28,9 @@
 #include "auth/credentials/credentials.h"
 #include "auth/credentials/credentials_internal.h"
 
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
@@ -152,10 +155,10 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
 			memset(lm_response.data, 0, lm_response.length);
 		}
 	} else if (*flags & CLI_CRED_NTLM2) {
-		MD5_CTX md5_session_nonce_ctx;
 		uint8_t session_nonce[16];
 		uint8_t session_nonce_hash[16];
 		uint8_t user_session_key[16];
+		int rc;
 
 		lm_response = data_blob_talloc_zero(frame, 24);
 		if (lm_response.data == NULL) {
@@ -167,10 +170,16 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
 		memcpy(session_nonce, challenge.data, 8);
 		memcpy(&session_nonce[8], lm_response.data, 8);
 
-		MD5Init(&md5_session_nonce_ctx);
-		MD5Update(&md5_session_nonce_ctx, session_nonce,
-			  sizeof(session_nonce));
-		MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
+		rc = gnutls_hash_fast(GNUTLS_DIG_MD5,
+				      session_nonce,
+				      sizeof(session_nonce),
+				      session_nonce_hash);
+		if (rc < 0) {
+			if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+				return NT_STATUS_NTLM_BLOCKED;
+			}
+			return NT_STATUS_INTERNAL_ERROR;
+		}
 
 		DEBUG(5, ("NTLMSSP challenge set by NTLM2\n"));
 		DEBUG(5, ("challenge is: \n"));
@@ -185,6 +194,8 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
 			      session_nonce_hash,
 			      nt_response.data);
 
+		ZERO_ARRAY(session_nonce_hash);
+
 		session_key = data_blob_talloc_zero(frame, 16);
 		if (session_key.data == NULL) {
 			TALLOC_FREE(frame);
@@ -192,8 +203,22 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
 		}
 
 		SMBsesskeygen_ntv1(nt_hash->hash, user_session_key);
-		hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data);
-		ZERO_STRUCT(user_session_key);
+
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      user_session_key,
+				      sizeof(user_session_key),
+				      session_nonce,
+				      sizeof(session_nonce),
+				      session_key.data);
+		if (rc < 0) {
+			if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
+				return NT_STATUS_NTLM_BLOCKED;
+			}
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+
+		ZERO_ARRAY(user_session_key);
+
 		dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
 
 		/* LM Key is incompatible... */
-- 
cgit v1.2.1