Tree - rpms/samba - CentOS Git server

rpms / samba

Files

Commit: d028719cc75bf00b7052616ba5f30c5eae46612b
Blob Blame History Raw
From d841537e0e835cda608d3f2b654d10d36d539bc5 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 23 Aug 2019 08:54:54 +0200
Subject: [PATCH 136/187] libcli:smb: Use gnutls_aead_cipher_encryptv2() for
 AES GCM or CCM

This is a new call which has been added with GnuTLS 3.6.10 and will
recuduce memory allocations and copying of data.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
(cherry picked from commit 70fdd4821aa811f90944bee17cc85e3ae9302279)
---
 libcli/smb/smb2_signing.c | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index c39f8e4780a..ac0f6f4d29f 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -392,12 +392,11 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
 				  int count)
 {
 	uint8_t *tf;
-	int i;
 	size_t a_total;
 	ssize_t m_total;
 	uint32_t iv_size = 0;
 	uint32_t key_size = 0;
-	uint32_t tag_size = 0;
+	size_t tag_size = 0;
 	uint8_t _key[16] = {0};
 	gnutls_cipher_algorithm_t algo = 0;
 	gnutls_datum_t key;
@@ -479,12 +478,40 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
 	       0,
 	       16 - iv_size);
 
+#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+	{
+		uint8_t tag[tag_size];
+		giovec_t auth_iov[1];
+
+		auth_iov[0] = (giovec_t) {
+			.iov_base = tf + SMB2_TF_NONCE,
+			.iov_len  = a_total,
+		};
+
+		rc = gnutls_aead_cipher_encryptv2(encryption_key->cipher_hnd,
+						  iv.data,
+						  iv.size,
+						  auth_iov,
+						  1,
+						  &vector[1],
+						  count - 1,
+						  tag,
+						  &tag_size);
+		if (rc < 0) {
+			status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
+			goto out;
+		}
+
+		memcpy(tf + SMB2_TF_SIGNATURE, tag, tag_size);
+	}
+#else /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
 	{
 		size_t ptext_size = m_total;
 		uint8_t *ptext = NULL;
 		size_t ctext_size = m_total + tag_size;
 		uint8_t *ctext = NULL;
 		size_t len = 0;
+		int i;
 
 		ptext = talloc_size(talloc_tos(), ptext_size);
 		if (ptext == NULL) {
@@ -543,6 +570,7 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
 		TALLOC_FREE(ptext);
 		TALLOC_FREE(ctext);
 	}
+#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
 
 	DBG_INFO("Enencrypted SMB2 message\n");
 
-- 
2.23.0
rpms / samba

Source Code

Files
