]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6b413da)
auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()
authorAndreas Schneider <asn@samba.org>
Wed, 15 May 2019 06:32:58 +0000 (08:32 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 21 May 2019 00:03:21 +0000 (00:03 +0000)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth/gensec/schannel.c patch | blob | blame | history

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index c25232aab37636e606190481e1c2013ec020b369..5c1afa8810b3f3e89d76a34202f823cddab73cc0 100644 (file)
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -224,17 +224,39 @@ static void netsec_do_seal(struct schannel_state *state,
                static const uint8_t zeros[4];
                uint8_t digest2[16];
                uint8_t sess_kf0[16];
+               int rc;
                int i;
 
                for (i = 0; i < 16; i++) {
                        sess_kf0[i] = state->creds->session_key[i] ^ 0xf0;
                }
 
-               hmac_md5(sess_kf0, zeros, 4, digest2);
-               hmac_md5(digest2, seq_num, 8, sealing_key);
+               rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+                                     sess_kf0,
+                                     sizeof(sess_kf0),
+                                     zeros,
+                                     4,
+                                     digest2);
+               if (rc < 0) {
+                       ZERO_ARRAY(digest2);
+                       return;
+               }
+
+               rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+                                     digest2,
+                                     sizeof(digest2),
+                                     seq_num,
+                                     8,
+                                     sealing_key);
+               ZERO_ARRAY(digest2);
+               if (rc < 0) {
+                       return;
+               }
 
                arcfour_crypt(confounder, sealing_key, 8);
                arcfour_crypt(data, sealing_key, length);
+
+               ZERO_ARRAY(sealing_key);
        }
 }
 
Mirror of https://github.com/samba-team/samba.git