From eca425ef5b6a05f1facf6fb94b73fa1aea6d7007 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 14 Mar 2019 17:22:22 +0100
Subject: [PATCH] libcli:smb: Use GnuTLS SHA256 HMAC in smb2_signing_sign_pdu()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 libcli/smb/smb2_signing.c | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 1577dee5b0b..22d1939c7aa 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -82,17 +82,29 @@ NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key,
 
 		ZERO_ARRAY(key);
 	} else {
-		struct HMACSHA256Context m;
-		uint8_t digest[SHA256_DIGEST_LENGTH];
+		gnutls_hmac_hd_t hmac_hnd = NULL;
+		uint8_t digest[gnutls_hmac_get_len(GNUTLS_MAC_SHA256)];
+		int rc;
+
+		rc = gnutls_hmac_init(&hmac_hnd,
+				      GNUTLS_MAC_SHA256,
+				      signing_key.data,
+				      MIN(signing_key.length, 16));
+		if (rc < 0) {
+			return NT_STATUS_NO_MEMORY;
+		}
 
-		ZERO_STRUCT(m);
-		hmac_sha256_init(signing_key.data, MIN(signing_key.length, 16), &m);
-		for (i=0; i < count; i++) {
-			hmac_sha256_update((const uint8_t *)vector[i].iov_base,
-					   vector[i].iov_len, &m);
+		for (i = 0; i < count; i++) {
+			rc = gnutls_hmac(hmac_hnd,
+					 vector[i].iov_base,
+					 vector[i].iov_len);
+			if (rc < 0) {
+				gnutls_hmac_deinit(hmac_hnd, NULL);
+				return NT_STATUS_NO_MEMORY;
+			}
 		}
-		hmac_sha256_final(digest, &m);
-		memcpy(res, digest, 16);
+		gnutls_hmac_deinit(hmac_hnd, digest);
+		memcpy(res, digest, sizeof(res));
 	}
 	DEBUG(5,("signed SMB2 message\n"));
 
-- 
2.47.3