gss: unconditionally set certain flags in SAnon ISC

SAnon unconditionally sets the replay, sequence, confidentiality, and integrity
flags on the acceptor; do so on the initiator as well. Some indentation
cleanups are also included in this commit.

diff --git a/lib/gssapi/sanon/accept_sec_context.c b/lib/gssapi/sanon/accept_sec_context.c
index 74f4aa04a9fc78df7a380d72e8bc83e4f2058c92..f31c974ee9a59aa0e38efa5997e261b61b4ed1ac 100644 (file)
--- a/lib/gssapi/sanon/accept_sec_context.c
+++ b/lib/gssapi/sanon/accept_sec_context.c
@@ -113,10 +113,11 @@ _gss_sanon_accept_sec_context(OM_uint32 *minor,
     if (major != GSS_S_COMPLETE)
        goto out;
 
-    req_flags &= SANON_PROTOCOL_FLAG_MASK; /* do not let initiator set any other flags */
+    /* do not let initiator set any other flags */
+    req_flags &= SANON_PROTOCOL_FLAG_MASK;
 
     req_flags |= GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
-        GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG | GSS_C_TRANS_FLAG;
+                GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG | GSS_C_TRANS_FLAG;
 
     major = _gss_sanon_import_rfc4121_context(minor, sc, req_flags, &session_key);
     if (major != GSS_S_COMPLETE)

diff --git a/lib/gssapi/sanon/init_sec_context.c b/lib/gssapi/sanon/init_sec_context.c
index be61aba9b67acdf9a9f6e72f8c30b9cf59274b97..4c199edc1b28fad97f9e45adc8d53a1a21295f12 100644 (file)
--- a/lib/gssapi/sanon/init_sec_context.c
+++ b/lib/gssapi/sanon/init_sec_context.c
@@ -87,7 +87,7 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
     gss_buffer_desc mech_token = GSS_C_EMPTY_BUFFER;
     OM_uint32 major, tmp;
     sanon_ctx sc = (sanon_ctx)*context_handle;
-    OM_uint32 flags = 0;
+    OM_uint32 flags;
     gss_buffer_desc session_key = GSS_C_EMPTY_BUFFER;
 
     *minor = 0;
@@ -98,10 +98,11 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
        goto out;
     }
 
-    flags |= GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
-            GSS_C_INTEG_FLAG | SANON_PROTOCOL_FLAG_MASK; /* supported flags */
-    flags &= req_flags;
-    flags |= GSS_C_ANON_FLAG; /* always set this flag */
+    /* we always support the following flags */
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
+           GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG;
+    /* we support the following optional flags */
+    flags |= req_flags & SANON_PROTOCOL_FLAG_MASK;
 
     if (sc == NULL) {
        uint8_t pk_and_flags[crypto_scalarmult_curve25519_BYTES + 8];
@@ -125,10 +126,10 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
        if (major != GSS_S_COMPLETE)
            goto out;
 
-       if (req_flags & SANON_PROTOCOL_FLAG_MASK) {
+       if (flags & SANON_PROTOCOL_FLAG_MASK) {
            memcpy(pk_and_flags, sc->pk, sizeof(sc->pk));
            _gss_mg_encode_be_uint32(0, &pk_and_flags[sizeof(sc->pk)]);
-           _gss_mg_encode_be_uint32(req_flags & SANON_PROTOCOL_FLAG_MASK,
+           _gss_mg_encode_be_uint32(flags & SANON_PROTOCOL_FLAG_MASK,
                                     &pk_and_flags[sizeof(sc->pk) + 4]);
            mech_token.length = sizeof(pk_and_flags);
            mech_token.value = pk_and_flags;
@@ -163,7 +164,8 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
        pk.value = input_token->value;
 
        /* compute shared secret */
-       major = _gss_sanon_curve25519(minor, sc, &pk, flags & SANON_PROTOCOL_FLAG_MASK,
+       major = _gss_sanon_curve25519(minor, sc, &pk,
+                                     flags & SANON_PROTOCOL_FLAG_MASK,
                                      input_chan_bindings, &session_key);
        if (major != GSS_S_COMPLETE)
            goto out;