Changeset 745 for trunk/server/source4/heimdal/kdc/digest.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source4/heimdal/kdc/digest.c (modified) (24 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source4/heimdal/kdc/digest.c
r414 r745 178 178 179 179 ret = _kdc_db_fetch(context, config, clientprincipal, 180 HDB_F_GET_CLIENT, &db, &user);180 HDB_F_GET_CLIENT, NULL, &db, &user); 181 181 krb5_free_principal(context, clientprincipal); 182 182 if (ret) … … 293 293 294 294 ret = _kdc_db_fetch(context, config, principal, 295 HDB_F_GET_SERVER, NULL, &server);295 HDB_F_GET_SERVER, NULL, NULL, &server); 296 296 if (ret) 297 297 goto out; … … 315 315 316 316 ret = _kdc_db_fetch(context, config, principal, 317 HDB_F_GET_CLIENT, NULL, &client);317 HDB_F_GET_CLIENT, NULL, NULL, &client); 318 318 krb5_free_principal(context, principal); 319 319 if (ret) … … 614 614 615 615 if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) { 616 MD5_CTXctx;616 EVP_MD_CTX *ctx; 617 617 unsigned char md[MD5_DIGEST_LENGTH]; 618 618 char *mdx; … … 643 643 goto out; 644 644 645 MD5_Init(&ctx); 646 MD5_Update(&ctx, &id, 1); 647 MD5_Update(&ctx, password, strlen(password)); 648 MD5_Update(&ctx, serverNonce.data, serverNonce.length); 649 MD5_Final(md, &ctx); 645 ctx = EVP_MD_CTX_create(); 646 647 EVP_DigestInit_ex(ctx, EVP_md5(), NULL); 648 EVP_DigestUpdate(ctx, &id, 1); 649 EVP_DigestUpdate(ctx, password, strlen(password)); 650 EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length); 651 EVP_DigestFinal_ex(ctx, md, NULL); 652 653 EVP_MD_CTX_destroy(ctx); 650 654 651 655 hex_encode(md, sizeof(md), &mdx); … … 670 674 671 675 } else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) { 672 MD5_CTXctx;676 EVP_MD_CTX *ctx; 673 677 unsigned char md[MD5_DIGEST_LENGTH]; 674 678 char *mdx; … … 695 699 goto failed; 696 700 697 MD5_Init(&ctx); 698 MD5_Update(&ctx, ireq.u.digestRequest.username, 701 ctx = EVP_MD_CTX_create(); 702 703 EVP_DigestInit_ex(ctx, EVP_md5(), NULL); 704 EVP_DigestUpdate(ctx, ireq.u.digestRequest.username, 699 705 strlen(ireq.u.digestRequest.username)); 700 MD5_Update(&ctx, ":", 1);701 MD5_Update(&ctx, *ireq.u.digestRequest.realm,706 EVP_DigestUpdate(ctx, ":", 1); 707 EVP_DigestUpdate(ctx, *ireq.u.digestRequest.realm, 702 708 strlen(*ireq.u.digestRequest.realm)); 703 MD5_Update(&ctx, ":", 1);704 MD5_Update(&ctx, password, strlen(password));705 MD5_Final(md, &ctx);706 707 MD5_Init(&ctx);708 MD5_Update(&ctx, md, sizeof(md));709 MD5_Update(&ctx, ":", 1);710 MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,709 EVP_DigestUpdate(ctx, ":", 1); 710 EVP_DigestUpdate(ctx, password, strlen(password)); 711 EVP_DigestFinal_ex(ctx, md, NULL); 712 713 EVP_DigestInit_ex(ctx, EVP_md5(), NULL); 714 EVP_DigestUpdate(ctx, md, sizeof(md)); 715 EVP_DigestUpdate(ctx, ":", 1); 716 EVP_DigestUpdate(ctx, ireq.u.digestRequest.serverNonce, 711 717 strlen(ireq.u.digestRequest.serverNonce)); 712 MD5_Update(&ctx, ":", 1);713 MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,718 EVP_DigestUpdate(ctx, ":", 1); 719 