From 8fbf828c6b2e22f3ce56d7214156c75c73147e0c Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 7 Nov 2019 16:16:26 +0100
Subject: [PATCH 178/187] smbdes: convert E_P16() to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9fb6361a8b09fd575bab2f5572fa9e10bd538eed)
---
libcli/auth/proto.h | 2 +-
libcli/auth/smbdes.c | 12 +++++++++---
libcli/auth/smbencrypt.c | 6 +++++-
libcli/auth/tests/test_gnutls.c | 5 ++++-
4 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 7dad549fc43..9ae62efca31 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -223,7 +223,7 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw);
int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7],
enum samba_gnutls_direction encrypt);
-void E_P16(const uint8_t *p14,uint8_t *p16);
+int E_P16(const uint8_t *p14,uint8_t *p16);
void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out);
void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c
index fe397592fbb..c0d10278179 100644
--- a/libcli/auth/smbdes.c
+++ b/libcli/auth/smbdes.c
@@ -361,11 +361,17 @@ void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int
}
}
-void E_P16(const uint8_t *p14,uint8_t *p16)
+int E_P16(const uint8_t *p14,uint8_t *p16)
{
const uint8_t sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
- des_crypt56(p16, sp8, p14, 1);
- des_crypt56(p16+8, sp8, p14+7, 1);
+ int ret;
+
+ ret = des_crypt56_gnutls(p16, sp8, p14, SAMBA_GNUTLS_ENCRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+
+ return des_crypt56_gnutls(p16+8, sp8, p14+7, SAMBA_GNUTLS_ENCRYPT);
}
void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24)
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index b1d4f985ecf..f2f446eda97 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -105,6 +105,7 @@ bool E_md4hash(const char *passwd, uint8_t p16[16])
bool E_deshash(const char *passwd, uint8_t p16[16])
{
bool ret;
+ int rc;
uint8_t dospwd[14];
TALLOC_CTX *frame = talloc_stackframe();
@@ -133,7 +134,10 @@ bool E_deshash(const char *passwd, uint8_t p16[16])
* case to avoid returning a fixed 'password' buffer, but
* callers should not use it when E_deshash returns false */
- E_P16((const uint8_t *)dospwd, p16);
+ rc = E_P16((const uint8_t *)dospwd, p16);
+ if (rc != 0) {
+ ret = false;
+ }
ZERO_STRUCT(dospwd);
diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c
index f603fa819e8..a6e8fd5b352 100644
--- a/libcli/auth/tests/test_gnutls.c
+++ b/libcli/auth/tests/test_gnutls.c
@@ -274,7 +274,10 @@ static void torture_gnutls_E_P16(void **state)
0x1D, 0xEA, 0xD9, 0xFF, 0xB0, 0xA9, 0xA4, 0x05
};
- E_P16(key, buffer);
+ int rc;
+
+ rc = E_P16(key, buffer);
+ assert_int_equal(rc, 0);
assert_memory_equal(buffer, crypt_expected, 16);
}
--
2.23.0