Remove MessageIntegrityCheck from context.

diff --git a/winpr/libwinpr/sspi/NTLM/ntlm.h b/winpr/libwinpr/sspi/NTLM/ntlm.h
index f12d9d5..d4c2404 100644 (file)
--- a/winpr/libwinpr/sspi/NTLM/ntlm.h
+++ b/winpr/libwinpr/sspi/NTLM/ntlm.h
@@ -250,6 +250,7 @@ struct _NTLM_CONTEXT
        NTLM_NEGOTIATE_MESSAGE NEGOTIATE_MESSAGE;
        NTLM_CHALLENGE_MESSAGE CHALLENGE_MESSAGE;
        NTLM_AUTHENTICATE_MESSAGE AUTHENTICATE_MESSAGE;
+       UINT32 MessageIntegrityCheckOffset;
        SecBuffer NegotiateMessage;
        SecBuffer ChallengeMessage;
        SecBuffer AuthenticateMessage;
@@ -272,8 +273,6 @@ struct _NTLM_CONTEXT
        BYTE ClientSealingKey[16];
        BYTE ServerSigningKey[16];
        BYTE ServerSealingKey[16];
-       BYTE MessageIntegrityCheck[16];
-       UINT32 MessageIntegrityCheckOffset;
        psPeerComputeNtlmHash HashCallback;
        void* HashCallbackArg;
 };

diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
index 4e046b3..018b0ad 100644 (file)
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
@@ -21,6 +21,8 @@
 #include "config.h"
 #endif
 
+#include <assert.h>
+
 #include "ntlm.h"
 #include "../sspi.h"
 
@@ -721,7 +723,7 @@ void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context)
        }
 }
 
-void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
+void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context, BYTE *mic, UINT32 size)
 {
        /*
         * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
@@ -729,6 +731,8 @@ void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
         */
        WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
 
+       assert(size >= WINPR_MD5_DIGEST_LENGTH);
+
        if (!hmac)
                return;
 
@@ -740,7 +744,7 @@ void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
                                  context->ChallengeMessage.cbBuffer);
                winpr_HMAC_Update(hmac, (BYTE*) context->AuthenticateMessage.pvBuffer,
                                  context->AuthenticateMessage.cbBuffer);
-               winpr_HMAC_Final(hmac, context->MessageIntegrityCheck, WINPR_MD5_DIGEST_LENGTH);
+               winpr_HMAC_Final(hmac, mic, WINPR_MD5_DIGEST_LENGTH);
        }
 
        winpr_HMAC_Free(hmac);

diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.h b/winpr/libwinpr/sspi/NTLM/ntlm_compute.h
index ba99c81..df06e37 100644 (file)
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.h
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.h
@@ -57,6 +57,6 @@ void ntlm_generate_client_sealing_key(NTLM_CONTEXT* context);
 void ntlm_generate_server_sealing_key(NTLM_CONTEXT* context);
 void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context);
 
-void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context);
+void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context, BYTE *mic, UINT32 size);
 
 #endif /* WINPR_AUTH_NTLM_COMPUTE_H */

diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_message.c b/winpr/libwinpr/sspi/NTLM/ntlm_message.c
index b5d7fe3..23f77de 100644 (file)
--- a/winpr/libwinpr/sspi/NTLM/ntlm_message.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_message.c
@@ -917,9 +917,9 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
        if (context->UseMIC)
        {
                /* Message Integrity Check */
-               ntlm_compute_message_integrity_check(context);
+               ntlm_compute_message_integrity_check(context, message->MessageIntegrityCheck, 16);
                Stream_SetPosition(s, context->MessageIntegrityCheckOffset);
-               Stream_Write(s, context->MessageIntegrityCheck, 16);
+               Stream_Write(s, message->MessageIntegrityCheck, 16);
                Stream_SetPosition(s, length);
        }
 
@@ -947,7 +947,7 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
        if (context->UseMIC)
        {
                WLog_DBG(TAG, "MessageIntegrityCheck (length = 16)");
-               winpr_HexDump(TAG, WLOG_DEBUG, context->MessageIntegrityCheck, 16);
+               winpr_HexDump(TAG, WLOG_DEBUG, message->MessageIntegrityCheck, 16);
        }
 
 #endif
@@ -961,6 +961,7 @@ SECURITY_STATUS ntlm_server_AuthenticateComplete(NTLM_CONTEXT* context)
        UINT32 flags = 0;
        NTLM_AV_PAIR* AvFlags = NULL;
        NTLM_AUTHENTICATE_MESSAGE* message;
+       BYTE messageIntegrityCheck[16];
 
        if (context->state != NTLM_STATE_COMPLETION)
                return SEC_E_OUT_OF_SEQUENCE;
@@ -988,15 +989,15 @@ SECURITY_STATUS ntlm_server_AuthenticateComplete(NTLM_CONTEXT* context)
        {
                ZeroMemory(&((PBYTE) context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
                           16);
-               ntlm_compute_message_integrity_check(context);
+               ntlm_compute_message_integrity_check(context, &messageIntegrityCheck, sizeof(messageIntegrityCheck));
                CopyMemory(&((PBYTE) context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
                           message->MessageIntegrityCheck, 16);
 
-               if (memcmp(context->MessageIntegrityCheck, message->MessageIntegrityCheck, 16) != 0)
+               if (memcmp(messageIntegrityCheck, message->MessageIntegrityCheck, 16) != 0)
                {
                        WLog_ERR(TAG, "Message Integrity Check (MIC) verification failed!");
                        WLog_ERR(TAG, "Expected MIC:");
-                       winpr_HexDump(TAG, WLOG_ERROR, context->MessageIntegrityCheck, 16);
+                       winpr_HexDump(TAG, WLOG_ERROR, messageIntegrityCheck, 16);
                        WLog_ERR(TAG, "Actual MIC:");
                        winpr_HexDump(TAG, WLOG_ERROR, message->MessageIntegrityCheck, 16);
                        return SEC_E_MESSAGE_ALTERED;