EVP_DigestUpdate(ctx, *ireq.u.digestRequest.nonceCount, 714 720 strlen(*ireq.u.digestRequest.nonceCount)); 715 721 if (ireq.u.digestRequest.authid) { 716 MD5_Update(&ctx, ":", 1);717 MD5_Update(&ctx, *ireq.u.digestRequest.authid,722 EVP_DigestUpdate(ctx, ":", 1); 723 EVP_DigestUpdate(ctx, *ireq.u.digestRequest.authid, 718 724 strlen(*ireq.u.digestRequest.authid)); 719 725 } 720 MD5_Final(md, &ctx);726 EVP_DigestFinal_ex(ctx, md, NULL); 721 727 hex_encode(md, sizeof(md), &A1); 722 728 if (A1 == NULL) { 723 729 ret = ENOMEM; 724 730 krb5_set_error_message(context, ret, "malloc: out of memory"); 731 EVP_MD_CTX_destroy(ctx); 725 732 goto failed; 726 733 } 727 734 728 MD5_Init(&ctx); 729 MD5_Update(&ctx, "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1); 730 MD5_Update(&ctx, *ireq.u.digestRequest.uri, 735 EVP_DigestInit_ex(ctx, EVP_md5(), NULL); 736 EVP_DigestUpdate(ctx, 737 "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1); 738 EVP_DigestUpdate(ctx, *ireq.u.digestRequest.uri, 731 739 strlen(*ireq.u.digestRequest.uri)); 732 740 … … 734 742 if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) { 735 743 static char conf_zeros[] = ":00000000000000000000000000000000"; 736 MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1); 737 } 738 739 MD5_Final(md, &ctx); 744 EVP_DigestUpdate(ctx, conf_zeros, sizeof(conf_zeros) - 1); 745 } 746 747 EVP_DigestFinal_ex(ctx, md, NULL); 748 740 749 hex_encode(md, sizeof(md), &A2); 741 750 if (A2 == NULL) { … … 746 755 } 747 756 748 MD5_Init(&ctx);749 MD5_Update(&ctx, A1, strlen(A2));750 MD5_Update(&ctx, ":", 1);751 MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,757 EVP_DigestInit_ex(ctx, EVP_md5(), NULL); 758 EVP_DigestUpdate(ctx, A1, strlen(A2)); 759 EVP_DigestUpdate(ctx, ":", 1); 760 EVP_DigestUpdate(ctx, ireq.u.digestRequest.serverNonce, 752 761 strlen(ireq.u.digestRequest.serverNonce)); 753 MD5_Update(&ctx, ":", 1);754 MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,762 EVP_DigestUpdate(ctx, ":", 1); 763 EVP_DigestUpdate(ctx, *ireq.u.digestRequest.nonceCount, 755 764 strlen(*ireq.u.digestRequest.nonceCount)); 756 MD5_Update(&ctx, ":", 1);757 MD5_Update(&ctx, *ireq.u.digestRequest.clientNonce,765 EVP_DigestUpdate(ctx, ":", 1); 766 EVP_DigestUpdate(ctx, *ireq.u.digestRequest.clientNonce, 758 767 strlen(*ireq.u.digestRequest.clientNonce)); 759 MD5_Update(&ctx, ":", 1);760 MD5_Update(&ctx, *ireq.u.digestRequest.qop,768 EVP_DigestUpdate(ctx, ":", 1); 769 EVP_DigestUpdate(ctx, *ireq.u.digestRequest.qop, 761 770 strlen(*ireq.u.digestRequest.qop)); 762 MD5_Update(&ctx, ":", 1); 763 MD5_Update(&ctx, A2, strlen(A2)); 764 765 MD5_Final(md, &ctx); 771 EVP_DigestUpdate(ctx, ":", 1); 772 EVP_DigestUpdate(ctx, A2, strlen(A2)); 773 774 EVP_DigestFinal_ex(ctx, md, NULL); 775 776 EVP_MD_CTX_destroy(ctx); 766 777 767 778 free(A1); … … 794 805 struct ntlm_buf answer; 795 806 Key *key = NULL; 796 SHA_CTXctx;807 EVP_MD_CTX *ctx; 797 808 798 809 if ((config->digests_allowed & MS_CHAP_V2) == 0) { … … 821 832 username++; 822 833 834 ctx = EVP_MD_CTX_create(); 835 823 836 /* ChallangeHash */ 824 