From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 May 2019 06:32:24 +0000 (+0200)
Subject: auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seq_num()
X-Git-Tag: ldb-2.0.5~726
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6b413dab0b407610c43e6294a0bea66243bd6c78;p=thirdparty%2Fsamba.git

auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seq_num()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 7fb18566dd7..c25232aab37 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -159,10 +159,33 @@ static void netsec_do_seq_num(struct schannel_state *state,
 		static const uint8_t zeros[4];
 		uint8_t sequence_key[16];
 		uint8_t digest1[16];
+		int rc;
+
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      state->creds->session_key,
+				      sizeof(state->creds->session_key),
+				      zeros,
+				      sizeof(zeros),
+				      digest1);
+		if (rc < 0) {
+			return;
+		}
+
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      digest1,
+				      sizeof(digest1),
+				      checksum,
+				      checksum_length,
+				      sequence_key);
+		if (rc < 0) {
+			return;
+		}
+
+		ZERO_ARRAY(digest1);
 
-		hmac_md5(state->creds->session_key, zeros, sizeof(zeros), digest1);
-		hmac_md5(digest1, checksum, checksum_length, sequence_key);
 		arcfour_crypt(seq_num, sequence_key, 8);
+
+		ZERO_ARRAY(sequence_key);
 	}
 
 	state->seq_num++;