mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
libcli:drsuapi: Use GnuTLS MD5 in drsuapi_encrypt_attribute_value()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
54440f1b30
commit
a6eeb49b39
@ -25,7 +25,6 @@
|
||||
#include "librpc/gen_ndr/ndr_misc.h"
|
||||
#include "librpc/gen_ndr/ndr_drsuapi.h"
|
||||
#include "librpc/gen_ndr/ndr_drsblobs.h"
|
||||
#include "../lib/crypto/md5.h"
|
||||
#include "../lib/crypto/arcfour.h"
|
||||
#include "zlib.h"
|
||||
#include "../libcli/drsuapi/drsuapi.h"
|
||||
@ -236,13 +235,15 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB rid_crypt_out = data_blob(NULL, 0);
|
||||
DATA_BLOB confounder;
|
||||
|
||||
MD5_CTX md5;
|
||||
gnutls_hash_hd_t hash_hnd = NULL;
|
||||
uint8_t _enc_key[16];
|
||||
DATA_BLOB enc_key;
|
||||
|
||||
DATA_BLOB enc_buffer;
|
||||
|
||||
uint32_t crc32_calc;
|
||||
WERROR result;
|
||||
int rc;
|
||||
|
||||
/*
|
||||
* users with rid == 0 should not exist
|
||||
@ -301,10 +302,26 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
||||
* not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key!
|
||||
*/
|
||||
enc_key = data_blob_const(_enc_key, sizeof(_enc_key));
|
||||
MD5Init(&md5);
|
||||
MD5Update(&md5, gensec_skey->data, gensec_skey->length);
|
||||
MD5Update(&md5, confounder.data, confounder.length);
|
||||
MD5Final(enc_key.data, &md5);
|
||||
|
||||
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
||||
if (rc < 0) {
|
||||
result = WERR_NOT_ENOUGH_MEMORY;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rc = gnutls_hash(hash_hnd, gensec_skey->data, gensec_skey->length);
|
||||
if (rc < 0) {
|
||||
gnutls_hash_deinit(hash_hnd, NULL);
|
||||
result = WERR_INTERNAL_ERROR;
|
||||
goto out;
|
||||
}
|
||||
rc = gnutls_hash(hash_hnd, confounder.data, confounder.length);
|
||||
if (rc < 0) {
|
||||
gnutls_hash_deinit(hash_hnd, NULL);
|
||||
result = WERR_INTERNAL_ERROR;
|
||||
goto out;
|
||||
}
|
||||
gnutls_hash_deinit(hash_hnd, enc_key.data);
|
||||
|
||||
/*
|
||||
* the first 4 byte are the crc32 checksum
|
||||
@ -323,9 +340,12 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
|
||||
|
||||
arcfour_crypt_blob(enc_buffer.data+16, enc_buffer.length-16, &enc_key);
|
||||
|
||||
*out = enc_buffer;
|
||||
ZERO_ARRAY_LEN(enc_key.data, enc_key.length);
|
||||
|
||||
return WERR_OK;
|
||||
*out = enc_buffer;
|
||||
result = WERR_OK;
|
||||
out:
|
||||
return result;
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user