diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c index 2d6d6f6..8f143bf 100644 --- a/auth/credentials/credentials_ntlm.c +++ b/auth/credentials/credentials_ntlm.c @@ -110,7 +110,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred /* LM Key is incompatible... */ *flags &= ~CLI_CRED_LANMAN_AUTH; } else if (*flags & CLI_CRED_NTLM2) { - struct MD5Context md5_session_nonce_ctx; + MD5_CTX md5_session_nonce_ctx; uint8_t session_nonce[16]; uint8_t session_nonce_hash[16]; uint8_t user_session_key[16]; diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index d9bea1c..4060428 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -369,7 +369,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security, */ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) { - struct MD5Context md5_session_nonce_ctx; + MD5_CTX md5_session_nonce_ctx; state->doing_ntlm2 = true; memcpy(state->session_nonce, ntlmssp_state->internal_chal.data, 8); diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c index 4d07a81..c0be914 100644 --- a/auth/ntlmssp/ntlmssp_sign.c +++ b/auth/ntlmssp/ntlmssp_sign.c @@ -51,7 +51,7 @@ static void calc_ntlmv2_key(uint8_t subkey[16], DATA_BLOB session_key, const char *constant) { - struct MD5Context ctx3; + MD5_CTX ctx3; MD5Init(&ctx3); MD5Update(&ctx3, session_key.data, session_key.length); MD5Update(&ctx3, (const uint8_t *)constant, strlen(constant)+1); diff --git a/lib/crypto/hmacmd5.c b/lib/crypto/hmacmd5.c index cfbd428..2419bdb 100644 --- a/lib/crypto/hmacmd5.c +++ b/lib/crypto/hmacmd5.c @@ -36,7 +36,7 @@ _PUBLIC_ void hmac_md5_init_rfc2104(const uint8_t *key, int key_len, HMACMD5Cont /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { - struct MD5Context tctx; + MD5_CTX tctx; MD5Init(&tctx); MD5Update(&tctx, key, key_len); @@ -91,7 +91,7 @@ _PUBLIC_ void hmac_md5_update(const uint8_t *text, int text_len, HMACMD5Context ***********************************************************************/ _PUBLIC_ void hmac_md5_final(uint8_t *digest, HMACMD5Context *ctx) { - struct MD5Context ctx_o; + MD5_CTX ctx_o; MD5Final(digest, &ctx->ctx); diff --git a/lib/crypto/hmacmd5.h b/lib/crypto/hmacmd5.h index 91b8ca5..1fc2750 100644 --- a/lib/crypto/hmacmd5.h +++ b/lib/crypto/hmacmd5.h @@ -25,7 +25,7 @@ typedef struct { - struct MD5Context ctx; + MD5_CTX ctx; uint8_t k_ipad[65]; uint8_t k_opad[65]; diff --git a/lib/crypto/md5.h b/lib/crypto/md5.h index 388cdf8..4467a34 100644 --- a/lib/crypto/md5.h +++ b/lib/crypto/md5.h @@ -6,6 +6,14 @@ #define HEADER_MD5_H #endif +#ifdef HAVE_MD5_H +/* + * Try to avoid clashes with Solaris MD5 implementation. + * ...where almost all implementations follows: + * Schneier's: "Cryptography Classics Library" + */ +#include +#else /* !HAVE_MD5_H */ #ifdef HAVE_BSD_MD5_H /* Try to avoid clashes with BSD MD5 implementation */ #include @@ -18,8 +26,9 @@ #define MD5Update(c,d,l) CC_MD5_Update(c,d,l) #define MD5Final(m, c) CC_MD5_Final((unsigned char *)m,c) #define MD5Context CC_MD5state_st +typedef struct MD5Context MD5_CTX; -#else +#else /* have nothing other, use Samba internal MD5 */ typedef struct MD5Context { uint32_t buf[4]; uint32_t bits[2]; @@ -32,8 +41,10 @@ void MD5Init(MD5_CTX *context); void MD5Update(MD5_CTX *context, const uint8_t *buf, size_t len); void MD5Final(uint8_t digest[MD5_DIGEST_LENGTH], MD5_CTX *context); -#endif /* HAVE_COMMONCRYPTO_COMMONDIGEST_H */ +#endif /* have nothing other, use Samba internal MD5 */ #endif /* HAVE_BSD_MD5_H */ +#endif /* HAVE_MD5_H */ + #endif /* !MD5_H */ diff --git a/lib/crypto/md5test.c b/lib/crypto/md5test.c index 38626c3..f58e131 100644 --- a/lib/crypto/md5test.c +++ b/lib/crypto/md5test.c @@ -65,7 +65,7 @@ bool torture_local_crypto_md5(struct torture_context *torture) }; for (i=0; i < ARRAY_SIZE(testarray); i++) { - struct MD5Context ctx; + MD5_CTX ctx; uint8_t md5[16]; int e; diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index dfbfdb3..28b46db 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -79,7 +79,7 @@ static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *cr { unsigned char zero[4], tmp[16]; HMACMD5Context ctx; - struct MD5Context md5; + MD5_CTX md5; ZERO_STRUCT(creds->session_key); diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index 37d5672..b1ca1ba 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -99,7 +99,7 @@ bool E_md4hash(const char *passwd, uint8_t p16[16]) void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_out[16]) { - struct MD5Context tctx; + MD5_CTX tctx; MD5Init(&tctx); MD5Update(&tctx, salt, 16); MD5Update(&tctx, nthash, 16); @@ -646,7 +646,7 @@ bool decode_pw_buffer(TALLOC_CTX *ctx, void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key) { - struct MD5Context tctx; + MD5_CTX tctx; unsigned char key_out[16]; /* Confounder is last 16 bytes. */ @@ -726,7 +726,7 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, struct wkssvc_PasswordBuffer **pwd_buf) { uint8_t buffer[516]; - struct MD5Context ctx; + MD5_CTX ctx; struct wkssvc_PasswordBuffer *my_pwd_buf = NULL; DATA_BLOB confounded_session_key; int confounder_len = 8; @@ -764,7 +764,7 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, char **pwd) { uint8_t buffer[516]; - struct MD5Context ctx; + MD5_CTX ctx; size_t pwd_len; DATA_BLOB confounded_session_key; diff --git a/libcli/drsuapi/repl_decrypt.c b/libcli/drsuapi/repl_decrypt.c index 6fff2fe..00b8db8 100644 --- a/libcli/drsuapi/repl_decrypt.c +++ b/libcli/drsuapi/repl_decrypt.c @@ -39,7 +39,7 @@ WERROR drsuapi_decrypt_attribute_value(TALLOC_CTX *mem_ctx, DATA_BLOB confounder; DATA_BLOB enc_buffer; - struct MD5Context md5; + MD5_CTX md5; uint8_t _enc_key[16]; DATA_BLOB enc_key; @@ -198,7 +198,7 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx, DATA_BLOB rid_crypt_out = data_blob(NULL, 0); DATA_BLOB confounder; - struct MD5Context md5; + MD5_CTX md5; uint8_t _enc_key[16]; DATA_BLOB enc_key; diff --git a/libcli/smb/smb_signing.c b/libcli/smb/smb_signing.c index a72760b..134b759 100644 --- a/libcli/smb/smb_signing.c +++ b/libcli/smb/smb_signing.c @@ -145,7 +145,7 @@ static void smb_signing_md5(const DATA_BLOB *mac_key, { const size_t offset_end_of_sig = (NBT_HDR_SIZE + HDR_SS_FIELD + 8); uint8_t sequence_buf[8]; - struct MD5Context md5_ctx; + MD5_CTX md5_ctx; /* * Firstly put the sequence number into the first 4 bytes. diff --git a/source3/configure.in b/source3/configure.in index bd21db9..afd1f32 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -611,20 +611,38 @@ AC_CHECK_HEADERS(langinfo.h locale.h) AC_CHECK_HEADERS(xfs/libxfs.h) AC_CHECK_HEADERS(netgroup.h) AC_CHECK_HEADERS(linux/falloc.h) +AC_CHECK_HEADERS(md5.h) AC_CHECK_HEADERS(CommonCrypto/CommonDigest.h) -AC_CHECK_HEADERS(rpcsvc/yp_prot.h,,,[[ -#if HAVE_RPC_RPC_H -#include -#endif -]]) -CRYPTO_MD5_OBJ= if test "x$ac_cv_header_CommonCrypto_CommonDigest_h" != "xyes" + dnl CommonCrypto/CommonDigest.h on MacOS + CRYPTO_MD5_OBJ= then + dnl check for OS implementation of md5 