Blob Blame History Raw
From 8fbf828c6b2e22f3ce56d7214156c75c73147e0c Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 7 Nov 2019 16:16:26 +0100
Subject: [PATCH 178/187] smbdes: convert E_P16() to use gnutls

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9fb6361a8b09fd575bab2f5572fa9e10bd538eed)
---
 libcli/auth/proto.h             |  2 +-
 libcli/auth/smbdes.c            | 12 +++++++++---
 libcli/auth/smbencrypt.c        |  6 +++++-
 libcli/auth/tests/test_gnutls.c |  5 ++++-
 4 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 7dad549fc43..9ae62efca31 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -223,7 +223,7 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw);
 int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7],
 		       enum samba_gnutls_direction encrypt);
-void E_P16(const uint8_t *p14,uint8_t *p16);
+int E_P16(const uint8_t *p14,uint8_t *p16);
 void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
 void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out);
 void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c
index fe397592fbb..c0d10278179 100644
--- a/libcli/auth/smbdes.c
+++ b/libcli/auth/smbdes.c
@@ -361,11 +361,17 @@ void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int
 	}
 }
 
-void E_P16(const uint8_t *p14,uint8_t *p16)
+int E_P16(const uint8_t *p14,uint8_t *p16)
 {
 	const uint8_t sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
-	des_crypt56(p16, sp8, p14, 1);
-	des_crypt56(p16+8, sp8, p14+7, 1);
+	int ret;
+
+	ret = des_crypt56_gnutls(p16, sp8, p14, SAMBA_GNUTLS_ENCRYPT);
+	if (ret != 0) {
+		return ret;
+	}
+
+	return des_crypt56_gnutls(p16+8, sp8, p14+7, SAMBA_GNUTLS_ENCRYPT);
 }
 
 void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24)
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index b1d4f985ecf..f2f446eda97 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -105,6 +105,7 @@ bool E_md4hash(const char *passwd, uint8_t p16[16])
 bool E_deshash(const char *passwd, uint8_t p16[16])
 {
 	bool ret;
+	int rc;
 	uint8_t dospwd[14];
 	TALLOC_CTX *frame = talloc_stackframe();
 
@@ -133,7 +134,10 @@ bool E_deshash(const char *passwd, uint8_t p16[16])
 	 * case to avoid returning a fixed 'password' buffer, but
 	 * callers should not use it when E_deshash returns false */
 
-	E_P16((const uint8_t *)dospwd, p16);
+	rc = E_P16((const uint8_t *)dospwd, p16);
+	if (rc != 0) {
+		ret = false;
+	}
 
 	ZERO_STRUCT(dospwd);
 
diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c
index f603fa819e8..a6e8fd5b352 100644
--- a/libcli/auth/tests/test_gnutls.c
+++ b/libcli/auth/tests/test_gnutls.c
@@ -274,7 +274,10 @@ static void torture_gnutls_E_P16(void **state)
 		0x1D, 0xEA, 0xD9, 0xFF, 0xB0, 0xA9, 0xA4, 0x05
 	};
 
-	E_P16(key, buffer);
+	int rc;
+
+	rc = E_P16(key, buffer);
+	assert_int_equal(rc, 0);
 	assert_memory_equal(buffer, crypt_expected, 16);
 }
 
-- 
2.23.0