97 lines
3.2 KiB
Diff
97 lines
3.2 KiB
Diff
From 8fbf828c6b2e22f3ce56d7214156c75c73147e0c Mon Sep 17 00:00:00 2001
|
|
From: Isaac Boukris <iboukris@gmail.com>
|
|
Date: Thu, 7 Nov 2019 16:16:26 +0100
|
|
Subject: [PATCH 178/187] smbdes: convert E_P16() to use gnutls
|
|
|
|
Signed-off-by: Isaac Boukris <iboukris@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 9fb6361a8b09fd575bab2f5572fa9e10bd538eed)
|
|
---
|
|
libcli/auth/proto.h | 2 +-
|
|
libcli/auth/smbdes.c | 12 +++++++++---
|
|
libcli/auth/smbencrypt.c | 6 +++++-
|
|
libcli/auth/tests/test_gnutls.c | 5 ++++-
|
|
4 files changed, 19 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
|
index 7dad549fc43..9ae62efca31 100644
|
|
--- a/libcli/auth/proto.h
|
|
+++ b/libcli/auth/proto.h
|
|
@@ -223,7 +223,7 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
|
|
void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int forw);
|
|
int des_crypt56_gnutls(uint8_t out[8], const uint8_t in[8], const uint8_t key[7],
|
|
enum samba_gnutls_direction encrypt);
|
|
-void E_P16(const uint8_t *p14,uint8_t *p16);
|
|
+int E_P16(const uint8_t *p14,uint8_t *p16);
|
|
void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24);
|
|
void D_P16(const uint8_t *p14, const uint8_t *in, uint8_t *out);
|
|
void E_old_pw_hash( uint8_t *p14, const uint8_t *in, uint8_t *out);
|
|
diff --git a/libcli/auth/smbdes.c b/libcli/auth/smbdes.c
|
|
index fe397592fbb..c0d10278179 100644
|
|
--- a/libcli/auth/smbdes.c
|
|
+++ b/libcli/auth/smbdes.c
|
|
@@ -361,11 +361,17 @@ void des_crypt56(uint8_t out[8], const uint8_t in[8], const uint8_t key[7], int
|
|
}
|
|
}
|
|
|
|
-void E_P16(const uint8_t *p14,uint8_t *p16)
|
|
+int E_P16(const uint8_t *p14,uint8_t *p16)
|
|
{
|
|
const uint8_t sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
|
|
- des_crypt56(p16, sp8, p14, 1);
|
|
- des_crypt56(p16+8, sp8, p14+7, 1);
|
|
+ int ret;
|
|
+
|
|
+ ret = des_crypt56_gnutls(p16, sp8, p14, SAMBA_GNUTLS_ENCRYPT);
|
|
+ if (ret != 0) {
|
|
+ return ret;
|
|
+ }
|
|
+
|
|
+ return des_crypt56_gnutls(p16+8, sp8, p14+7, SAMBA_GNUTLS_ENCRYPT);
|
|
}
|
|
|
|
void E_P24(const uint8_t *p21, const uint8_t *c8, uint8_t *p24)
|
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
|
index b1d4f985ecf..f2f446eda97 100644
|
|
--- a/libcli/auth/smbencrypt.c
|
|
+++ b/libcli/auth/smbencrypt.c
|
|
@@ -105,6 +105,7 @@ bool E_md4hash(const char *passwd, uint8_t p16[16])
|
|
bool E_deshash(const char *passwd, uint8_t p16[16])
|
|
{
|
|
bool ret;
|
|
+ int rc;
|
|
uint8_t dospwd[14];
|
|
TALLOC_CTX *frame = talloc_stackframe();
|
|
|
|
@@ -133,7 +134,10 @@ bool E_deshash(const char *passwd, uint8_t p16[16])
|
|
* case to avoid returning a fixed 'password' buffer, but
|
|
* callers should not use it when E_deshash returns false */
|
|
|
|
- E_P16((const uint8_t *)dospwd, p16);
|
|
+ rc = E_P16((const uint8_t *)dospwd, p16);
|
|
+ if (rc != 0) {
|
|
+ ret = false;
|
|
+ }
|
|
|
|
ZERO_STRUCT(dospwd);
|
|
|
|
diff --git a/libcli/auth/tests/test_gnutls.c b/libcli/auth/tests/test_gnutls.c
|
|
index f603fa819e8..a6e8fd5b352 100644
|
|
--- a/libcli/auth/tests/test_gnutls.c
|
|
+++ b/libcli/auth/tests/test_gnutls.c
|
|
@@ -274,7 +274,10 @@ static void torture_gnutls_E_P16(void **state)
|
|
0x1D, 0xEA, 0xD9, 0xFF, 0xB0, 0xA9, 0xA4, 0x05
|
|
};
|
|
|
|
- E_P16(key, buffer);
|
|
+ int rc;
|
|
+
|
|
+ rc = E_P16(key, buffer);
|
|
+ assert_int_equal(rc, 0);
|
|
assert_memory_equal(buffer, crypt_expected, 16);
|
|
}
|
|
|
|
--
|
|
2.23.0
|
|
|