From f65e609fd165b2639d5ae25d59c2e0fb7496c7df Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 10 Mar 2021 14:03:50 +0100 Subject: [PATCH] libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu() The cipher algorithm is already passed via smb2_signing_key->chipher_algo_id. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison --- libcli/smb/smb2_signing.c | 6 ++++-- libcli/smb/smb2_signing.h | 2 -- libcli/smb/smbXcli_base.c | 2 -- source3/smbd/smb2_server.c | 4 ---- 4 files changed, 4 insertions(+), 10 deletions(-) diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index dd5784361d5..a4effb8b31e 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -620,10 +620,10 @@ NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t KI_len, } NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key, - uint16_t cipher_id, struct iovec *vector, int count) { + uint16_t cipher_id; uint8_t *tf; size_t a_total; ssize_t m_total; @@ -651,6 +651,7 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key, DBG_WARNING("No encryption key for SMB2 signing\n"); return NT_STATUS_ACCESS_DENIED; } + cipher_id = encryption_key->cipher_algo_id; a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE; @@ -826,10 +827,10 @@ out: } NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, - uint16_t cipher_id, struct iovec *vector, int count) { + uint16_t cipher_id; uint8_t *tf; uint16_t flags; size_t a_total; @@ -859,6 +860,7 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, DBG_WARNING("No decryption key for SMB2 signing\n"); return NT_STATUS_ACCESS_DENIED; } + cipher_id = decryption_key->cipher_algo_id; a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE; diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h index 94d63c23042..cf6fbe50db8 100644 --- a/libcli/smb/smb2_signing.h +++ b/libcli/smb/smb2_signing.h @@ -91,11 +91,9 @@ NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t KI_len, uint8_t *KO, size_t KO_len); NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key, - uint16_t cipher_id, struct iovec *vector, int count); NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, - uint16_t cipher_id, struct iovec *vector, int count); diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index d188cc8a1b6..01a8e921156 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -3390,7 +3390,6 @@ skip_credits: } status = smb2_signing_encrypt_pdu(encryption_key, - state->conn->smb2.server.cipher, &iov[tf_iov], num_iov - tf_iov); if (!NT_STATUS_IS_OK(status)) { return status; @@ -3578,7 +3577,6 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn, tf_iov[1].iov_len = enc_len; status = smb2_signing_decrypt_pdu(s->smb2->decryption_key, - conn->smb2.server.cipher, tf_iov, 2); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(iov); diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 00597e56cf2..90a0b4860fd 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -451,7 +451,6 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn, tf_iov[1].iov_len = enc_len; status = smb2_signing_decrypt_pdu(s->global->decryption_key, - xconn->smb2.server.cipher, tf_iov, 2); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(iov_alloc); @@ -1931,7 +1930,6 @@ static NTSTATUS smb2_send_async_interim_response(const struct smbd_smb2_request */ if (firsttf->iov_len == SMB2_TF_HDR_SIZE) { status = smb2_signing_encrypt_pdu(req->first_enc_key, - xconn->smb2.server.cipher, firsttf, nreq->out.vector_count - first_idx); if (!NT_STATUS_IS_OK(status)) { @@ -2323,7 +2321,6 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev, struct smb2_signing_key *encryption_key = x->global->encryption_key; status = smb2_signing_encrypt_pdu(encryption_key, - xconn->smb2.server.cipher, &state->vector[1+SMBD_SMB2_TF_IOV_OFS], SMBD_SMB2_NUM_IOV_PER_REQ); if (!NT_STATUS_IS_OK(status)) { @@ -3607,7 +3604,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req) */ if (firsttf->iov_len == SMB2_TF_HDR_SIZE) { status = smb2_signing_encrypt_pdu(req->first_enc_key, - xconn->smb2.server.cipher, firsttf, req->out.vector_count - first_idx); if (!NT_STATUS_IS_OK(status)) {