diff options
Diffstat (limited to 'crypto/heimdal/lib/gssapi/ntlm/crypto.c')
-rw-r--r-- | crypto/heimdal/lib/gssapi/ntlm/crypto.c | 135 |
1 files changed, 65 insertions, 70 deletions
diff --git a/crypto/heimdal/lib/gssapi/ntlm/crypto.c b/crypto/heimdal/lib/gssapi/ntlm/crypto.c index b05246ca52f4..85dc638dda58 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/crypto.c +++ b/crypto/heimdal/lib/gssapi/ntlm/crypto.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" - -RCSID("$Id: crypto.c 19535 2006-12-28 14:49:01Z lha $"); +#include "ntlm.h" uint32_t _krb5_crc_update (const char *p, size_t len, uint32_t res); @@ -80,7 +78,7 @@ _gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign, unsigned char *data, size_t len) { unsigned char out[16]; - MD5_CTX ctx; + EVP_MD_CTX *ctx; const char *signmagic; const char *sealmagic; @@ -94,15 +92,17 @@ _gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign, key->seq = 0; - MD5_Init(&ctx); - MD5_Update(&ctx, data, len); - MD5_Update(&ctx, signmagic, strlen(signmagic) + 1); - MD5_Final(key->signkey, &ctx); + ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, data, len); + EVP_DigestUpdate(ctx, signmagic, strlen(signmagic) + 1); + EVP_DigestFinal_ex(ctx, key->signkey, NULL); - MD5_Init(&ctx); - MD5_Update(&ctx, data, len); - MD5_Update(&ctx, sealmagic, strlen(sealmagic) + 1); - MD5_Final(out, &ctx); + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, data, len); + EVP_DigestUpdate(ctx, sealmagic, strlen(sealmagic) + 1); + EVP_DigestFinal_ex(ctx, out, NULL); + EVP_MD_CTX_destroy(ctx); RC4_set_key(&key->sealkey, 16, out); if (sealsign) @@ -121,20 +121,20 @@ v1_sign_message(gss_buffer_t in, { unsigned char sigature[12]; uint32_t crc; - + _krb5_crc_init_table(); crc = _krb5_crc_update(in->value, in->length, 0); - + encode_le_uint32(0, &sigature[0]); encode_le_uint32(crc, &sigature[4]); encode_le_uint32(seq, &sigature[8]); - + encode_le_uint32(1, out); /* version */ RC4(signkey, sizeof(sigature), sigature, out + 4); - + if (RAND_bytes(out + 4, 4) != 1) return GSS_S_UNAVAILABLE; - + return 0; } @@ -152,7 +152,7 @@ v2_sign_message(gss_buffer_t in, HMAC_CTX_init(&c); HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL); - + encode_le_uint32(seq, hmac); HMAC_Update(&c, hmac, 4); HMAC_Update(&c, in->value, in->length); @@ -188,7 +188,7 @@ v2_verify_message(gss_buffer_t in, return GSS_S_BAD_MIC; return GSS_S_COMPLETE; -} +} static OM_uint32 v2_seal_message(const gss_buffer_t in, @@ -259,8 +259,9 @@ v2_unseal_message(gss_buffer_t in, /* * */ - -OM_uint32 _gss_ntlm_get_mic + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_get_mic (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, gss_qop_t qop_req, @@ -271,12 +272,7 @@ OM_uint32 _gss_ntlm_get_mic ntlm_ctx ctx = (ntlm_ctx)context_handle; OM_uint32 junk; - if (minor_status) - *minor_status = 0; - if (message_token) { - message_token->length = 0; - message_token->value = NULL; - } + *minor_status = 0; message_token->value = malloc(16); message_token->length = 16; @@ -339,7 +335,7 @@ OM_uint32 _gss_ntlm_get_mic * */ -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_verify_mic (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, @@ -388,7 +384,7 @@ _gss_ntlm_verify_mic ((unsigned char *)token_buffer->value) + 4, sigature); _krb5_crc_init_table(); - crc = _krb5_crc_update(message_buffer->value, + crc = _krb5_crc_update(message_buffer->value, message_buffer->length, 0); /* skip first 4 bytes in the encrypted checksum */ decode_le_uint32(&sigature[4], &num); @@ -425,7 +421,7 @@ _gss_ntlm_verify_mic * */ -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_wrap_size_limit ( OM_uint32 * minor_status, const gss_ctx_id_t context_handle, @@ -456,7 +452,8 @@ _gss_ntlm_wrap_size_limit ( * */ -OM_uint32 _gss_ntlm_wrap +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_wrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, @@ -469,14 +466,13 @@ OM_uint32 _gss_ntlm_wrap ntlm_ctx ctx = (ntlm_ctx)context_handle; OM_uint32 ret; - if (minor_status) - *minor_status = 0; + *minor_status = 0; if (conf_state) *conf_state = 0; if (output_message_buffer == GSS_C_NO_BUFFER) return GSS_S_FAILURE; - + if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) { return v2_seal_message(input_message_buffer, @@ -499,7 +495,7 @@ OM_uint32 _gss_ntlm_wrap RC4(&ctx->u.v1.crypto_send.key, input_message_buffer->length, input_message_buffer->value, output_message_buffer->value); - + ret = _gss_ntlm_get_mic(minor_status, context_handle, 0, input_message_buffer, &trailer); @@ -512,7 +508,7 @@ OM_uint32 _gss_ntlm_wrap gss_release_buffer(&junk, &trailer); return GSS_S_FAILURE; } - memcpy(((unsigned char *)output_message_buffer->value) + + memcpy(((unsigned char *)output_message_buffer->value) + input_message_buffer->length, trailer.value, trailer.length); gss_release_buffer(&junk, &trailer); @@ -527,7 +523,8 @@ OM_uint32 _gss_ntlm_wrap * */ -OM_uint32 _gss_ntlm_unwrap +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_unwrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t input_message_buffer, @@ -539,12 +536,10 @@ OM_uint32 _gss_ntlm_unwrap ntlm_ctx ctx = (ntlm_ctx)context_handle; OM_uint32 ret; - if (minor_status) - *minor_status = 0; - if (output_message_buffer) { - output_message_buffer->value = NULL; - output_message_buffer->length = 0; - } + *minor_status = 0; + output_message_buffer->value = NULL; + output_message_buffer->length = 0; + if (conf_state) *conf_state = 0; if (qop_state) @@ -572,10 +567,10 @@ OM_uint32 _gss_ntlm_unwrap output_message_buffer->length = 0; return GSS_S_FAILURE; } - + RC4(&ctx->u.v1.crypto_recv.key, output_message_buffer->length, input_message_buffer->value, output_message_buffer->value); - + trailer.value = ((unsigned char *)input_message_buffer->value) + output_message_buffer->length; trailer.length = 16; |