From: Andreas Schneider <asn@samba.org>
Date: Mon, 22 Oct 2018 15:44:33 +0000 (+0200)
Subject: s3:smbd: Use GnuTLS SHA512 in smb2 server
X-Git-Tag: tdb-1.4.1~182
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b99c04fcaf583ca35bb789b980593a4405ee01b7;p=thirdparty%2Fsamba.git

s3:smbd: Use GnuTLS SHA512 in smb2 server

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 71c1c3dc9cf..bb2d626539b 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -30,7 +30,9 @@
 #include "../librpc/gen_ndr/krb5pac.h"
 #include "lib/util/iov_buf.h"
 #include "auth.h"
-#include "lib/crypto/sha512.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_SMB2
@@ -3002,28 +3004,54 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
 	}
 
 	if (req->preauth != NULL) {
-		struct hc_sha512state sctx;
-		int i;
+		gnutls_hash_hd_t hash_hnd = NULL;
+		size_t i;
+		int rc;
 
-		samba_SHA512_Init(&sctx);
-		samba_SHA512_Update(&sctx, req->preauth->sha512_value,
-				    sizeof(req->preauth->sha512_value));
+		rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA512);
+		if (rc < 0) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		rc = gnutls_hash(hash_hnd,
+			    req->preauth->sha512_value,
+			    sizeof(req->preauth->sha512_value));
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
 		for (i = 1; i < req->in.vector_count; i++) {
-			samba_SHA512_Update(&sctx,
-					    req->in.vector[i].iov_base,
-					    req->in.vector[i].iov_len);
+			rc = gnutls_hash(hash_hnd,
+					 req->in.vector[i].iov_base,
+					 req->in.vector[i].iov_len);
+			if (rc < 0) {
+				gnutls_hash_deinit(hash_hnd, NULL);
+				return NT_STATUS_INTERNAL_ERROR;
+			}
 		}
-		samba_SHA512_Final(req->preauth->sha512_value, &sctx);
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		gnutls_hash_output(hash_hnd, req->preauth->sha512_value);
 
-		samba_SHA512_Init(&sctx);
-		samba_SHA512_Update(&sctx, req->preauth->sha512_value,
-				    sizeof(req->preauth->sha512_value));
+		rc = gnutls_hash(hash_hnd,
+				 req->preauth->sha512_value,
+				 sizeof(req->preauth->sha512_value));
+		if (rc < 0) {
+			gnutls_hash_deinit(hash_hnd, NULL);
+			return NT_STATUS_INTERNAL_ERROR;
+		}
 		for (i = 1; i < req->out.vector_count; i++) {
-			samba_SHA512_Update(&sctx,
-					    req->out.vector[i].iov_base,
-					    req->out.vector[i].iov_len);
+			rc = gnutls_hash(hash_hnd,
+					 req->out.vector[i].iov_base,
+					 req->out.vector[i].iov_len);
+			if (rc < 0) {
+				gnutls_hash_deinit(hash_hnd, NULL);
+				return NT_STATUS_INTERNAL_ERROR;
+			}
 		}
-		samba_SHA512_Final(req->preauth->sha512_value, &sctx);
+
+		gnutls_hash_deinit(hash_hnd, req->preauth->sha512_value);
 
 		req->preauth = NULL;
 	}