From: Andreas Schneider Date: Mon, 22 Oct 2018 15:48:43 +0000 (+0200) Subject: s3:smbd: Use GnuTLS SHA512 in smb2 session setup X-Git-Url: http://git.samba.org/samba.git/?p=bbaumbach%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=812f5d60edce7ec8b328c8ada7dbc6db39f6adbd s3:smbd: Use GnuTLS SHA512 in smb2 session setup Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett --- diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 97bf0e0245f..692f22cadbe 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -28,11 +28,13 @@ #include "../lib/tsocket/tsocket.h" #include "../libcli/security/security.h" #include "../lib/util/tevent_ntstatus.h" -#include "lib/crypto/sha512.h" #include "lib/crypto/aes.h" #include "lib/crypto/aes_ccm_128.h" #include "lib/crypto/aes_gcm_128.h" +#include +#include + #undef DBGC_CLASS #define DBGC_CLASS DBGC_SMB2 @@ -220,19 +222,32 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, struct smbXsrv_preauth *preauth; struct _derivation *d; DATA_BLOB p; - struct hc_sha512state sctx; + gnutls_hash_hd_t hash_hnd; + int rc; preauth = talloc_move(smb2req, &auth->preauth); - samba_SHA512_Init(&sctx); - samba_SHA512_Update(&sctx, preauth->sha512_value, - sizeof(preauth->sha512_value)); + rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA512); + if (rc < 0) { + return NT_STATUS_NO_MEMORY; + } + rc = gnutls_hash(hash_hnd, + preauth->sha512_value, + sizeof(preauth->sha512_value)); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return NT_STATUS_ACCESS_DENIED; + } for (i = 1; i < smb2req->in.vector_count; i++) { - samba_SHA512_Update(&sctx, - smb2req->in.vector[i].iov_base, - smb2req->in.vector[i].iov_len); + rc = gnutls_hash(hash_hnd, + smb2req->in.vector[i].iov_base, + smb2req->in.vector[i].iov_len); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return NT_STATUS_ACCESS_DENIED; + } } - samba_SHA512_Final(preauth->sha512_value, &sctx); + gnutls_hash_deinit(hash_hnd, preauth->sha512_value); p = data_blob_const(preauth->sha512_value, sizeof(preauth->sha512_value)); @@ -648,19 +663,33 @@ static NTSTATUS smbd_smb2_bind_auth_return(struct smbXsrv_session *session, struct smbXsrv_preauth *preauth; struct _derivation *d; DATA_BLOB p; - struct hc_sha512state sctx; + gnutls_hash_hd_t hash_hnd = NULL; + int rc; preauth = talloc_move(smb2req, &auth->preauth); - samba_SHA512_Init(&sctx); - samba_SHA512_Update(&sctx, preauth->sha512_value, - sizeof(preauth->sha512_value)); + rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA512); + if (rc < 0) { + return NT_STATUS_NO_MEMORY; + } + + rc = gnutls_hash(hash_hnd, + preauth->sha512_value, + sizeof(preauth->sha512_value)); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return NT_STATUS_INTERNAL_ERROR; + } for (i = 1; i < smb2req->in.vector_count; i++) { - samba_SHA512_Update(&sctx, - smb2req->in.vector[i].iov_base, - smb2req->in.vector[i].iov_len); + rc = gnutls_hash(hash_hnd, + smb2req->in.vector[i].iov_base, + smb2req->in.vector[i].iov_len); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + return NT_STATUS_INTERNAL_ERROR; + } } - samba_SHA512_Final(preauth->sha512_value, &sctx); + gnutls_hash_deinit(hash_hnd, preauth->sha512_value); p = data_blob_const(preauth->sha512_value, sizeof(preauth->sha512_value));