1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00

libcli:drsuapi: Use GnuTLS MD5 in drsuapi_encrypt_attribute_value()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2019-05-15 08:08:15 +02:00 committed by Andrew Bartlett
parent 54440f1b30
commit a6eeb49b39

View File

@ -25,7 +25,6 @@
#include "librpc/gen_ndr/ndr_misc.h"
#include "librpc/gen_ndr/ndr_drsuapi.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "../lib/crypto/md5.h"
#include "../lib/crypto/arcfour.h"
#include "zlib.h"
#include "../libcli/drsuapi/drsuapi.h"
@ -236,13 +235,15 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
DATA_BLOB rid_crypt_out = data_blob(NULL, 0);
DATA_BLOB confounder;
MD5_CTX md5;
gnutls_hash_hd_t hash_hnd = NULL;
uint8_t _enc_key[16];
DATA_BLOB enc_key;
DATA_BLOB enc_buffer;
uint32_t crc32_calc;
WERROR result;
int rc;
/*
* users with rid == 0 should not exist
@ -301,10 +302,26 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
* not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key!
*/
enc_key = data_blob_const(_enc_key, sizeof(_enc_key));
MD5Init(&md5);
MD5Update(&md5, gensec_skey->data, gensec_skey->length);
MD5Update(&md5, confounder.data, confounder.length);
MD5Final(enc_key.data, &md5);
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
if (rc < 0) {
result = WERR_NOT_ENOUGH_MEMORY;
goto out;
}
rc = gnutls_hash(hash_hnd, gensec_skey->data, gensec_skey->length);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
result = WERR_INTERNAL_ERROR;
goto out;
}
rc = gnutls_hash(hash_hnd, confounder.data, confounder.length);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
result = WERR_INTERNAL_ERROR;
goto out;
}
gnutls_hash_deinit(hash_hnd, enc_key.data);
/*
* the first 4 byte are the crc32 checksum
@ -323,9 +340,12 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
arcfour_crypt_blob(enc_buffer.data+16, enc_buffer.length-16, &enc_key);
*out = enc_buffer;
ZERO_ARRAY_LEN(enc_key.data, enc_key.length);
return WERR_OK;
*out = enc_buffer;
result = WERR_OK;
out:
return result;
}
/*