From 5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 20 Sep 2009 23:18:34 -0700
Subject: s4:heimdal: import lorikeet-heimdal-200909210500 (commit
 290db8d23647a27c39b97c189a0b2ef6ec21ca69)

---
 source4/heimdal/lib/ntlm/ntlm.c | 104 +++++++++++++++++++++++++++-------------
 1 file changed, 70 insertions(+), 34 deletions(-)

(limited to 'source4/heimdal/lib/ntlm')

diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c
index 1fe456d022..36a04f1ff2 100644
--- a/source4/heimdal/lib/ntlm/ntlm.c
+++ b/source4/heimdal/lib/ntlm/ntlm.c
@@ -875,22 +875,23 @@ splitandenc(unsigned char *hash,
 	    unsigned char *challange,
 	    unsigned char *answer)
 {
-    DES_cblock key;
-    DES_key_schedule sched;
-
-    ((unsigned char*)key)[0] =  hash[0];
-    ((unsigned char*)key)[1] = (hash[0] << 7) | (hash[1] >> 1);
-    ((unsigned char*)key)[2] = (hash[1] << 6) | (hash[2] >> 2);
-    ((unsigned char*)key)[3] = (hash[2] << 5) | (hash[3] >> 3);
-    ((unsigned char*)key)[4] = (hash[3] << 4) | (hash[4] >> 4);
-    ((unsigned char*)key)[5] = (hash[4] << 3) | (hash[5] >> 5);
-    ((unsigned char*)key)[6] = (hash[5] << 2) | (hash[6] >> 6);
-    ((unsigned char*)key)[7] = (hash[6] << 1);
-
-    DES_set_odd_parity(&key);
-    DES_set_key_unchecked(&key, &sched);
-    DES_ecb_encrypt((DES_cblock *)challange, (DES_cblock *)answer, &sched, 1);
-    memset(&sched, 0, sizeof(sched));
+    EVP_CIPHER_CTX ctx;
+    unsigned char key[8];
+
+    key[0] =  hash[0];
+    key[1] = (hash[0] << 7) | (hash[1] >> 1);
+    key[2] = (hash[1] << 6) | (hash[2] >> 2);
+    key[3] = (hash[2] << 5) | (hash[3] >> 3);
+    key[4] = (hash[3] << 4) | (hash[4] >> 4);
+    key[5] = (hash[4] << 3) | (hash[5] >> 5);
+    key[6] = (hash[5] << 2) | (hash[6] >> 6);
+    key[7] = (hash[6] << 1);
+
+    EVP_CIPHER_CTX_init(&ctx);
+    
+    EVP_CipherInit_ex(&ctx, EVP_des_cbc(), NULL, key, NULL, 1);
+    EVP_Cipher(&ctx, answer, challange, 8);
+    EVP_CIPHER_CTX_cleanup(&ctx);
     memset(key, 0, sizeof(key));
 }
 
@@ -910,7 +911,7 @@ int
 heim_ntlm_nt_key(const char *password, struct ntlm_buf *key)
 {
     struct ntlm_buf buf;
-    MD4_CTX ctx;
+    EVP_MD_CTX *m;
     int ret;
 
     key->data = malloc(MD5_DIGEST_LENGTH);
@@ -923,9 +924,19 @@ heim_ntlm_nt_key(const char *password, struct ntlm_buf *key)
 	heim_ntlm_free_buf(key);
 	return ret;
     }
-    MD4_Init(&ctx);
-    MD4_Update(&ctx, buf.data, buf.length);
-    MD4_Final(key->data, &ctx);
+
+    m = EVP_MD_CTX_create();
+    if (m == NULL) {
+	heim_ntlm_free_buf(key);
+	heim_ntlm_free_buf(&buf);
+	return ENOMEM;
+    }
+
+    EVP_DigestInit_ex(m, EVP_md4(), NULL);
+    EVP_DigestUpdate(m, buf.data, buf.length);
+    EVP_DigestFinal_ex(m, key->data, NULL);
+    EVP_MD_CTX_destroy(m);
+
     heim_ntlm_free_buf(&buf);
     return 0;
 }
@@ -988,7 +999,7 @@ heim_ntlm_build_ntlm1_master(void *key, size_t len,
 			     struct ntlm_buf *session,
 			     struct ntlm_buf *master)
 {
-    RC4_KEY rc4;
+    EVP_CIPHER_CTX c;
 
     memset(master, 0, sizeof(*master));
     memset(session, 0, sizeof(*session));
@@ -1010,25 +1021,42 @@ heim_ntlm_build_ntlm1_master(void *key, size_t len,
 	return EINVAL;
     }
 
