1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/lib/crypto/wscript
Joseph Sutton b27a67af02 CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES
This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00

95 lines
3.4 KiB
Python

#!/usr/bin/env python
from waflib import Options
from waflib import Errors, Logs
def options(opt):
opt.add_option('--accel-aes',
help=("Should we use accelerated AES crypto functions. "
"Options are intelaesni|none."),
action="store",
dest='accel_aes',
default="none")
def configure(conf):
if conf.CHECK_FUNCS('SHA1_Update'):
conf.DEFINE('SHA1_RENAME_NEEDED', 1)
#
# --aes-accel=XXX selects accelerated AES crypto library to use, if any.
# Default is none.
#
if Options.options.accel_aes.lower() == "intelaesni":
Logs.info("Attempting to compile with runtime-switchable x86_64 "
"Intel AES instructions. WARNING - this is temporary.")
elif Options.options.accel_aes.lower() != "none":
raise Errors.WafError("--aes-accel=%s is not a valid option. Valid "
"options are [none|intelaesni]" %
Options.options.accel_aes)
def build(bld):
extra_deps = ""
if (bld.CONFIG_SET("HAVE_AESNI_INTEL")
and not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC')):
extra_deps += ' aesni-intel'
bld.SAMBA_SUBSYSTEM("GNUTLS_HELPERS",
source='''
gnutls_error.c
gnutls_aead_aes_256_cbc_hmac_sha512.c
gnutls_arcfour_confounded_md5.c
gnutls_weak_crypto.c
''',
deps="gnutls samba-errors")
bld.SAMBA_SUBSYSTEM("LIBCRYPTO_AES",
source='aes.c rijndael-alg-fst.c',
deps='talloc',
enabled=not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'))
bld.SAMBA_SUBSYSTEM('LIBCRYPTO_AES_CMAC',
source='aes_cmac_128.c',
deps='talloc',
enabled=not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'))
bld.SAMBA_SUBSYSTEM('LIBCRYPTO',
source='''
md4.c
''',
deps='''
talloc
LIBCRYPTO_AES
LIBCRYPTO_AES_CMAC
''' + extra_deps)
bld.SAMBA_SUBSYSTEM('TORTURE_LIBCRYPTO_AES_CMAC',
source='aes_cmac_128_test.c',
autoproto='aes_cmac_test_proto.h',
deps='talloc',
enabled=not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'))
bld.SAMBA_SUBSYSTEM('TORTURE_LIBCRYPTO',
source='md4test.c',
autoproto='test_proto.h',
deps='''
LIBCRYPTO
TORTURE_LIBCRYPTO_AES_CMAC
''')
bld.SAMBA_PYTHON('python_crypto',
source='py_crypto.c',
deps='gnutls talloc LIBCLI_AUTH',
realname='samba/crypto.so')
bld.SAMBA_BINARY('test_gnutls_aead_aes_256_cbc_hmac_sha512',
source='''
gnutls_error.c
tests/test_gnutls_aead_aes_256_cbc_hmac_sha512.c
''',
deps='cmocka gnutls samba-util samba-errors',
local_include=False,
for_selftest=True)