diff options
author | Andreas Schneider <asn@samba.org> | 2019-04-11 10:29:04 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-05-21 00:03:21 +0000 |
commit | 5a0516bee9eede1398e03af9ffdd556f4612875d (patch) | |
tree | a59c8b8c15db5199a2528a830079a94ef7014373 /libcli | |
parent | 39a665464fe2fafd6b567ffd5b60aea00efd0076 (diff) | |
download | samba-5a0516bee9eede1398e03af9ffdd556f4612875d.tar.gz |
libcli:smb: Return NTSTATUS for smb_key_derivation()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/smb/smbXcli_base.c | 11 | ||||
-rw-r--r-- | libcli/smb/smb_signing.c | 26 | ||||
-rw-r--r-- | libcli/smb/smb_signing.h | 5 |
3 files changed, 29 insertions, 13 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 65381a1b9ce..a82146a60f4 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -5793,6 +5793,8 @@ NTSTATUS smb1cli_session_set_session_key(struct smbXcli_session *session, NTSTATUS smb1cli_session_protect_session_key(struct smbXcli_session *session) { + NTSTATUS status; + if (session->smb1.protected_key) { /* already protected */ return NT_STATUS_OK; @@ -5802,9 +5804,12 @@ NTSTATUS smb1cli_session_protect_session_key(struct smbXcli_session *session) return NT_STATUS_INVALID_PARAMETER_MIX; } - smb_key_derivation(session->smb1.application_key.data, - session->smb1.application_key.length, - session->smb1.application_key.data); + status = smb_key_derivation(session->smb1.application_key.data, + session->smb1.application_key.length, + session->smb1.application_key.data); + if (!NT_STATUS_IS_OK(status)) { + return status; + } session->smb1.protected_key = true; diff --git a/libcli/smb/smb_signing.c b/libcli/smb/smb_signing.c index 89b57b58f40..5783c9da715 100644 --- a/libcli/smb/smb_signing.c +++ b/libcli/smb/smb_signing.c @@ -506,9 +506,11 @@ bool smb_signing_is_negotiated(struct smb_signing_state *si) return si->negotiated; } -void smb_key_derivation(const uint8_t *KI, size_t KI_len, - uint8_t KO[16]) +NTSTATUS smb_key_derivation(const uint8_t *KI, + size_t KI_len, + uint8_t KO[16]) { + int rc; static const uint8_t SSKeyHash[256] = { 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, @@ -545,10 +547,18 @@ void smb_key_derivation(const uint8_t *KI, size_t KI_len, }; /* The callers passing down KI_len of 16 so no need to limit to 64 */ - gnutls_hmac_fast(GNUTLS_MAC_MD5, - KI, - KI_len, - SSKeyHash, - sizeof(SSKeyHash), - KO); + rc = gnutls_hmac_fast(GNUTLS_MAC_MD5, + KI, + KI_len, + SSKeyHash, + sizeof(SSKeyHash), + KO); + if (rc < 0) { + if (rc == GNUTLS_E_UNWANTED_ALGORITHM) { + return NT_STATUS_HASH_NOT_SUPPORTED; + } + return NT_STATUS_INTERNAL_ERROR; + } + + return NT_STATUS_OK; } diff --git a/libcli/smb/smb_signing.h b/libcli/smb/smb_signing.h index 094b860a44e..66cf40e4065 100644 --- a/libcli/smb/smb_signing.h +++ b/libcli/smb/smb_signing.h @@ -52,7 +52,8 @@ bool smb_signing_is_mandatory(struct smb_signing_state *si); bool smb_signing_set_negotiated(struct smb_signing_state *si, bool allowed, bool mandatory); bool smb_signing_is_negotiated(struct smb_signing_state *si); -void smb_key_derivation(const uint8_t *KI, size_t KI_len, - uint8_t KO[16]); +NTSTATUS smb_key_derivation(const uint8_t *KI, + size_t KI_len, + uint8_t KO[16]); #endif /* _SMB_SIGNING_H_ */ |