From dc682769c438aff0b785b32ce378104ca999f7e1 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 16 Jan 2023 19:11:03 +1100 Subject: [PATCH] gss: use mechglue instead of gssntlm encoders Replace calls to {en,de}code...() with mechglue equivalents. --- lib/gssapi/ntlm/crypto.c | 55 +++++++++++++--------------------------- lib/gssapi/ntlm/ntlm.h | 1 + 2 files changed, 18 insertions(+), 38 deletions(-) diff --git a/lib/gssapi/ntlm/crypto.c b/lib/gssapi/ntlm/crypto.c index d1a115ff8..d2cfddf6d 100644 --- a/lib/gssapi/ntlm/crypto.c +++ b/lib/gssapi/ntlm/crypto.c @@ -44,27 +44,6 @@ struct _krb5_encryption_type; struct _krb5_key_type; #include "krb5_locl.h" -/* - * - */ - -static void -encode_le_uint32(uint32_t n, unsigned char *p) -{ - p[0] = (n >> 0) & 0xFF; - p[1] = (n >> 8) & 0xFF; - p[2] = (n >> 16) & 0xFF; - p[3] = (n >> 24) & 0xFF; -} - - -static void -decode_le_uint32(const void *ptr, uint32_t *n) -{ - const unsigned char *p = ptr; - *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); -} - /* * */ @@ -168,11 +147,11 @@ v1_sign_message(gss_buffer_t in, _krb5_crc_init_table(); crc = _krb5_crc_update(in->value, in->length, 0); - encode_le_uint32(0, &sigature[0]); - encode_le_uint32(crc, &sigature[4]); - encode_le_uint32(seq, &sigature[8]); + _gss_mg_encode_le_uint32(0, &sigature[0]); + _gss_mg_encode_le_uint32(crc, &sigature[4]); + _gss_mg_encode_le_uint32(seq, &sigature[8]); - encode_le_uint32(1, out); /* version */ + _gss_mg_encode_le_uint32(1, out); /* version */ RC4(signkey, sizeof(sigature), sigature, out + 4); if (RAND_bytes(out + 4, 4) != 1) @@ -199,13 +178,13 @@ v2_sign_message(gss_buffer_t in, return GSS_S_FAILURE; } - encode_le_uint32(seq, hmac); + _gss_mg_encode_le_uint32(seq, hmac); HMAC_Update(&c, hmac, 4); HMAC_Update(&c, in->value, in->length); HMAC_Final(&c, hmac, &hmaclen); HMAC_CTX_cleanup(&c); - encode_le_uint32(1, &out[0]); + _gss_mg_encode_le_uint32(1, &out[0]); if (sealkey) RC4(sealkey, 8, hmac, &out[4]); else @@ -365,10 +344,10 @@ _gss_ntlm_get_mic sigature = message_token->value; - encode_le_uint32(1, &sigature[0]); /* version */ - encode_le_uint32(0, &sigature[4]); - encode_le_uint32(0, &sigature[8]); - encode_le_uint32(0, &sigature[12]); + _gss_mg_encode_le_uint32(1, &sigature[0]); /* version */ + _gss_mg_encode_le_uint32(0, &sigature[4]); + _gss_mg_encode_le_uint32(0, &sigature[8]); + _gss_mg_encode_le_uint32(0, &sigature[12]); return GSS_S_COMPLETE; } @@ -422,7 +401,7 @@ _gss_ntlm_verify_mic if ((ctx->status & STATUS_SESSIONKEY) == 0) return GSS_S_UNAVAILABLE; - decode_le_uint32(token_buffer->value, &num); + _gss_mg_decode_le_uint32(token_buffer->value, &num); if (num != 1) return GSS_S_BAD_MIC; @@ -433,10 +412,10 @@ _gss_ntlm_verify_mic crc = _krb5_crc_update(message_buffer->value, message_buffer->length, 0); /* skip first 4 bytes in the encrypted checksum */ - decode_le_uint32(&sigature[4], &num); + _gss_mg_decode_le_uint32(&sigature[4], &num); if (num != crc) return GSS_S_BAD_MIC; - decode_le_uint32(&sigature[8], &num); + _gss_mg_decode_le_uint32(&sigature[8], &num); if (ctx->u.v1.crypto_recv.seq != num) return GSS_S_BAD_MIC; ctx->u.v1.crypto_recv.seq++; @@ -448,13 +427,13 @@ _gss_ntlm_verify_mic p = (unsigned char*)(token_buffer->value); - decode_le_uint32(&p[0], &num); /* version */ + _gss_mg_decode_le_uint32(&p[0], &num); /* version */ if (num != 1) return GSS_S_BAD_MIC; - decode_le_uint32(&p[4], &num); + _gss_mg_decode_le_uint32(&p[4], &num); if (num != 0) return GSS_S_BAD_MIC; - decode_le_uint32(&p[8], &num); + _gss_mg_decode_le_uint32(&p[8], &num); if (num != 0) return GSS_S_BAD_MIC; - decode_le_uint32(&p[12], &num); + _gss_mg_decode_le_uint32(&p[12], &num); if (num != 0) return GSS_S_BAD_MIC; return GSS_S_COMPLETE; diff --git a/lib/gssapi/ntlm/ntlm.h b/lib/gssapi/ntlm/ntlm.h index a0ad81584..7b16aa21d 100644 --- a/lib/gssapi/ntlm/ntlm.h +++ b/lib/gssapi/ntlm/ntlm.h @@ -50,6 +50,7 @@ #include #include #include +#include #include #include