From 6b413dab0b407610c43e6294a0bea66243bd6c78 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 May 2019 08:32:24 +0200
Subject: [PATCH] auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seq_num()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 auth/gensec/schannel.c | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 7fb18566dd7..c25232aab37 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -159,10 +159,33 @@ static void netsec_do_seq_num(struct schannel_state *state,
 		static const uint8_t zeros[4];
 		uint8_t sequence_key[16];
 		uint8_t digest1[16];
+		int rc;
+
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      state->creds->session_key,
+				      sizeof(state->creds->session_key),
+				      zeros,
+				      sizeof(zeros),
+				      digest1);
+		if (rc < 0) {
+			return;
+		}
+
+		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
+				      digest1,
+				      sizeof(digest1),
+				      checksum,
+				      checksum_length,
+				      sequence_key);
+		if (rc < 0) {
+			return;
+		}
+
+		ZERO_ARRAY(digest1);
 
-		hmac_md5(state->creds->session_key, zeros, sizeof(zeros), digest1);
-		hmac_md5(digest1, checksum, checksum_length, sequence_key);
 		arcfour_crypt(seq_num, sequence_key, 8);
+
+		ZERO_ARRAY(sequence_key);
 	}
 
 	state->seq_num++;
-- 
2.47.3