From 232c3b6f800f41e759d9e67718097c84f80cd967 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 11 Jun 2019 12:13:50 +0200
Subject: auth:gensec: Use gnutls_error_to_ntstatus() in schannel

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 auth/gensec/schannel.c | 39 ++++++++++++++-------------------------
 1 file changed, 14 insertions(+), 25 deletions(-)

(limited to 'auth')

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index c6085dd0ade..d0febc7dc9c 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -36,6 +36,7 @@
 #include "lib/crypto/crypto.h"
 #include "libds/common/roles.h"
 
+#include "libcli/util/gnutls_error.h"
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 
@@ -168,10 +169,7 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
 				      sizeof(zeros),
 				      digest1);
 		if (rc < 0) {
-			if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
-				return NT_STATUS_HMAC_NOT_SUPPORTED;
-			}
-			return NT_STATUS_INTERNAL_ERROR;
+			return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 		}
 
 		rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
@@ -181,10 +179,7 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
 				      checksum_length,
 				      sequence_key);
 		if (rc < 0) {
-			if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
-				return NT_STATUS_HMAC_NOT_SUPPORTED;
-			}
-			return NT_STATUS_INTERNAL_ERROR;
+			return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 		}
 
 		ZERO_ARRAY(digest1);
@@ -299,12 +294,12 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
 			rc = gnutls_hmac(hmac_hnd, header, 8);
 			if (rc < 0) {
 				gnutls_hmac_deinit(hmac_hnd, NULL);
-				return NT_STATUS_INTERNAL_ERROR;
+				return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 			}
 			rc = gnutls_hmac(hmac_hnd, confounder, 8);
 			if (rc < 0) {
 				gnutls_hmac_deinit(hmac_hnd, NULL);
-				return NT_STATUS_INTERNAL_ERROR;
+				return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 			}
 		} else {
 			SSVAL(header, 0, NL_SIGN_HMAC_SHA256);
@@ -315,14 +310,14 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
 			rc = gnutls_hmac(hmac_hnd, header, 8);
 			if (rc < 0) {
 				gnutls_hmac_deinit(hmac_hnd, NULL);
-				return NT_STATUS_INTERNAL_ERROR;
+				return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 			}
 		}
 
 		rc = gnutls_hmac(hmac_hnd, data, length);
 		if (rc < 0) {
 			gnutls_hmac_deinit(hmac_hnd, NULL);
-			return NT_STATUS_INTERNAL_ERROR;
+			return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 		}
 
 		gnutls_hmac_deinit(hmac_hnd, checksum);
@@ -334,16 +329,13 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
 
 		rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
 		if (rc < 0) {
-			if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
-				return NT_STATUS_HASH_NOT_SUPPORTED;
-			}
-			return NT_STATUS_NO_MEMORY;
+			return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 		}
 
 		rc = gnutls_hash(hash_hnd, zeros, sizeof(zeros));
 		if (rc < 0) {
 			gnutls_hash_deinit(hash_hnd, NULL);
-			return NT_STATUS_INTERNAL_ERROR;
+			return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 		}
 		if (confounder) {
 			SSVAL(header, 0, NL_SIGN_HMAC_MD5);
@@ -354,12 +346,12 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
 			rc = gnutls_hash(hash_hnd, header, 8);
 			if (rc < 0) {
 				gnutls_hash_deinit(hash_hnd, NULL);
-				return NT_STATUS_INTERNAL_ERROR;
+				return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 			}
 			rc = gnutls_hash(hash_hnd, confounder, 8);
 			if (rc < 0) {
 				gnutls_hash_deinit(hash_hnd, NULL);
-				return NT_STATUS_INTERNAL_ERROR;
+				return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 			}
 		} else {
 			SSVAL(header, 0, NL_SIGN_HMAC_MD5);
@@ -370,13 +362,13 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
 			rc = gnutls_hash(hash_hnd, header, 8);
 			if (rc < 0) {
 				gnutls_hash_deinit(hash_hnd, NULL);
-				return NT_STATUS_INTERNAL_ERROR;
+				return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 			}
 		}
 		rc = gnutls_hash(hash_hnd, data, length);
 		if (rc < 0) {
 			gnutls_hash_deinit(hash_hnd, NULL);
-			return NT_STATUS_INTERNAL_ERROR;
+			return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 		}
 		gnutls_hash_deinit(hash_hnd, packet_digest);
 
@@ -388,10 +380,7 @@ static NTSTATUS netsec_do_sign(struct schannel_state *state,
 				      checksum);
 		ZERO_ARRAY(packet_digest);
 		if (rc < 0) {
-			if (rc == GNUTLS_E_UNWANTED_ALGORITHM) {
-				return NT_STATUS_HASH_NOT_SUPPORTED;
-			}
-			return NT_STATUS_INTERNAL_ERROR;
+			return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 		}
 	}
 
-- 
cgit v1.2.1