IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This will avoid duplicated code as we convert arcfour_crypt_blob() into
direct GnuTLS calls
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fix ubsan warning null pointer passed as argument 2 when the source
pointer is NULL. The calls to memcpy are now guarded by an
if (len > 0)
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May 27 01:29:48 UTC 2019 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 21 01:18:08 UTC 2019 on sn-devel-184
To avoid warning above produced by using
-Wcast-function-type we;
+ ensure PyCFunctions of type METH_VARARGS do not declare
unused and problematic kargs param.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
runtime error: left shift of 145 by 24 places cannot be represented in type 'int'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 10 01:41:52 CEST 2018 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13302
Signed-off-by: Eric Vannier <evannier@google.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 27 13:50:09 CEST 2018 on sn-devel-144
Update after call with the GnuTLS maintainer to see what is supported in
GnuTLS, what is working in FIPS mode or not, and what features we require
to move to GnuTLS in future. The benefit will be FIPS certification and
more hardware accelerated crypto.
Bugs have been opened against GnuTLS to implment the missing features or
add functions to declare use of old crypto functions as non-crypto use.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Add --accel-aes=[none|intelaesni] to select.
Default is none.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Causes:
AES_set_encrypt_key()
AES_set_decrypt_key()
AES_encrypt()
AES_decrypt()
to probe for the Intel AES instructions at runtime (only once)
and then call the hardware implementations if so, otherwise
fall back to the software implementations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Based on original work by Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Rename the old struct aes_key as an intermediate struct aes_key_rj
and wrap it in a union so we can chose an alternate aes_key struct
when using Intel AES hardware.
Rename the original software implementations of:
AES_set_encrypt_key()
AES_set_decrypt_key()
AES_encrypt()
AES_decrypt()
by adding an _rj on the end, and call them via a wrapper
function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Based on original work by Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Implement a small Python module that exposes arcfour_crypt_blob()
function widely used in Samba C code.
When Samba Python bindings are used to call LSA CreateTrustedDomainEx2,
there is a need to encrypt trusted credentials with RC4 cipher.
Current Samba Python code relies on Python runtime to provide RC4
cipher. However, in FIPS 140-2 mode system crypto libraries do not
provide access RC4 cipher at all. According to Microsoft dochelp team,
Windows is treating AuthenticationInformation blob encryption as 'plain
text' in terms of FIPS 140-2, thus doing application-level encryption.
Replace samba.arcfour_encrypt() implementation with a call to
samba.crypto.arcfour_crypt_blob().
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144
Holger Hetterich told me in a personal email that he does not have
time to care about this project anymore and that he is fine to
remove it from Samba.
Why the removal? It contains homegrown crypto that would need to
be thoroughly audited and/or fixed. And if it's neither maintained
nor widely used I'd rather have it removed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 11 00:23:35 CET 2015 on sn-devel-104
This can be used in order to optimize some parts later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 23:23:54 CEST 2015 on sn-devel-104
- We avoid variables in order to do a lazy cleanup
in aes_ccm_128_digest() via ZERO_STRUCTP(ctx)
- We use the optimized aes_block_{xor,rshift}() functions
- Align AES_BLOCK_SIZE arrays to 8 bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
- We avoid variables in order to do a lazy cleanup
in aes_ccm_128_digest() via ZERO_STRUCTP(ctx)
- We use the optimized aes_block_xor() function
- We reuse A_i instead of rebuilding it everything completely.
- Align AES_BLOCK_SIZE arrays to 8 bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
- We avoid variables in order to do a lazy cleanup
in aes_cmac_128_final() via ZERO_STRUCTP(ctx)
- We avoid unused memcpy() calls
- We use the optimized aes_block_{xor,lshift}() functions
- Align AES_BLOCK_SIZE arrays to 8 bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
These are typical operations on an AES_BLOCK used by different modes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reverts commit 30bfb8d63804f0c98312fadaadcb104120dadafb.
Talloc is still needed by LIBCRYPTO, because arcfour.h
includes lib/util/data_blob.h which includes talloc.h.
It seems arcfour only uses the DATA_BLOB struct (in e.g. arcfour_crypt
and arcfour_init).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Jun 28 11:47:16 CEST 2015 on sn-devel-104
Samba provides its own set of SHA function, which would replace
libc-provided flavors. This is a problem because while the prototypes
are the same, the context structure are different. As a result,
when connecting to a LDAP/SSL directory, we go through
libldap/libssl/libcrypto and there libcrypto expects to call libc
SHA functions, not Samba's.
The fix is to check for SHA function presence and rename Samba's
version to avoid a clash.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo <simo@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 3 01:54:24 CEST 2015 on sn-devel-104
Signed-off-by: Michael Ledford <michael@ledford.cc>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Feb 17 11:45:15 CET 2015 on sn-devel-104
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
If the compiler detects strict aliasing problems it isn't able to
optimize the code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
we also need to use the CC_MD5_CTX from CommonCrypto here instead of the MD5_CTX
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jan 8 08:12:29 CET 2014 on sn-devel-104
