s4:ntlmssp: avoid usage of calc_ntlmv2_key_talloc()

metze

Signed-off-by: Günther Deschner <gd@samba.org>

diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index 9e41d776646c868623d494f7dcc879c0f35c2f98..e8035661ce3581c8ef6deec187e27d6175d6cc65 100644 (file)
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -138,8 +138,8 @@ struct ntlmssp_state
                struct {
                        uint32_t send_seq_num;
                        uint32_t recv_seq_num;
-                       DATA_BLOB send_sign_key;
-                       DATA_BLOB recv_sign_key;
+                       uint8_t send_sign_key[16];
+                       uint8_t recv_sign_key[16];
                        struct arcfour_state *send_seal_arcfour_state;
                        struct arcfour_state *recv_seal_arcfour_state;
                } ntlm2;

diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index f00cbaa017d7c5bf45a982ef75d0f2bd31624100..e48742740301088166c14780e284b17d21558fce 100644 (file)
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -40,19 +40,6 @@
  *
  */
 
-static void calc_ntlmv2_key_talloc(TALLOC_CTX *mem_ctx,
-                           DATA_BLOB *subkey,
-                           DATA_BLOB session_key,
-                           const char *constant)
-{
-       struct MD5Context ctx3;
-       *subkey = data_blob_talloc(mem_ctx, NULL, 16);
-       MD5Init(&ctx3);
-       MD5Update(&ctx3, session_key.data, session_key.length);
-       MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1);
-       MD5Final(subkey->data, &ctx3);
-}
-
 static void calc_ntlmv2_key(uint8_t subkey[16],
                            DATA_BLOB session_key,
                            const char *constant)
@@ -90,14 +77,12 @@ static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_stat
                case NTLMSSP_SEND:
                        SIVAL(seq_num, 0, ntlmssp_state->crypt.ntlm2.send_seq_num);
                        ntlmssp_state->crypt.ntlm2.send_seq_num++;
-                       hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.send_sign_key.data,
-                                                ntlmssp_state->crypt.ntlm2.send_sign_key.length, &ctx);
+                       hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.send_sign_key, 16, &ctx);
                        break;
                case NTLMSSP_RECEIVE:
                        SIVAL(seq_num, 0, ntlmssp_state->crypt.ntlm2.recv_seq_num);
                        ntlmssp_state->crypt.ntlm2.recv_seq_num++;
-                       hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
-                                                ntlmssp_state->crypt.ntlm2.recv_sign_key.length, &ctx);
+                       hmac_md5_init_limK_to_64(ntlmssp_state->crypt.ntlm2.recv_sign_key, 16, &ctx);
                        break;
                }
                hmac_md5_update(seq_num, sizeof(seq_num), &ctx);
@@ -427,12 +412,10 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
                             weak_session_key.length);
 
                /* SEND: sign key */
-               calc_ntlmv2_key_talloc(ntlmssp_state,
-                               &ntlmssp_state->crypt.ntlm2.send_sign_key,
+               calc_ntlmv2_key(ntlmssp_state->crypt.ntlm2.send_sign_key,
                                ntlmssp_state->session_key, send_sign_const);
                dump_data_pw("NTLMSSP send sign key:\n",
-                            ntlmssp_state->crypt.ntlm2.send_sign_key.data,
-                            ntlmssp_state->crypt.ntlm2.send_sign_key.length);
+                            ntlmssp_state->crypt.ntlm2.send_sign_key, 16);
 
                /* SEND: seal ARCFOUR pad */
                calc_ntlmv2_key(send_seal_key,
@@ -450,12 +433,10 @@ NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
                ntlmssp_state->crypt.ntlm2.send_seq_num = 0;
 
                /* RECV: sign key */
-               calc_ntlmv2_key_talloc(ntlmssp_state,
-                               &ntlmssp_state->crypt.ntlm2.recv_sign_key,
+               calc_ntlmv2_key(ntlmssp_state->crypt.ntlm2.recv_sign_key,
                                ntlmssp_state->session_key, recv_sign_const);
                dump_data_pw("NTLMSSP recv sign key:\n",
-                            ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
-                            ntlmssp_state->crypt.ntlm2.recv_sign_key.length);
+                            ntlmssp_state->crypt.ntlm2.recv_sign_key, 16);
 
                /* RECV: seal ARCFOUR pad */
                calc_ntlmv2_key(recv_seal_key,
@@ -715,7 +696,7 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
                        ntlm2_seqnum_r = ntlmssp_state->crypt.ntlm2.recv_seq_num;
                        ntlm2_state_r = *ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state;
                        memcpy(ntlm2_key_r,
-                              ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
+                              ntlmssp_state->crypt.ntlm2.recv_sign_key,
                               16);
                } else {
                        ntlm_seqnum = ntlmssp_state->crypt.ntlm.seq_num;
@@ -737,7 +718,7 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security,
                        if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
                                ntlmssp_state->crypt.ntlm2.recv_seq_num = ntlm2_seqnum_r;
                                *ntlmssp_state->crypt.ntlm2.recv_seal_arcfour_state = ntlm2_state_r;
-                               memcpy(ntlmssp_state->crypt.ntlm2.recv_sign_key.data,
+                               memcpy(ntlmssp_state->crypt.ntlm2.recv_sign_key,
                                       ntlm2_key_r, 16);
                        } else {
                                ntlmssp_state->crypt.ntlm.seq_num = ntlm_seqnum;