diff options
| author | Simo Sorce <simo@redhat.com> | 2014-08-06 21:40:32 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-08-06 23:59:38 -0400 |
| commit | 9183a98c62ca9669937b6e4c61ed58c81b4eead6 (patch) | |
| tree | d77f82ed93e588bfd2f2414c98bf1e8d09fd8f06 /src/gss_signseal.c | |
| parent | a3e554fbf28fbf0c67d4511dec809069feed6d3b (diff) | |
| download | gss-ntlmssp-9183a98c62ca9669937b6e4c61ed58c81b4eead6.tar.gz gss-ntlmssp-9183a98c62ca9669937b6e4c61ed58c81b4eead6.tar.xz gss-ntlmssp-9183a98c62ca9669937b6e4c61ed58c81b4eead6.zip | |
Internalize extended security and datagram status
Move handling of datagram status with ntlm_crypto routines, this
way ntlm_seal_regen becomes an internal detail.
Also better separate exended security and legacy sign/seal crypto
state generation and general handling in sign/seal functions
Diffstat (limited to 'src/gss_signseal.c')
| -rw-r--r-- | src/gss_signseal.c | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/src/gss_signseal.c b/src/gss_signseal.c index 7513c74..7a7a673 100644 --- a/src/gss_signseal.c +++ b/src/gss_signseal.c @@ -48,15 +48,6 @@ uint32_t gssntlm_get_mic(uint32_t *minor_status, return GSS_S_CALL_INACCESSIBLE_READ; } - if (ctx->gss_flags & GSS_C_DATAGRAM_FLAG) { - /* must regenerate seal key */ - retmin = ntlm_seal_regen(&ctx->crypto_state, NTLM_SEND); - if (retmin) { - *minor_status = retmin; - return GSS_S_FAILURE; - } - } - message_token->value = malloc(NTLM_SIGNATURE_SIZE); if (!message_token->value) { *minor_status = ENOMEM; @@ -77,11 +68,6 @@ uint32_t gssntlm_get_mic(uint32_t *minor_status, return GSS_S_FAILURE; } - if (!(ctx->gss_flags & GSS_C_DATAGRAM_FLAG)) { - /* increment seq_num upon succesful signature */ - ctx->crypto_state.send.seq_num++; - } - return GSS_S_COMPLETE; } @@ -111,15 +97,6 @@ uint32_t gssntlm_verify_mic(uint32_t *minor_status, *qop_state = GSS_C_QOP_DEFAULT; } - if (ctx->gss_flags & GSS_C_DATAGRAM_FLAG) { - /* must regenerate seal key */ - retmin = ntlm_seal_regen(&ctx->crypto_state, NTLM_RECV); - if (retmin) { - *minor_status = retmin; - return GSS_S_FAILURE; - } - } - message.data = message_buffer->value; message.length = message_buffer->length; retmin = ntlm_sign(ctx->neg_flags, NTLM_RECV, @@ -135,11 +112,6 @@ uint32_t gssntlm_verify_mic(uint32_t *minor_status, return GSS_S_BAD_SIG; } - if (!(ctx->gss_flags & GSS_C_DATAGRAM_FLAG)) { - /* increment seq_num upon succesful signature */ - ctx->crypto_state.recv.seq_num++; - } - return GSS_S_COMPLETE; } @@ -178,15 +150,6 @@ uint32_t gssntlm_wrap(uint32_t *minor_status, /* ignore, always seal */ } - if (ctx->gss_flags & GSS_C_DATAGRAM_FLAG) { - /* must regenerate seal key */ - retmin = ntlm_seal_regen(&ctx->crypto_state, NTLM_SEND); - if (retmin) { - *minor_status = retmin; - return GSS_S_FAILURE; - } - } - output_message_buffer->length = input_message_buffer->length + NTLM_SIGNATURE_SIZE; output_message_buffer->value = malloc(output_message_buffer->length); @@ -209,10 +172,6 @@ uint32_t gssntlm_wrap(uint32_t *minor_status, return GSS_S_FAILURE; } - if (!(ctx->gss_flags & GSS_C_DATAGRAM_FLAG)) { - /* increment seq_num upon succesful encryption */ - ctx->crypto_state.send.seq_num++; - } return GSS_S_COMPLETE; } @@ -247,15 +206,6 @@ uint32_t gssntlm_unwrap(uint32_t *minor_status, *qop_state = GSS_C_QOP_DEFAULT; } - if (ctx->gss_flags & GSS_C_DATAGRAM_FLAG) { - /* must regenerate seal key */ - retmin = ntlm_seal_regen(&ctx->crypto_state, NTLM_RECV); - if (retmin) { - *minor_status = retmin; - return GSS_S_FAILURE; - } - } - output_message_buffer->length = input_message_buffer->length - NTLM_SIGNATURE_SIZE; output_message_buffer->value = malloc(output_message_buffer->length); @@ -282,10 +232,6 @@ uint32_t gssntlm_unwrap(uint32_t *minor_status, return GSS_S_BAD_SIG; } - if (!(ctx->gss_flags & GSS_C_DATAGRAM_FLAG)) { - /* increment seq_num upon succesful encryption */ - ctx->crypto_state.recv.seq_num++; - } return GSS_S_COMPLETE; } |