From: Andreas Schneider <asn@samba.org>
Date: Mon, 18 Nov 2019 09:24:56 +0000 (+0100)
Subject: s3:winbindd: Replace E_md5hash() with GnuTLS calls
X-Git-Tag: ldb-2.1.0~696
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=10499507c4fd91751898696b866ce32b1e38f605;p=thirdparty%2Fsamba.git

s3:winbindd: Replace E_md5hash() with GnuTLS calls

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 394b0c774a9..3e7afdaa546 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -37,6 +37,9 @@
 #include "libsmb/samlogon_cache.h"
 #include "lib/namemap_cache.h"
 
+#include "lib/crypto/gnutls_helpers.h"
+#include <gnutls/crypto.h>
+
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
 
@@ -1364,6 +1367,8 @@ NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
 	uint32_t rid;
 	uint8_t cred_salt[NT_HASH_LEN];
 	uint8_t salted_hash[NT_HASH_LEN];
+	gnutls_hash_hd_t hash_hnd = NULL;
+	int rc;
 
 	if (is_null_sid(sid)) {
 		return NT_STATUS_INVALID_SID;
@@ -1384,7 +1389,23 @@ NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
 
 	/* Create a salt and then salt the hash. */
 	generate_random_buffer(cred_salt, NT_HASH_LEN);
-	E_md5hash(cred_salt, nt_pass, salted_hash);
+
+	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	if (rc < 0) {
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
+	}
+
+	rc = gnutls_hash(hash_hnd, cred_salt, 16);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
+	}
+	rc = gnutls_hash(hash_hnd, nt_pass, 16);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
+	}
+	gnutls_hash_deinit(hash_hnd, salted_hash);
 
 	centry_put_hash16(centry, salted_hash);
 	centry_put_hash16(centry, cred_salt);