gssapi: SPNEGO does not reset NTLM RC4 state (#509)

2019-01-05 18:38:42 +11:00
parent 9750f2d915
commit 83d2951c0d
12 changed files with 132 additions and 23 deletions
--- a/lib/gssapi/ntlm/crypto.c
+++ b/lib/gssapi/ntlm/crypto.c
@@ -115,6 +115,37 @@ _gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign,
 	key->signsealkey = &key->sealkey;
 }

+/*
+ * Set (or reset) keys
+ */
+
+void
+_gss_ntlm_set_keys(ntlm_ctx ctx)
+{
+    if (ctx->sessionkey.length == 0)
+	return;
+
+    ctx->status |= STATUS_SESSIONKEY;
+
+    if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
+	_gss_ntlm_set_key(&ctx->u.v2.send, 1,
+			  (ctx->flags & NTLM_NEG_KEYEX),
+			  ctx->sessionkey.data,
+			  ctx->sessionkey.length);
+	_gss_ntlm_set_key(&ctx->u.v2.recv, 0,
+			  (ctx->flags & NTLM_NEG_KEYEX),
+			  ctx->sessionkey.data,
+			  ctx->sessionkey.length);
+    } else {
+	RC4_set_key(&ctx->u.v1.crypto_send.key,
+		    ctx->sessionkey.length,
+		    ctx->sessionkey.data);
+	RC4_set_key(&ctx->u.v1.crypto_recv.key,
+		    ctx->sessionkey.length,
+		    ctx->sessionkey.data);
+    }
+}
+
 /*
 *
 */