Re: [PATCH] secur32: implement the SECPKG_ATTR_UNIQUE_BINDINGS context attribute

26 Jan 2021


      Damjan Jovanovic <damjan.jov(a)gmail.com> wrote:
...
+SECURITY_STATUS schan_imp_get_unique_channel_binding(schan_imp_session session,
+                                                     SecPkgContext_Bindings *bindings)
+{
+    static const char prefix[] = "tls-unique:";
+    gnutls_datum_t datum;
+    int rc;
+    SECURITY_STATUS ret;
+    char *p;
+    gnutls_session_t s = (gnutls_session_t)session;
+
+    rc = pgnutls_session_channel_binding(s, GNUTLS_CB_TLS_UNIQUE, &datum);
+    if (rc)
+    {
+        pgnutls_perror(rc);
+        ret = SEC_E_INTERNAL_ERROR;
+    }
+    else
+    {
+        bindings->BindingsLength = sizeof(SEC_CHANNEL_BINDINGS) + sizeof(prefix)-1 + datum.size;
+        bindings->Bindings = heap_alloc_zero(bindings->BindingsLength);
+        if (!bindings->Bindings)
+            ret = SEC_E_INSUFFICIENT_MEMORY;
+        else
+        {
+            bindings->Bindings->cbApplicationDataLength = sizeof(prefix)-1 + datum.size;
+            bindings->Bindings->dwApplicationDataOffset = sizeof(SEC_CHANNEL_BINDINGS);
+            p = (char*)(bindings->Bindings+1);
+            memcpy(p, prefix, sizeof(prefix)-1);
+            p += sizeof(prefix)-1;
+            memcpy(p, datum.data, datum.size);
+            ret = SEC_E_OK;
+        }
+    }
+    (*pgnutls_free)(datum.data);
+    return ret;
+}
Does it make sense to call gnutls_free() if gnutls_session_channel_binding()
fails? If not, then the indentation could be simplified to return right after
the initial failure.

-- 
Dmitry.

Re: [PATCH] secur32: implement the SECPKG_ATTR_UNIQUE_BINDINGS context attribute

Dmitry Timoshkov