diff --git a/libcli/drsuapi/repl_decrypt.c b/libcli/drsuapi/repl_decrypt.c index 2742c007466..54d28885342 100644 --- a/libcli/drsuapi/repl_decrypt.c +++ b/libcli/drsuapi/repl_decrypt.c @@ -25,7 +25,6 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_drsuapi.h" #include "librpc/gen_ndr/ndr_drsblobs.h" -#include "../lib/crypto/md5.h" #include "../lib/crypto/arcfour.h" #include "zlib.h" #include "../libcli/drsuapi/drsuapi.h" @@ -236,13 +235,15 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx, DATA_BLOB rid_crypt_out = data_blob(NULL, 0); DATA_BLOB confounder; - MD5_CTX md5; + gnutls_hash_hd_t hash_hnd = NULL; uint8_t _enc_key[16]; DATA_BLOB enc_key; DATA_BLOB enc_buffer; uint32_t crc32_calc; + WERROR result; + int rc; /* * users with rid == 0 should not exist @@ -301,10 +302,26 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx, * not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key! */ enc_key = data_blob_const(_enc_key, sizeof(_enc_key)); - MD5Init(&md5); - MD5Update(&md5, gensec_skey->data, gensec_skey->length); - MD5Update(&md5, confounder.data, confounder.length); - MD5Final(enc_key.data, &md5); + + rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + if (rc < 0) { + result = WERR_NOT_ENOUGH_MEMORY; + goto out; + } + + rc = gnutls_hash(hash_hnd, gensec_skey->data, gensec_skey->length); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + result = WERR_INTERNAL_ERROR; + goto out; + } + rc = gnutls_hash(hash_hnd, confounder.data, confounder.length); + if (rc < 0) { + gnutls_hash_deinit(hash_hnd, NULL); + result = WERR_INTERNAL_ERROR; + goto out; + } + gnutls_hash_deinit(hash_hnd, enc_key.data); /* * the first 4 byte are the crc32 checksum @@ -323,9 +340,12 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx, arcfour_crypt_blob(enc_buffer.data+16, enc_buffer.length-16, &enc_key); - *out = enc_buffer; + ZERO_ARRAY_LEN(enc_key.data, enc_key.length); - return WERR_OK; + *out = enc_buffer; + result = WERR_OK; +out: + return result; } /*