conformant to rfc1321 + if test x"$ac_cv_header_md5_h" = x"yes"; then + AC_DEFINE(HAVE_MD5_H, 1, + [Whether md5.h is available.]) + AC_CHECK_LIB(md5, MD5Update, + [ + LIBS="${LIBS} -lmd5" + CRYPTO_MD5_OBJ= + AC_DEFINE(HAVE_LIBMD5, 1, + [Whether libmd5 conformant to rfc1321 is available.])], + [ + CRYPTO_MD5_OBJ="../lib/crypto/md5.o"]) + else + dnl There is no rfc1321 md5.h nor CommonDigest.h library so we make the Samba one CRYPTO_MD5_OBJ="../lib/crypto/md5.o" + fi fi AC_SUBST(CRYPTO_MD5_OBJ) +AC_CHECK_HEADERS(rpcsvc/yp_prot.h,,,[[ +#if HAVE_RPC_RPC_H +#include +#endif +]]) + ## These fail to compile on IRIX so just check for their presence AC_CHECK_HEADERS(sys/mode.h,,,) diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index fb41c3c..9abd38f 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -537,7 +537,7 @@ noccache: return NT_STATUS_NO_MEMORY; } } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { - struct MD5Context md5_session_nonce_ctx; + MD5_CTX md5_session_nonce_ctx; uint8_t session_nonce[16]; uint8_t session_nonce_hash[16]; uint8_t user_session_key[16]; diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 291531e..e5ddc17 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -39,7 +39,7 @@ struct stream_io { static SMB_INO_T stream_inode(const SMB_STRUCT_STAT *sbuf, const char *sname) { - struct MD5Context ctx; + MD5_CTX ctx; unsigned char hash[16]; SMB_INO_T result; char *upper_sname; diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index e3bb301..7f1a229 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -34,7 +34,7 @@ void init_samr_CryptPasswordEx(const char *pwd, /* samr_CryptPasswordEx */ uchar pwbuf[532]; - struct MD5Context md5_ctx; + MD5_CTX md5_ctx; uint8_t confounder[16]; DATA_BLOB confounded_session_key = data_blob(NULL, 16); diff --git a/source3/web/swat.c b/source3/web/swat.c index 90e4af9..d60eca8 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -153,7 +153,7 @@ static char *make_parm_name(const char *label) void get_xsrf_token(const char *username, const char *pass, const char *formname, time_t xsrf_time, char token_str[33]) { - struct MD5Context md5_ctx; + MD5_CTX md5_ctx; uint8_t token[16]; int i; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 620de75..3254e1e 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1368,7 +1368,7 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io, } for (i=0; i < ARRAY_SIZE(wdigest); i++) { - struct MD5Context md5; + MD5_CTX md5; MD5Init(&md5); if (wdigest[i].nt4dom) { MD5Update(&md5, wdigest[i].nt4dom->data, wdigest[i].nt4dom->length); diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index 5d2f928..405efab 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -81,7 +81,7 @@ bool signing_good(struct smb_signing_context *sign_info, void sign_outgoing_message(struct smb_request_buffer *out, DATA_BLOB *mac_key, unsigned int seq_num) { uint8_t calc_md5_mac[16]; - struct MD5Context md5_ctx; + MD5_CTX md5_ctx; /* * Firstly put the sequence number into the first 4 bytes. @@ -116,7 +116,7 @@ bool check_signed_incoming_message(struct smb_request_buffer *in, DATA_BLOB *mac uint8_t calc_md5_mac[16]; uint8_t *server_sent_mac; uint8_t sequence_buf[8]; - struct MD5Context md5_ctx; + MD5_CTX md5_ctx; const size_t offset_end_of_sig = (HDR_SS_FIELD + 8); int i; const int sign_range = 0; diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index e1094f2..861d746 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -274,7 +274,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); uint8_t confounder[16]; - struct MD5Context md5; + MD5_CTX md5; if (r->samr_handle.in.info21) { return NT_STATUS_INVALID_PARAMETER_MIX; @@ -330,7 +330,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TA DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); uint8_t confounder[16]; - struct MD5Context md5; + MD5_CTX md5; if (!r->samr_handle.in.info21) { return NT_STATUS_INVALID_PARAMETER_MIX; diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c index c6d6056..0b994f3 100644 --- a/source4/ntp_signd/ntp_signd.c +++ b/source4/ntp_signd/ntp_signd.c @@ -109,7 +109,7 @@ static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn, enum ndr_err_code ndr_err; struct ldb_result *res; const char *attrs[] = { "unicodePwd", "userAccountControl", "cn", NULL }; - struct MD5Context ctx; + MD5_CTX ctx; struct samr_Password *nt_hash; uint32_t user_account_control; int ret; diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 8963b04..379c75d 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -548,7 +548,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, DATA_BLOB new_password; DATA_BLOB co_session_key; DATA_BLOB session_key = data_blob(NULL, 0); - struct MD5Context ctx; + MD5_CTX ctx; nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source4/torture/ntp/ntp_signd.c b/source4/torture/ntp/ntp_signd.c index ce49d4f..89eb1a0 100644 --- a/source4/torture/ntp/ntp_signd.c +++ b/source4/torture/ntp/ntp_signd.c @@ -78,7 +78,7 @@ static bool test_ntp_signd(struct torture_context *tctx, char *unix_address; int sys_errno; - struct MD5Context ctx; + MD5_CTX ctx; uint8_t sig[16]; enum ndr_err_code ndr_err; bool ok; diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 2a905ea..8fd9c4e 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -777,7 +777,7 @@ static bool join3(struct torture_context *tctx, DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc( mem_ctx, NULL, 16); - struct MD5Context ctx; + MD5_CTX ctx; uint8_t confounder[16]; ZERO_STRUCT(u_info); diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 640bd6a..207224a 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -1077,7 +1077,7 @@ static bool test_ntlm2(struct samlogon_state *samlogon_state, char **error_strin uint8_t session_nonce_hash[16]; uint8_t client_chall[8]; - struct MD5Context md5_session_nonce_ctx; + MD5_CTX md5_session_nonce_ctx; HMACMD5Context hmac_ctx; ZERO_STRUCT(user_session_key); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index a460211..fd372cf 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -772,7 +772,7 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; - struct MD5Context ctx; + MD5_CTX ctx; struct samr_GetUserPwInfo pwp; struct samr_PwInfo info; int policy_min_pw_len = 0; @@ -857,7 +857,7 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t bool ret = true; DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); - struct MD5Context ctx; + MD5_CTX ctx; uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; @@ -1141,7 +1141,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, bool ret = true; DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); - struct MD5Context ctx; + MD5_CTX ctx; uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; @@ -2459,7 +2459,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); uint8_t confounder[16]; - struct MD5Context ctx; + MD5_CTX ctx; bool ret = true; struct lsa_String server, account;