r874: This patch is a pile of work on NTLMSSP:

Samba's NTLMSSP code is now fully talloc based, which should go a long
way to cleaning up the memory leaks in this code.  This also avoids a
lot of extra copies of data, as we now allocate the 'return' blobs on
a caller-supplied context.

I have also been doing a lot of work towards NTLM2 signing and
sealing.  I have this working for sealing, but not for the verifier
(MD5 integrity check on the stream) which is still incorrect.

(I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the
data arrives intact, but the signature check fails.  It does however
match the test values I have...).

The new torture test is cludged in - when we get a unit test suite
back, I'll happliy put it in the 'right' place....

Andrew Bartlett
(This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9)

2 files changed, 57 insertions, 14 deletions

diff --git a/source4/lib/crypto/hmacmd5.c b/source4/lib/crypto/hmacmd5.c
index 8ca7dba841..7697ac8a69 100644
--- a/source4/lib/crypto/hmacmd5.c
+++ b/source4/lib/crypto/hmacmd5.c
@@ -77,20 +77,7 @@ void hmac_md5_init_limK_to_64(const uchar* key, int key_len,
                 key_len = 64;
         }
 
-        /* start out by storing key in pads */
-        ZERO_STRUCT(ctx->k_ipad);
-        ZERO_STRUCT(ctx->k_opad);
-        memcpy( ctx->k_ipad, key, key_len);
-        memcpy( ctx->k_opad, key, key_len);
-
-        /* XOR key with ipad and opad values */
-        for (i=0; i<64; i++) {
-                ctx->k_ipad[i] ^= 0x36;
-                ctx->k_opad[i] ^= 0x5c;
-        }
-
-        MD5Init(&ctx->ctx);
-        MD5Update(&ctx->ctx, ctx->k_ipad, 64);  
+	hmac_md5_init_rfc2104(key, key_len, ctx);
 }
 
 /***********************************************************************
diff --git a/source4/lib/util_str.c b/source4/lib/util_str.c
index 7bdec8c1e9..7d6505bab2 100644
--- a/source4/lib/util_str.c
+++ b/source4/lib/util_str.c
@@ -1196,6 +1196,62 @@ void ipstr_list_free(char* ipstr_list)
 	SAFE_FREE(ipstr_list);
 }
 
+/**
+ Routine to get hex characters and turn them into a 16 byte array.
+ the array can be variable length, and any non-hex-numeric
+ characters are skipped.  "0xnn" or "0Xnn" is specially catered
+ for.
+
+ valid examples: "0A5D15"; "0x15, 0x49, 0xa2"; "59\ta9\te3\n"
+
+**/
+
+size_t strhex_to_str(char *p, size_t len, const char *strhex)
+{
+	size_t i;
+	size_t num_chars = 0;
+	unsigned char   lonybble, hinybble;
+	const char     *hexchars = "0123456789ABCDEF";
+	char           *p1 = NULL, *p2 = NULL;
+
+	for (i = 0; i < len && strhex[i] != 0; i++) {
+		if (strnequal(hexchars, "0x", 2)) {
+			i++; /* skip two chars */
+			continue;
+		}
+
+		if (!(p1 = strchr_m(hexchars, toupper(strhex[i]))))
+			break;
+
+		i++; /* next hex digit */
+
+		if (!(p2 = strchr_m(hexchars, toupper(strhex[i]))))
+			break;
+
+		/* get the two nybbles */
+		hinybble = PTR_DIFF(p1, hexchars);
+		lonybble = PTR_DIFF(p2, hexchars);
+
+		p[num_chars] = (hinybble << 4) | lonybble;
+		num_chars++;
+
+		p1 = NULL;
+		p2 = NULL;
+	}
+	return num_chars;
+}
+
+DATA_BLOB strhex_to_data_blob(const char *strhex) 
+{
+	DATA_BLOB ret_blob = data_blob(NULL, strlen(strhex)/2+1);
+
+	ret_blob.length = strhex_to_str(ret_blob.data, 	
+					strlen(strhex), 
+					strhex);
+
+	return ret_blob;
+}
+
 
 /**
  Unescape a URL encoded string, in place.