s3:smbd: Use GnuTLS SHA512 in smb2 session setup
authorAndreas Schneider <asn@samba.org>
Mon, 22 Oct 2018 15:48:43 +0000 (17:48 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 7 May 2019 03:04:30 +0000 (03:04 +0000)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source3/smbd/smb2_sesssetup.c

index 97bf0e0..692f22c 100644 (file)
 #include "../lib/tsocket/tsocket.h"
 #include "../libcli/security/security.h"
 #include "../lib/util/tevent_ntstatus.h"
-#include "lib/crypto/sha512.h"
 #include "lib/crypto/aes.h"
 #include "lib/crypto/aes_ccm_128.h"
 #include "lib/crypto/aes_gcm_128.h"
 
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_SMB2
 
@@ -220,19 +222,32 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
                struct smbXsrv_preauth *preauth;
                struct _derivation *d;
                DATA_BLOB p;
-               struct hc_sha512state sctx;
+               gnutls_hash_hd_t hash_hnd;
+               int rc;
 
                preauth = talloc_move(smb2req, &auth->preauth);
 
-               samba_SHA512_Init(&sctx);
-               samba_SHA512_Update(&sctx, preauth->sha512_value,
-                                   sizeof(preauth->sha512_value));
+               rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA512);
+               if (rc < 0) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               rc = gnutls_hash(hash_hnd,
+                                preauth->sha512_value,
+                                sizeof(preauth->sha512_value));
+               if (rc < 0) {
+                       gnutls_hash_deinit(hash_hnd, NULL);
+                       return NT_STATUS_ACCESS_DENIED;
+               }
                for (i = 1; i < smb2req->in.vector_count; i++) {
-                       samba_SHA512_Update(&sctx,
-                                           smb2req->in.vector[i].iov_base,
-                                           smb2req->in.vector[i].iov_len);
+                       rc = gnutls_hash(hash_hnd,
+                                        smb2req->in.vector[i].iov_base,
+                                        smb2req->in.vector[i].iov_len);
+                       if (rc < 0) {
+                               gnutls_hash_deinit(hash_hnd, NULL);
+                               return NT_STATUS_ACCESS_DENIED;
+                       }
                }
-               samba_SHA512_Final(preauth->sha512_value, &sctx);
+               gnutls_hash_deinit(hash_hnd, preauth->sha512_value);
 
                p = data_blob_const(preauth->sha512_value,
                                    sizeof(preauth->sha512_value));
@@ -648,19 +663,33 @@ static NTSTATUS smbd_smb2_bind_auth_return(struct smbXsrv_session *session,
                struct smbXsrv_preauth *preauth;
                struct _derivation *d;
                DATA_BLOB p;
-               struct hc_sha512state sctx;
+               gnutls_hash_hd_t hash_hnd = NULL;
+               int rc;
 
                preauth = talloc_move(smb2req, &auth->preauth);
 
-               samba_SHA512_Init(&sctx);
-               samba_SHA512_Update(&sctx, preauth->sha512_value,
-                                   sizeof(preauth->sha512_value));
+               rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA512);
+               if (rc < 0) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+
+               rc = gnutls_hash(hash_hnd,
+                                preauth->sha512_value,
+                                sizeof(preauth->sha512_value));
+               if (rc < 0) {
+                       gnutls_hash_deinit(hash_hnd, NULL);
+                       return NT_STATUS_INTERNAL_ERROR;
+               }
                for (i = 1; i < smb2req->in.vector_count; i++) {
-                       samba_SHA512_Update(&sctx,
-                                           smb2req->in.vector[i].iov_base,
-                                           smb2req->in.vector[i].iov_len);
+                       rc = gnutls_hash(hash_hnd,
+                                        smb2req->in.vector[i].iov_base,
+                                        smb2req->in.vector[i].iov_len);
+                       if (rc < 0) {
+                               gnutls_hash_deinit(hash_hnd, NULL);
+                               return NT_STATUS_INTERNAL_ERROR;
+                       }
                }
-               samba_SHA512_Final(preauth->sha512_value, &sctx);
+               gnutls_hash_deinit(hash_hnd, preauth->sha512_value);
 
                p = data_blob_const(preauth->sha512_value,
                                    sizeof(preauth->sha512_value));