rpms / samba

Clone
Source Code
GIT

Blame SOURCES/0099-auth-gensec-Use-GnuTLS-AES128-CFB8-in-netsec_do_seq_.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c7-sig-storage-samba-411 c8 c8-beta c8-sig-storage-samba-411 c8-sig-storage-samba-412 c8-sig-storage-samba-413 c8-sig-storage-samba-414 c8-sig-storage-samba-415 c8s c8s-sig-storage-samba-413 c8s-sig-storage-samba-414 c8s-sig-storage-samba-415 c8s-sig-storage-samba-416 c8s-sig-storage-samba-417 c8s-sig-storage-samba-418 c8s-sig-storage-samba-419 c8s-sig-storage-samba-420 c9 c9-beta c9s-sig-storage-samba-414 c9s-sig-storage-samba-415 c9s-sig-storage-samba-416 c9s-sig-storage-samba-417 c9s-sig-storage-samba-418 c9s-sig-storage-samba-419 c9s-sig-storage-samba-420 c9s-sig-storage-samba-421
  1.   b6b438351cef67652d9aed43112618d18092527e
  2.   SOURCES
  3.   0099-auth-gensec-Use-GnuTLS-AES128-CFB8-in-netsec_do_seq_.patch
Blob History Raw
b6b438 
From 9be58c7b284bad6a721363354603a25a9aa4b29b Mon Sep 17 00:00:00 2001
b6b438 
From: Andreas Schneider <asn@samba.org>
b6b438 
Date: Fri, 1 Mar 2019 17:55:02 +0100
b6b438 
Subject: [PATCH 099/187] auth:gensec: Use GnuTLS AES128 CFB8 in
b6b438 
 netsec_do_seq_num()
b6b438
b6b438 
Signed-off-by: Andreas Schneider <asn@samba.org>
b6b438 
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
b6b438 
(cherry picked from commit 58c781dc93e24895b2c4b97fa311c66af30e278e)
b6b438 
---
b6b438 
 auth/gensec/schannel.c | 40 ++++++++++++++++++++++++++++++++++++++++
b6b438 
 1 file changed, 40 insertions(+)
b6b438
b6b438 
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
b6b438 
index 74a3eb5c690..719849fa0cc 100644
b6b438 
--- a/auth/gensec/schannel.c
b6b438 
+++ b/auth/gensec/schannel.c
b6b438 
@@ -147,6 +147,45 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
b6b438 
 				  uint8_t seq_num[8])
b6b438 
 {
b6b438 
 	if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
b6b438 
+#ifdef HAVE_GNUTLS_AES_CFB8
b6b438 
+		gnutls_cipher_hd_t cipher_hnd = NULL;
b6b438 
+		gnutls_datum_t key = {
b6b438 
+			.data = state->creds->session_key,
b6b438 
+			.size = sizeof(state->creds->session_key),
b6b438 
+		};
b6b438 
+		uint32_t iv_size =
b6b438 
+			gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_128_CFB8);
b6b438 
+		uint8_t _iv[iv_size];
b6b438 
+		gnutls_datum_t iv = {
b6b438 
+			.data = _iv,
b6b438 
+			.size = iv_size,
b6b438 
+		};
b6b438 
+		int rc;
b6b438 
+
b6b438 
+		ZERO_ARRAY(_iv);
b6b438 
+
b6b438 
+		memcpy(iv.data + 0, checksum, 8);
b6b438 
+		memcpy(iv.data + 8, checksum, 8);
b6b438 
+
b6b438 
+		rc = gnutls_cipher_init(&cipher_hnd,
b6b438 
+					GNUTLS_CIPHER_AES_128_CFB8,
b6b438 
+					&key,
b6b438 
+					&iv;;
b6b438 
+		if (rc < 0) {
b6b438 
+			DBG_ERR("ERROR: gnutls_cipher_init: %s\n",
b6b438 
+				gnutls_strerror(rc));
b6b438 
+			return NT_STATUS_INTERNAL_ERROR;
b6b438 
+		}
b6b438 
+
b6b438 
+		rc = gnutls_cipher_encrypt(cipher_hnd, seq_num, 8);
b6b438 
+		gnutls_cipher_deinit(cipher_hnd);
b6b438 
+		if (rc < 0) {
b6b438 
+			DBG_ERR("ERROR: gnutls_cipher_encrypt: %s\n",
b6b438 
+				gnutls_strerror(rc));
b6b438 
+			return NT_STATUS_INTERNAL_ERROR;
b6b438 
+		}
b6b438 
+
b6b438 
+#else /* NOT HAVE_GNUTLS_AES_CFB8 */
b6b438 
 		AES_KEY key;
b6b438 
 		uint8_t iv[AES_BLOCK_SIZE];
b6b438
b6b438 
@@ -156,6 +195,7 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
b6b438 
 		memcpy(iv+8, checksum, 8);
b6b438
b6b438 
 		aes_cfb8_encrypt(seq_num, seq_num, 8, &key, iv, AES_ENCRYPT);
b6b438 
+#endif /* HAVE_GNUTLS_AES_CFB8 */
b6b438 
 	} else {
b6b438 
 		static const uint8_t zeros[4];
b6b438 
 		uint8_t _sequence_key[16];
b6b438 
--
b6b438 
2.23.0
b6b438

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation