From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 May 2019 06:32:58 +0000 (+0200)
Subject: auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()
X-Git-Tag: ldb-2.0.5~725
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=71926c6e4fea2123265e44e29d1e9d446299c80b;p=thirdparty%2Fsamba.git

auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index c25232aab37..5c1afa8810b 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -224,17 +224,39 @@ static void netsec_do_seal(struct schannel_state *state,
 		static const uint8_t zeros[4];
 		uint8_t digest2[16];
 		uint8_t sess_kf0[16];
+		int rc;
 		int i;
 
 		for (i = 0; i < 16; i++) {
 			sess_kf0[i] = state->creds->session_key[i] ^ 0xf0;
 		}
 
-		hmac_md5(sess_kf0, zeros, 4, digest2);
-		hmac_md5(digest2, seq_num, 8, sealing_key);
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      sess_kf0,
+				      sizeof(sess_kf0),
+				      zeros,
+				      4,
+				      digest2);
+		if (rc < 0) {
+			ZERO_ARRAY(digest2);
+			return;
+		}
+
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      digest2,
+				      sizeof(digest2),
+				      seq_num,
+				      8,
+				      sealing_key);
+		ZERO_ARRAY(digest2);
+		if (rc < 0) {
+			return;
+		}
 
 		arcfour_crypt(confounder, sealing_key, 8);
 		arcfour_crypt(data, sealing_key, length);
+
+		ZERO_ARRAY(sealing_key);
 	}
 }