auth/gensec: fix non-AES schannel seal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14134 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Günther Deschner <gd@samba.org> 2019-09-20 18:32:43 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2019-10-07 08:13:44 +0000
commit: 709d54d68a9c2cb3cda91d9ab63228a7adbaceb4 (patch)
tree: cb0717c12a4789b7230afcf45d0da72859dd7a47 /auth
parent: 7eae4280d23404be7d27f65a0c817bea2e0084b6 (diff)
download: samba-709d54d68a9c2cb3cda91d9ab63228a7adbaceb4.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 18ed92b703b..b5e6289ef3f 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -419,6 +419,15 @@ static NTSTATUS netsec_do_seal(struct schannel_state *state,
 			ZERO_ARRAY(_sealing_key);
 			return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
 		}
+		gnutls_cipher_deinit(cipher_hnd);
+		rc = gnutls_cipher_init(&cipher_hnd,
+					GNUTLS_CIPHER_ARCFOUR_128,
+					&sealing_key,
+					NULL);
+		if (rc < 0) {
+			ZERO_ARRAY(_sealing_key);
+			return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
+		}
 		rc = gnutls_cipher_encrypt(cipher_hnd,
 					   data,
 					   length);
author	Günther Deschner <gd@samba.org>	2019-09-20 18:32:43 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2019-10-07 08:13:44 +0000
commit	709d54d68a9c2cb3cda91d9ab63228a7adbaceb4 (patch)
tree	cb0717c12a4789b7230afcf45d0da72859dd7a47 /auth
parent	7eae4280d23404be7d27f65a0c817bea2e0084b6 (diff)
download	samba-709d54d68a9c2cb3cda91d9ab63228a7adbaceb4.tar.gz