libcli:drsuapi: Use GnuTLS MD5 in drsuapi_encrypt_attribute_value()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/drsuapi/repl_decrypt.c b/libcli/drsuapi/repl_decrypt.c
index 2742c0074668407925fb4d38c617b32d04a9bc86..54d288853423420c802610b64e1e212f9d13b245 100644 (file)
--- a/libcli/drsuapi/repl_decrypt.c
+++ b/libcli/drsuapi/repl_decrypt.c
@@ -25,7 +25,6 @@
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "librpc/gen_ndr/ndr_drsuapi.h"
 #include "librpc/gen_ndr/ndr_drsblobs.h"
-#include "../lib/crypto/md5.h"
 #include "../lib/crypto/arcfour.h"
 #include "zlib.h"
 #include "../libcli/drsuapi/drsuapi.h"
@@ -236,13 +235,15 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
        DATA_BLOB rid_crypt_out = data_blob(NULL, 0);
        DATA_BLOB confounder;
 
-       MD5_CTX md5;
+       gnutls_hash_hd_t hash_hnd = NULL;
        uint8_t _enc_key[16];
        DATA_BLOB enc_key;
 
        DATA_BLOB enc_buffer;
 
        uint32_t crc32_calc;
+       WERROR result;
+       int rc;
 
        /*
         * users with rid == 0 should not exist
@@ -301,10 +302,26 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
         * not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key!
         */
        enc_key = data_blob_const(_enc_key, sizeof(_enc_key));
-       MD5Init(&md5);
-       MD5Update(&md5, gensec_skey->data, gensec_skey->length);
-       MD5Update(&md5, confounder.data, confounder.length);
-       MD5Final(enc_key.data, &md5);
+
+       rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+       if (rc < 0) {
+               result = WERR_NOT_ENOUGH_MEMORY;
+               goto out;
+       }
+
+       rc = gnutls_hash(hash_hnd, gensec_skey->data, gensec_skey->length);
+       if (rc < 0) {
+               gnutls_hash_deinit(hash_hnd, NULL);
+               result = WERR_INTERNAL_ERROR;
+               goto out;
+       }
+       rc = gnutls_hash(hash_hnd, confounder.data, confounder.length);
+       if (rc < 0) {
+               gnutls_hash_deinit(hash_hnd, NULL);
+               result = WERR_INTERNAL_ERROR;
+               goto out;
+       }
+       gnutls_hash_deinit(hash_hnd, enc_key.data);
 
        /* 
         * the first 4 byte are the crc32 checksum
@@ -323,9 +340,12 @@ static WERROR drsuapi_encrypt_attribute_value(TALLOC_CTX *mem_ctx,
 
        arcfour_crypt_blob(enc_buffer.data+16, enc_buffer.length-16, &enc_key);
 
-       *out = enc_buffer;
+       ZERO_ARRAY_LEN(enc_key.data, enc_key.length);
 
-       return WERR_OK;
+       *out = enc_buffer;
+       result =  WERR_OK;
+out:
+       return result;
 }
 
 /*