SHA1_Init(&ctx);837 EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); 825 838 { 826 839 ssize_t ssize; … … 831 844 if (clientNonce.data == NULL) { 832 845 ret = ENOMEM; 833 krb5_set_error_message(context, ret, "malloc: out of memory"); 846 krb5_set_error_message(context, ret, 847 "malloc: out of memory"); 848 EVP_MD_CTX_destroy(ctx); 834 849 goto out; 835 850 } … … 841 856 krb5_set_error_message(context, ret, 842 857 "Failed to decode clientNonce"); 858 EVP_MD_CTX_destroy(ctx); 843 859 goto out; 844 860 } 845 SHA1_Update(&ctx, clientNonce.data, ssize);861 EVP_DigestUpdate(ctx, clientNonce.data, ssize); 846 862 free(clientNonce.data); 847 863 } 848 SHA1_Update(&ctx, serverNonce.data, serverNonce.length); 849 SHA1_Update(&ctx, username, strlen(username)); 850 SHA1_Final(challange, &ctx); 864 EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length); 865 EVP_DigestUpdate(ctx, username, strlen(username)); 866 867 EVP_DigestFinal_ex(ctx, challange, NULL); 868 869 EVP_MD_CTX_destroy(ctx); 851 870 852 871 /* NtPasswordHash */ … … 856 875 857 876 ret = _kdc_db_fetch(context, config, clientprincipal, 858 HDB_F_GET_CLIENT, NULL, &user);877 HDB_F_GET_CLIENT, NULL, NULL, &user); 859 878 krb5_free_principal(context, clientprincipal); 860 879 if (ret) { … … 905 924 if (r.u.response.success) { 906 925 unsigned char hashhash[MD4_DIGEST_LENGTH]; 926 EVP_MD_CTX *ctx; 927 928 ctx = EVP_MD_CTX_create(); 907 929 908 930 /* hashhash */ 909 931 { 910 MD4_CTX hctx; 911 912 MD4_Init(&hctx); 913 MD4_Update(&hctx, key->key.keyvalue.data, 914 key->key.keyvalue.length); 915 MD4_Final(hashhash, &hctx); 932 EVP_DigestInit_ex(ctx, EVP_md4(), NULL); 933 EVP_DigestUpdate(ctx, 934 key->key.keyvalue.data, 935 key->key.keyvalue.length); 936 EVP_DigestFinal_ex(ctx, hashhash, NULL); 916 937 } 917 938 918 939 /* GenerateAuthenticatorResponse */ 919 SHA1_Init(&ctx); 920 SHA1_Update(&ctx, hashhash, sizeof(hashhash)); 921 SHA1_Update(&ctx, answer.data, answer.length); 922 SHA1_Update(&ctx, ms_chap_v2_magic1,sizeof(ms_chap_v2_magic1)); 923 SHA1_Final(md, &ctx); 924 925 SHA1_Init(&ctx); 926 SHA1_Update(&ctx, md, sizeof(md)); 927 SHA1_Update(&ctx, challange, 8); 928 SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2)); 929 SHA1_Final(md, &ctx); 940 EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); 941 EVP_DigestUpdate(ctx, hashhash, sizeof(hashhash)); 942 EVP_DigestUpdate(ctx, answer.data, answer.length); 943 EVP_DigestUpdate(ctx, ms_chap_v2_magic1, 944 sizeof(ms_chap_v2_magic1)); 945 EVP_DigestFinal_ex(ctx, md, NULL); 946 947 EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); 948 EVP_DigestUpdate(ctx, md, sizeof(md)); 949 EVP_DigestUpdate(ctx, challange, 8); 950 EVP_DigestUpdate(ctx, ms_chap_v2_magic2, 951 sizeof(ms_chap_v2_magic2)); 952 EVP_DigestFinal_ex(ctx, md, NULL); 930 953 931 954 r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp)); … … 933 956 free(answer.data); 934 957 krb5_clear_error_message(context); 958 EVP_MD_CTX_destroy(ctx); 935 959 ret = ENOMEM; 936 960 goto out; … … 941 965 free(answer.data); 942 966 