From e1c04866a89aa550db6aad235da2bdfa7912a06c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 May 2019 08:05:38 +0200
Subject: [PATCH] libcli:auth: Use GnuTLS MD5 HMAC in SMBOWFencrypt_ntv2()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 libcli/auth/smbencrypt.c | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 59f08b21dd8..1c9c7f82270 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -339,12 +339,28 @@ void SMBOWFencrypt_ntv2(const uint8_t kr[16],
 			const DATA_BLOB *smbcli_chal,
 			uint8_t resp_buf[16])
 {
-	HMACMD5Context ctx;
+	gnutls_hmac_hd_t hmac_hnd = NULL;
+	int rc;
 
-	hmac_md5_init_limK_to_64(kr, 16, &ctx);
-	hmac_md5_update(srv_chal->data, srv_chal->length, &ctx);
-	hmac_md5_update(smbcli_chal->data, smbcli_chal->length, &ctx);
-	hmac_md5_final(resp_buf, &ctx);
+	rc = gnutls_hmac_init(&hmac_hnd,
+			      GNUTLS_MAC_MD5,
+			      kr,
+			      16);
+	if (rc < 0) {
+		return;
+	}
+
+	rc = gnutls_hmac(hmac_hnd, srv_chal->data, srv_chal->length);
+	if (rc < 0) {
+		return;
+	}
+	rc = gnutls_hmac(hmac_hnd, smbcli_chal->data, smbcli_chal->length);
+	if (rc < 0) {
+		gnutls_hmac_deinit(hmac_hnd, NULL);
+		return;
+	}
+
+	gnutls_hmac_deinit(hmac_hnd, resp_buf);
 
 #ifdef DEBUG_PASSWORD
 	DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, smbcli_chal, resp_buf\n"));
-- 
2.47.3