Tree - rpms/samba - CentOS Git server

rpms / samba

Blame SOURCES/0091-libcli-auth-Use-GnuTLS-AES128-CFB-for-netlogon_creds.patch

Blob History Raw

		b6b438	`From 9b5fa6c165e98ddec38bc976bac0cfee62fd0d72 Mon Sep 17 00:00:00 2001`
		b6b438	`From: Andreas Schneider <asn@samba.org>`
		b6b438	`Date: Mon, 18 Mar 2019 15:13:08 +0100`
		b6b438	`Subject: [PATCH 091/187] libcli:auth: Use GnuTLS AES128 CFB for`
		b6b438	`netlogon_creds_aes_decrypt()`
		b6b438
		b6b438	`Signed-off-by: Andreas Schneider <asn@samba.org>`
		b6b438	`Reviewed-by: Andrew Bartlett <abartlet@samba.org>`
		b6b438	`(cherry picked from commit a96728586150768957b88a0714b15f13ee9f81af)`
		b6b438	`---`
		b6b438	`libcli/auth/credentials.c \| 41 ++++++++++++++++++++++++++++++++++++++-`
		b6b438	`1 file changed, 40 insertions(+), 1 deletion(-)`
		b6b438
		b6b438	`diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c`
		b6b438	`index 87f8820238e..cfeab6efdcd 100644`
		b6b438	`--- a/libcli/auth/credentials.c`
		b6b438	`+++ b/libcli/auth/credentials.c`
		b6b438	`@@ -22,10 +22,13 @@`
		b6b438
		b6b438	`#include "includes.h"`
		b6b438	`#include "system/time.h"`
		b6b438	`-#include "../lib/crypto/crypto.h"`
		b6b438	`#include "libcli/auth/libcli_auth.h"`
		b6b438	`#include "../libcli/security/dom_sid.h"`
		b6b438
		b6b438	`+#ifndef HAVE_GNUTLS_AES_CFB8`
		b6b438	`+#include "lib/crypto/aes.h"`
		b6b438	`+#endif`
		b6b438	`+`
		b6b438	`#include "lib/crypto/gnutls_helpers.h"`
		b6b438	`#include <gnutls/gnutls.h>`
		b6b438	`#include <gnutls/crypto.h>`
		b6b438	`@@ -345,12 +348,48 @@ NTSTATUS netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds`
		b6b438	`*/`
		b6b438	`void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState creds, uint8_t data, size_t len)`
		b6b438	`{`
		b6b438	`+#ifdef HAVE_GNUTLS_AES_CFB8`
		b6b438	`+ gnutls_cipher_hd_t cipher_hnd = NULL;`
		b6b438	`+ gnutls_datum_t key = {`
		b6b438	`+ .data = creds->session_key,`
		b6b438	`+ .size = sizeof(creds->session_key),`
		b6b438	`+ };`
		b6b438	`+ uint32_t iv_size =`
		b6b438	`+ gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_CFB8);`
		b6b438	`+ uint8_t _iv[iv_size];`
		b6b438	`+ gnutls_datum_t iv = {`
		b6b438	`+ .data = _iv,`
		b6b438	`+ .size = iv_size,`
		b6b438	`+ };`
		b6b438	`+ int rc;`
		b6b438	`+`
		b6b438	`+ ZERO_ARRAY(_iv);`
		b6b438	`+`
		b6b438	`+ rc = gnutls_cipher_init(&cipher_hnd,`
		b6b438	`+ GNUTLS_CIPHER_AES_128_CFB8,`
		b6b438	`+ &key,`
		b6b438	`+ &iv;;`
		b6b438	`+ if (rc < 0) {`
		b6b438	`+ DBG_ERR("ERROR: gnutls_cipher_init: %s\n",`
		b6b438	`+ gnutls_strerror(rc));`
		b6b438	`+ return;`
		b6b438	`+ }`
		b6b438	`+`
		b6b438	`+ rc = gnutls_cipher_decrypt(cipher_hnd, data, len);`
		b6b438	`+ gnutls_cipher_deinit(cipher_hnd);`
		b6b438	`+ if (rc < 0) {`
		b6b438	`+ DBG_ERR("ERROR: gnutls_cipher_decrypt: %s\n",`
		b6b438	`+ gnutls_strerror(rc));`
		b6b438	`+ return;`
		b6b438	`+ }`
		b6b438	`+#else /* NOT HAVE_GNUTLS_AES_CFB8 */`
		b6b438	`AES_KEY key;`
		b6b438	`uint8_t iv[AES_BLOCK_SIZE] = {0};`
		b6b438
		b6b438	`AES_set_encrypt_key(creds->session_key, 128, &key);`
		b6b438
		b6b438	`aes_cfb8_encrypt(data, data, len, &key, iv, AES_DECRYPT);`
		b6b438	`+#endif /* HAVE_GNUTLS_AES_CFB8 */`
		b6b438	`}`
		b6b438
		b6b438	`/*****************************************************************`
		b6b438	`--`
		b6b438	`2.23.0`
		b6b438

rpms / samba

Source Code

Blame SOURCES/0091-libcli-auth-Use-GnuTLS-AES128-CFB-for-netlogon_creds.patch