krb5_clear_error_message(context); 967 EVP_MD_CTX_destroy(ctx); 943 968 ret = ENOMEM; 944 969 goto out; … … 946 971 947 972 /* get_master, rfc 3079 3.4 */ 948 SHA1_Init(&ctx); 949 SHA1_Update(&ctx, hashhash, 16); /* md4(hash) */ 950 SHA1_Update(&ctx, answer.data, answer.length); 951 SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1)); 952 SHA1_Final(md, &ctx); 973 EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); 974 EVP_DigestUpdate(ctx, hashhash, 16); 975 EVP_DigestUpdate(ctx, answer.data, answer.length); 976 EVP_DigestUpdate(ctx, ms_rfc3079_magic1, 977 sizeof(ms_rfc3079_magic1)); 978 EVP_DigestFinal_ex(ctx, md, NULL); 953 979 954 980 free(answer.data); 981 982 EVP_MD_CTX_destroy(ctx); 955 983 956 984 r.u.response.session_key = … … 1131 1159 1132 1160 ret = _kdc_db_fetch(context, config, clientprincipal, 1133 HDB_F_GET_CLIENT, NULL, &user);1161 HDB_F_GET_CLIENT, NULL, NULL, &user); 1134 1162 krb5_free_principal(context, clientprincipal); 1135 1163 if (ret) { … … 1238 1266 if (flags & NTLM_NEG_NTLM2_SESSION) { 1239 1267 unsigned char sessionhash[MD5_DIGEST_LENGTH]; 1240 MD5_CTX md5ctx;1268 EVP_MD_CTX *ctx; 1241 1269 1242 1270 if ((config->digests_allowed & NTLM_V1_SESSION) == 0) { … … 1253 1281 } 1254 1282 1255 MD5_Init(&md5ctx); 1256 MD5_Update(&md5ctx, challange, sizeof(challange)); 1257 MD5_Update(&md5ctx, ireq.u.ntlmRequest.lm.data, 8); 1258 MD5_Final(sessionhash, &md5ctx); 1283 ctx = EVP_MD_CTX_create(); 1284 1285 EVP_DigestInit_ex(ctx, EVP_md5(), NULL); 1286 1287 EVP_DigestUpdate(ctx, challange, sizeof(challange)); 1288 EVP_DigestUpdate(ctx, ireq.u.ntlmRequest.lm.data, 8); 1289 EVP_DigestFinal_ex(ctx, sessionhash, NULL); 1259 1290 memcpy(challange, sessionhash, sizeof(challange)); 1291 1292 EVP_MD_CTX_destroy(ctx); 1293 1260 1294 } else { 1261 1295 if ((config->digests_allowed & NTLM_V1) == 0) { … … 1284 1318 1285 1319 { 1286 MD4_CTX ctx; 1287 1288 MD4_Init(&ctx); 1289 MD4_Update(&ctx, 1290 key->key.keyvalue.data, key->key.keyvalue.length); 1291 MD4_Final(sessionkey, &ctx); 1320 EVP_MD_CTX *ctx; 1321 1322 ctx = EVP_MD_CTX_create(); 1323 1324 EVP_DigestInit_ex(ctx, EVP_md4(), NULL); 1325 EVP_DigestUpdate(ctx, 1326 key->key.keyvalue.data, 1327 key->key.keyvalue.length); 1328 EVP_DigestFinal_ex(ctx, sessionkey, NULL); 1329 1330 EVP_MD_CTX_destroy(ctx); 1292 1331 } 1293 1332 } … … 1295 1334 if (ireq.u.ntlmRequest.sessionkey) { 1296 1335 unsigned char masterkey[MD4_DIGEST_LENGTH]; 1297 RC4_KEYrc4;1336 EVP_CIPHER_CTX rc4; 1298 1337 size_t len; 1299 1338 … … 1315 1354 } 1316 1355 1317 RC4_set_key(&rc4, sizeof(sessionkey), sessionkey); 1318 1319 RC4(&rc4, sizeof(masterkey), 1320 ireq.u.ntlmRequest.sessionkey->data, 1321 masterkey); 1322 memset(&rc4, 0, sizeof(rc4)); 1356 1357 EVP_CIPHER_CTX_init(&rc4); 1358 EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1); 1359 EVP_Cipher(&rc4, 1360 masterkey, ireq.u.ntlmRequest.sessionkey->data, 1361 sizeof(masterkey)); 1362 EVP_CIPHER_CTX_cleanup(&rc4); 1323 1363 1324 1364 r.u.ntlmResponse.sessionkey =
Note:
See TracChangeset
for help on using the changeset viewer.
