1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

auth/gensec: fix AES schannel seal and unseal

Workaround bug present in gnutls 3.6.8:

gnutls_cipher_decrypt() uses an optimization
internally that breaks decryption when processing
buffers with their length not being a multiple
of the blocksize.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Günther Deschner 2019-09-17 22:37:06 +02:00 committed by Andreas Schneider
parent 709d54d68a
commit f988756599
2 changed files with 31 additions and 19 deletions

View File

@ -306,11 +306,6 @@ static NTSTATUS netsec_do_seal(struct schannel_state *state,
return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
}
/*
* Looks like we have to reuse the initial IV which is
* cryptographically wrong!
*/
gnutls_cipher_set_iv(cipher_hnd, iv.data, iv.size);
rc = gnutls_cipher_encrypt(cipher_hnd,
data,
length);
@ -319,25 +314,43 @@ static NTSTATUS netsec_do_seal(struct schannel_state *state,
return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
}
} else {
/*
* Workaround bug present in gnutls 3.6.8:
*
* gnutls_cipher_decrypt() uses an optimization
* internally that breaks decryption when processing
* buffers with their length not being a multiple
* of the blocksize.
*/
uint8_t tmp[16] = { 0, };
uint32_t tmp_dlength = MIN(length, sizeof(tmp) - 8);
memcpy(tmp, confounder, 8);
memcpy(tmp + 8, data, tmp_dlength);
rc = gnutls_cipher_decrypt(cipher_hnd,
confounder,
8);
tmp,
8 + tmp_dlength);
if (rc < 0) {
ZERO_STRUCT(tmp);
gnutls_cipher_deinit(cipher_hnd);
return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
}
/*
* Looks like we have to reuse the initial IV which is
* cryptographically wrong!
*/
gnutls_cipher_set_iv(cipher_hnd, iv.data, iv.size);
rc = gnutls_cipher_decrypt(cipher_hnd,
data,
length);
if (rc < 0) {
gnutls_cipher_deinit(cipher_hnd);
return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
memcpy(confounder, tmp, 8);
memcpy(data, tmp + 8, tmp_dlength);
ZERO_STRUCT(tmp);
if (length > tmp_dlength) {
rc = gnutls_cipher_decrypt(cipher_hnd,
data + tmp_dlength,
length - tmp_dlength);
if (rc < 0) {
gnutls_cipher_deinit(cipher_hnd);
return gnutls_error_to_ntstatus(rc, NT_STATUS_CRYPTO_SYSTEM_INVALID);
}
}
}
gnutls_cipher_deinit(cipher_hnd);

View File

@ -375,4 +375,3 @@
^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
^samba.unittests.schannel.torture_schannel_seal_aes