From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 May 2019 06:02:59 +0000 (+0200)
Subject: libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()
X-Git-Tag: ldb-2.0.5~748
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=152cd8b42617690d9f589a1736ee15fa59ee8787;p=thirdparty%2Fsamba.git

libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 6e2d617b26d..c1ce65388f4 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -807,17 +807,36 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
 
 void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key)
 {
-	MD5_CTX tctx;
+	gnutls_hash_hd_t hash_hnd = NULL;
 	unsigned char key_out[16];
+	int rc;
 
 	/* Confounder is last 16 bytes. */
 
-	MD5Init(&tctx);
-	MD5Update(&tctx, &pw_buf[516], 16);
-	MD5Update(&tctx, psession_key->data, psession_key->length);
-	MD5Final(key_out, &tctx);
+	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	if (rc < 0) {
+		goto out;
+	}
+
+	rc = gnutls_hash(hash_hnd, &pw_buf[516], 16);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		goto out;
+	}
+	rc = gnutls_hash(hash_hnd, psession_key->data, psession_key->length);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		goto out;
+	}
+	gnutls_hash_deinit(hash_hnd, key_out);
+
 	/* arc4 with key_out. */
 	arcfour_crypt(pw_buf, key_out, 516);
+
+	ZERO_ARRAY(key_out);
+
+out:
+	return;
 }
 
 /***********************************************************