oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: unconditionally set certain flags in SAnon ISC

Browse Source 
SAnon unconditionally sets the replay, sequence, confidentiality, and integrity
flags on the acceptor; do so on the initiator as well. Some indentation
cleanups are also included in this commit.
This commit is contained in:
Luke Howard
2020-04-28 07:38:31 +10:00
parent f88526ae78
commit 0d3682e6a8
2 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/gssapi/sanon/accept_sec_context.c
View File

@@ -113,10 +113,11 @@ _gss_sanon_accept_sec_context(OM_uint32 *minor,
if (major != GSS_S_COMPLETE)
goto out;
req_flags &= SANON_PROTOCOL_FLAG_MASK; /* do not let initiator set any other flags */
/* do not let initiator set any other flags */
req_flags &= SANON_PROTOCOL_FLAG_MASK;
req_flags |= GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG | GSS_C_TRANS_FLAG;
GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG | GSS_C_TRANS_FLAG;
major = _gss_sanon_import_rfc4121_context(minor, sc, req_flags, &session_key);
if (major != GSS_S_COMPLETE)

18
lib/gssapi/sanon/init_sec_context.c
View File

@@ -87,7 +87,7 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
gss_buffer_desc mech_token = GSS_C_EMPTY_BUFFER;
OM_uint32 major, tmp;
sanon_ctx sc = (sanon_ctx)*context_handle;
OM_uint32 flags = 0;
OM_uint32 flags;
gss_buffer_desc session_key = GSS_C_EMPTY_BUFFER;
*minor = 0;
@@ -98,10 +98,11 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
goto out;
}
flags |= GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
GSS_C_INTEG_FLAG | SANON_PROTOCOL_FLAG_MASK; /* supported flags */
flags &= req_flags;
flags |= GSS_C_ANON_FLAG; /* always set this flag */
/* we always support the following flags */
flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG;
/* we support the following optional flags */
flags |= req_flags & SANON_PROTOCOL_FLAG_MASK;
if (sc == NULL) {
uint8_t pk_and_flags[crypto_scalarmult_curve25519_BYTES + 8];
@@ -125,10 +126,10 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
if (major != GSS_S_COMPLETE)
goto out;
if (req_flags & SANON_PROTOCOL_FLAG_MASK) {
if (flags & SANON_PROTOCOL_FLAG_MASK) {
memcpy(pk_and_flags, sc->pk, sizeof(sc->pk));
_gss_mg_encode_be_uint32(0, &pk_and_flags[sizeof(sc->pk)]);
_gss_mg_encode_be_uint32(req_flags & SANON_PROTOCOL_FLAG_MASK,
_gss_mg_encode_be_uint32(flags & SANON_PROTOCOL_FLAG_MASK,
&pk_and_flags[sizeof(sc->pk) + 4]);
mech_token.length = sizeof(pk_and_flags);
mech_token.value = pk_and_flags;
@@ -163,7 +164,8 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
pk.value = input_token->value;
/* compute shared secret */
major = _gss_sanon_curve25519(minor, sc, &pk, flags & SANON_PROTOCOL_FLAG_MASK,
major = _gss_sanon_curve25519(minor, sc, &pk,
flags & SANON_PROTOCOL_FLAG_MASK,
input_chan_bindings, &session_key);
if (major != GSS_S_COMPLETE)
goto out;