+    EVP_CIPHER_CTX_init(&c);
+
     {
 	unsigned char sessionkey[MD4_DIGEST_LENGTH];
-	MD4_CTX ctx;
+	EVP_MD_CTX *m;
+
+	m = EVP_MD_CTX_create();
+	if (m == NULL) {
+	    EVP_CIPHER_CTX_cleanup(&c);
+	    heim_ntlm_free_buf(master);
+	    heim_ntlm_free_buf(session);
+	    return ENOMEM;
+	}
 
-	MD4_Init(&ctx);
-	MD4_Update(&ctx, key, len);
-	MD4_Final(sessionkey, &ctx);
+	EVP_DigestInit_ex(m, EVP_md4(), NULL);
+	EVP_DigestUpdate(m, key, len);
+	EVP_DigestFinal_ex(m, sessionkey, NULL);
+	EVP_MD_CTX_destroy(m);
 	
-	RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
+	if (EVP_CipherInit_ex(&c, EVP_rc4(), NULL, sessionkey, NULL, 1) != 1) {
+	    EVP_CIPHER_CTX_cleanup(&c);
+	    heim_ntlm_free_buf(master);
+	    heim_ntlm_free_buf(session);
+	    return EINVAL;
+	}
     }
 
     if (RAND_bytes(session->data, session->length) != 1) {
+	EVP_CIPHER_CTX_cleanup(&c);
 	heim_ntlm_free_buf(master);
 	heim_ntlm_free_buf(session);
 	return EINVAL;
     }
 
-    RC4(&rc4, master->length, session->data, master->data);
-    memset(&rc4, 0, sizeof(rc4));
+    EVP_Cipher(&c, master->data, session->data, master->length);
+    EVP_CIPHER_CTX_cleanup(&c);
 
     return 0;
 }
@@ -1349,15 +1377,22 @@ heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8],
 {
     unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH];
     unsigned char res[21], *resp;
-    MD5_CTX md5;
+    EVP_MD_CTX *m;
+
+    m = EVP_MD_CTX_create();
+    if (m == NULL)
+	return ENOMEM;
 
     lm->data = malloc(24);
-    if (lm->data == NULL)
+    if (lm->data == NULL) {
+	EVP_MD_CTX_destroy(m);
 	return ENOMEM;
+    }
     lm->length = 24;
 
     ntlm->data = malloc(24);
     if (ntlm->data == NULL) {
+	EVP_MD_CTX_destroy(m);
 	free(lm->data);
 	lm->data = NULL;
 	return ENOMEM;
@@ -1368,10 +1403,11 @@ heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8],
     memset(lm->data, 0, 24);
     memcpy(lm->data, clnt_nonce, 8);
 
-    MD5_Init(&md5);
-    MD5_Update(&md5, svr_chal, 8); /* session nonce part 1 */
-    MD5_Update(&md5, clnt_nonce, 8); /* session nonce part 2 */
-    MD5_Final(ntlm2_sess_hash, &md5); /* will only use first 8 bytes */
+    EVP_DigestInit_ex(m, EVP_md5(), NULL);
+    EVP_DigestUpdate(m, svr_chal, 8); /* session nonce part 1 */
+    EVP_DigestUpdate(m, clnt_nonce, 8); /* session nonce part 2 */
+    EVP_DigestFinal_ex(m, ntlm2_sess_hash, NULL); /* will only use first 8 bytes */
+    EVP_MD_CTX_destroy(m);
 
     memset(res, 0, sizeof(res));
     memcpy(res, ntlm_hash, 16);
-- 
cgit