From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 13 Jul 2022 02:20:59 +0000 (+1200)
Subject: CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4
X-Git-Tag: talloc-2.4.0~1090
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17b8d164f69a5ed79d9b7b7fc2f3f84f8ea534c8;p=thirdparty%2Fsamba.git

CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4

This lets us access MD4, which might not be available in hashlib, from
Python. This function is used in a following commit for hashing a
password to obtain the verifier for a SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/lib/crypto/py_crypto.c b/lib/crypto/py_crypto.c
index 6753d3d8e9c..40b0cb9e9c0 100644
--- a/lib/crypto/py_crypto.c
+++ b/lib/crypto/py_crypto.c
@@ -25,6 +25,7 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 #include "lib/crypto/gnutls_helpers.h"
+#include "lib/crypto/md4.h"
 #include "libcli/auth/libcli_auth.h"
 
 static PyObject *py_crypto_arcfour_crypt_blob(PyObject *module, PyObject *args)
@@ -160,6 +161,36 @@ static PyObject *py_crypto_des_crypt_blob_16(PyObject *self, PyObject *args)
 					 sizeof(result));
 }
 
+static PyObject *py_crypto_md4_hash_blob(PyObject *self, PyObject *args)
+{
+	PyObject *py_data = NULL;
+	uint8_t *data = NULL;
+	Py_ssize_t data_size;
+
+	uint8_t result[16];
+
+	bool ok;
+	int ret;
+
+	ok = PyArg_ParseTuple(args, "S",
+			      &py_data);
+	if (!ok) {
+		return NULL;
+	}
+
+	ret = PyBytes_AsStringAndSize(py_data,
+				      (char **)&data,
+				      &data_size);
+	if (ret != 0) {
+		return NULL;
+	}
+
+	mdfour(result, data, data_size);
+
+	return PyBytes_FromStringAndSize((const char *)result,
+					 sizeof(result));
+}
+
 static const char py_crypto_arcfour_crypt_blob_doc[] = "arcfour_crypt_blob(data, key)\n"
 					 "Encrypt the data with RC4 algorithm using the key";
 
@@ -167,11 +198,15 @@ static const char py_crypto_des_crypt_blob_16_doc[] = "des_crypt_blob_16(data, k
 						      "Encrypt the 16-byte data with DES using "
 						      "the 14-byte key";
 
+static const char py_crypto_md4_hash_blob_doc[] = "md4_hash_blob(data) -> bytes\n"
+						  "Hash the data with MD4 algorithm";
+
 static PyMethodDef py_crypto_methods[] = {
 	{ "arcfour_crypt_blob", (PyCFunction)py_crypto_arcfour_crypt_blob, METH_VARARGS, py_crypto_arcfour_crypt_blob_doc },
 	{ "set_relax_mode", (PyCFunction)py_crypto_set_relax_mode, METH_NOARGS, "Set fips to relax mode" },
 	{ "set_strict_mode", (PyCFunction)py_crypto_set_strict_mode, METH_NOARGS, "Set fips to strict mode" },
 	{ "des_crypt_blob_16", (PyCFunction)py_crypto_des_crypt_blob_16, METH_VARARGS, py_crypto_des_crypt_blob_16_doc },
+	{ "md4_hash_blob", (PyCFunction)py_crypto_md4_hash_blob, METH_VARARGS, py_crypto_md4_hash_blob_doc },
 	{0},
 };