From: Andreas Schneider <asn@samba.org>
Date: Fri, 26 Oct 2018 12:59:58 +0000 (+0200)
Subject: libcli:auth: Use GnuTLS MD5 and HMAC MD5 in netlogon_creds_init_128bit
X-Git-Tag: ldb-2.0.5~740
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1810daaf9cc1230656e9f56e042ba8167f196795;p=thirdparty%2Fsamba.git

libcli:auth: Use GnuTLS MD5 and HMAC MD5 in netlogon_creds_init_128bit

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 5d426f663c1..7b0cf40b962 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -79,20 +79,45 @@ static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *cr
 				       const struct netr_Credential *server_challenge,
 				       const struct samr_Password *machine_password)
 {
-	uint8_t zero[4] = {0}, tmp[16];
-	HMACMD5Context ctx;
-	MD5_CTX md5;
+	uint8_t zero[4] = {0};
+	uint8_t tmp[gnutls_hash_get_len(GNUTLS_MAC_MD5)];
+	gnutls_hash_hd_t hash_hnd = NULL;
+	int rc;
 
 	ZERO_ARRAY(creds->session_key);
 
-	hmac_md5_init_rfc2104(machine_password->hash, sizeof(machine_password->hash), &ctx);
-	MD5Init(&md5);
-	MD5Update(&md5, zero, sizeof(zero));
-	MD5Update(&md5, client_challenge->data, 8);
-	MD5Update(&md5, server_challenge->data, 8);
-	MD5Final(tmp, &md5);
-	hmac_md5_update(tmp, sizeof(tmp), &ctx);
-	hmac_md5_final(creds->session_key, &ctx);
+	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	if (rc < 0) {
+		return;
+	}
+
+	rc = gnutls_hash(hash_hnd, zero, sizeof(zero));
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return;
+	}
+	rc = gnutls_hash(hash_hnd, client_challenge->data, 8);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return;
+	}
+	rc = gnutls_hash(hash_hnd, server_challenge->data, 8);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		return;
+	}
+
+	gnutls_hash_deinit(hash_hnd, tmp);
+
+	/* This doesn't require HMAC MD5 RFC2104 as the hash is only 16 bytes */
+	rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+			      machine_password->hash,
+			      sizeof(machine_password->hash),
+			      tmp,
+			      sizeof(tmp),
+			      creds->session_key);
+
+	ZERO_ARRAY(tmp);
 }
 
 /*