summaryrefslogtreecommitdiff
path: root/auth
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2019-06-11 12:13:50 +0200
committerAndreas Schneider <asn@cryptomilk.org>2019-06-24 06:11:16 +0000
commit232c3b6f800f41e759d9e67718097c84f80cd967 (patch)
tree91b5a4e204d111a9dc0ec5dbf26e8ba9ac7cb482 /auth
parente24a238ab9a5db049f11777c1063d1172b72bc85 (diff)
downloadsamba-232c3b6f800f41e759d9e67718097c84f80cd967.tar.gz
auth:gensec: Use gnutls_error_to_ntstatus() in schannel
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r--auth/gensec/schannel.c39
1 files changed, 14 insertions, 25 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index c6085dd0ade..d0febc7dc9c 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -36,6 +36,7 @@
#include "lib/crypto/crypto.h"
#include "libds/common/roles.h"
+#include "libcli/util/gnutls_error.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -168,10 +169,7 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
sizeof(zeros),
digest1);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_HMAC_NOT_SUPPORTED;
- }
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
@@ -181,10 +179,7 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
checksum_length,
sequence_key);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_HMAC_NOT_SUPPORTED;
- }
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
ZERO_ARRAY(digest1);
@@ -299,12 +294,12 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
rc = gnutls_hmac(hmac_hnd, header, 8);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hmac(hmac_hnd, confounder, 8);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
} else {
SSVAL(header, 0, NL_SIGN_HMAC_SHA256);
@@ -315,14 +310,14 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
rc = gnutls_hmac(hmac_hnd, header, 8);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
}
rc = gnutls_hmac(hmac_hnd, data, length);
if (rc < 0) {
gnutls_hmac_deinit(hmac_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
gnutls_hmac_deinit(hmac_hnd, checksum);
@@ -334,16 +329,13 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_HASH_NOT_SUPPORTED;
- }
- return NT_STATUS_NO_MEMORY;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hash(hash_hnd, zeros, sizeof(zeros));
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
if (confounder) {
SSVAL(header, 0, NL_SIGN_HMAC_MD5);
@@ -354,12 +346,12 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
rc = gnutls_hash(hash_hnd, header, 8);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
rc = gnutls_hash(hash_hnd, confounder, 8);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
} else {
SSVAL(header, 0, NL_SIGN_HMAC_MD5);
@@ -370,13 +362,13 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
rc = gnutls_hash(hash_hnd, header, 8);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
}
rc = gnutls_hash(hash_hnd, data, length);
if (rc < 0) {
gnutls_hash_deinit(hash_hnd, NULL);
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
gnutls_hash_deinit(hash_hnd, packet_digest);
@@ -388,10 +380,7 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
checksum);
ZERO_ARRAY(packet_digest);
if (rc < 0) {
- if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
- return NT_STATUS_HASH_NOT_SUPPORTED;
- }
- return NT_STATUS_INTERNAL_ERROR;
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
}