From cd45ceb7c38ef77ad9d6cc42ad8184ebc6829cf7 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 29 May 2019 16:38:09 +0200
Subject: [PATCH 090/187] libcli:auth: Return NTSTATUS for
 netlogon_creds_aes_encrypt()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Adapted by Andrew Bartlett to use gnutls_error_to_ntstatus()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ded5aad21b54b8783f7390fb2eca483d3861eeff)
---
 libcli/auth/credentials.c | 15 ++++++++-------
 libcli/auth/proto.h       |  4 +++-
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 5a1692ef436..87f8820238e 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -293,7 +293,9 @@ NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *cre
 /*
   AES encrypt a password buffer using the session key
 */
-void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
+NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds,
+				    uint8_t *data,
+				    size_t len)
 {
 #ifdef HAVE_GNUTLS_AES_CFB8
 	gnutls_cipher_hd_t cipher_hnd = NULL;
@@ -317,18 +319,15 @@ void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, ui
 				&key,
 				&iv);
 	if (rc < 0) {
-		DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
-			gnutls_strerror(rc));
-		return;
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
 	}
 
 	rc = gnutls_cipher_encrypt(cipher_hnd, data, len);
 	gnutls_cipher_deinit(cipher_hnd);
 	if (rc < 0) {
-		DBG_ERR("ERROR: gnutls_cipher_encrypt: %s\n",
-			gnutls_strerror(rc));
-		return;
+		return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
 	}
+
 #else /* NOT HAVE_GNUTLS_AES_CFB8 */
 	AES_KEY key;
 	uint8_t iv[AES_BLOCK_SIZE] = {0};
@@ -337,6 +336,8 @@ void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, ui
 
 	aes_cfb8_encrypt(data, data, len, &key, iv, AES_ENCRYPT);
 #endif /* HAVE_GNUTLS_AES_CFB8 */
+
+	return NT_STATUS_OK;
 }
 
 /*
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 65ee06215dc..639a50425e5 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -18,7 +18,9 @@ void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, st
 NTSTATUS netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds,
 				      uint8_t *data,
 				      size_t len);
-void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
+NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds,
+				    uint8_t *data,
+				    size_t len);
 void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len);
 
 /*****************************************************************
-- 
2.23.0