summaryrefslogtreecommitdiff
path: root/lib/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Allow AESNI to be used on all processor supporting AESNI, not just Intel's ↵Eric Vannier2018-04-041-16/+0
| | | | | | | | | | | | | | | This improves performance/reduced CPU usage. Tests performed: - Ran on Ivy Bridge and Ryzen and verified that AESNI is detected (crypto tests) - Ran on Ryzen, and observed 50% increased speed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13302 Signed-off-by: Eric Vannier <evannier@google.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 27 13:50:09 CEST 2018 on sn-devel-144 (cherry picked from commit 77d88d75f6262a855e818a9b2b4018f8b6ced7b0)
* lib: crypto: Add the ability to select Intel AESNI instruction set at ↵Jeremy Allison2017-09-112-0/+19
| | | | | | | | | | | | | configure time. Add --accel-aes=[none|intelaesni] to select. Default is none. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5f87a05aa314776135eec1057dd644c0b25a9d14)
* lib: crypto: Plumb in the Intel AES instructions.Jeremy Allison2017-09-114-2/+224
| | | | | | | | | | | | | | | | | | | | | Causes: AES_set_encrypt_key() AES_set_decrypt_key() AES_encrypt() AES_decrypt() to probe for the Intel AES instructions at runtime (only once) and then call the hardware implementations if so, otherwise fall back to the software implementations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008 Based on original work by Justin Maggard <jmaggard@netgear.com> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 53ac0f7c59a9192e4fa88bf3d257ad80379ded23)
* lib: crypt: Prepare the existing code to switch to Intel AES hardware ↵Jeremy Allison2017-09-112-11/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | instructions. Rename the old struct aes_key as an intermediate struct aes_key_rj and wrap it in a union so we can chose an alternate aes_key struct when using Intel AES hardware. Rename the original software implementations of: AES_set_encrypt_key() AES_set_decrypt_key() AES_encrypt() AES_decrypt() by adding an _rj on the end, and call them via a wrapper function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008 Based on original work by Justin Maggard <jmaggard@netgear.com> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 3324b55bde96d4098df2f1138be5fd243206ceba)
* lib/crypto: implement samba.crypto Python module for RC4Alexander Bokovoy2017-03-152-0/+97
| | | | | | | | | | | | | | | | | | | | | | | | Implement a small Python module that exposes arcfour_crypt_blob() function widely used in Samba C code. When Samba Python bindings are used to call LSA CreateTrustedDomainEx2, there is a need to encrypt trusted credentials with RC4 cipher. Current Samba Python code relies on Python runtime to provide RC4 cipher. However, in FIPS 140-2 mode system crypto libraries do not provide access RC4 cipher at all. According to Microsoft dochelp team, Windows is treating AuthenticationInformation blob encryption as 'plain text' in terms of FIPS 140-2, thus doing application-level encryption. Replace samba.arcfour_encrypt() implementation with a call to samba.crypto.arcfour_crypt_blob(). Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144
* lib: Fix some whitespaceVolker Lendecke2016-05-161-12/+13
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Fix a signed/unsigned mixupVolker Lendecke2016-05-161-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* vfs: Remove smb_traffic_analyzerVolker Lendecke2015-11-111-3/+0
| | | | | | | | | | | | | | | | Holger Hetterich told me in a personal email that he does not have time to care about this project anymore and that he is fine to remove it from Samba. Why the removal? It contains homegrown crypto that would need to be thoroughly audited and/or fixed. And if it's neither maintained nor widely used I'd rather have it removed. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Nov 11 00:23:35 CET 2015 on sn-devel-104
* lib/crypto: make it possible to use only parts of aes.[ch]Stefan Metzmacher2015-08-272-1/+14
| | | | | | | | | | | | This can be used in order to optimize some parts later. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 27 23:23:54 CEST 2015 on sn-devel-104
* lib/crypto: sync AES_cfb8_encrypt() from heimdalStefan Metzmacher2015-08-272-20/+25
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: make use of aes_test.h in aes_gcm_128_test.cStefan Metzmacher2015-08-271-221/+137
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: optimize aes_gcm_128Stefan Metzmacher2015-08-272-36/+25
| | | | | | | | | | | | - We avoid variables in order to do a lazy cleanup in aes_ccm_128_digest() via ZERO_STRUCTP(ctx) - We use the optimized aes_block_{xor,rshift}() functions - Align AES_BLOCK_SIZE arrays to 8 bytes BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: optimize aes_ccm_128Stefan Metzmacher2015-08-272-47/+78
| | | | | | | | | | | | | - We avoid variables in order to do a lazy cleanup in aes_ccm_128_digest() via ZERO_STRUCTP(ctx) - We use the optimized aes_block_xor() function - We reuse A_i instead of rebuilding it everything completely. - Align AES_BLOCK_SIZE arrays to 8 bytes BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: optimize aes_cmac_128Stefan Metzmacher2015-08-272-85/+25
| | | | | | | | | | | | | - We avoid variables in order to do a lazy cleanup in aes_cmac_128_final() via ZERO_STRUCTP(ctx) - We avoid unused memcpy() calls - We use the optimized aes_block_{xor,lshift}() functions - Align AES_BLOCK_SIZE arrays to 8 bytes BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: add optimized helper functions aes_block_{xor,lshift,rshift}()Stefan Metzmacher2015-08-271-0/+575
| | | | | | | | | These are typical operations on an AES_BLOCK used by different modes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: add aes_ccm_128 testsStefan Metzmacher2015-08-273-5/+449
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: verify 0 updates in aes_gcm_128 testsStefan Metzmacher2015-08-271-0/+12
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: run all aes_gcm_128 testcasesStefan Metzmacher2015-08-271-4/+4
| | | | | | | | | We should not skip the first one. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: add aes_cmac_128 chunked testsStefan Metzmacher2015-08-271-0/+26
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Revert "lib: Fix deps for LIBCRYPTO"Douglas Bagnall2015-06-281-2/+2
| | | | | | | | | | | | | | | | | This reverts commit 30bfb8d63804f0c98312fadaadcb104120dadafb. Talloc is still needed by LIBCRYPTO, because arcfour.h includes lib/util/data_blob.h which includes talloc.h. It seems arcfour only uses the DATA_BLOB struct (in e.g. arcfour_crypt and arcfour_init). Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sun Jun 28 11:47:16 CEST 2015 on sn-devel-104
* lib: Fix deps for LIBCRYPTOVolker Lendecke2015-06-231-2/+2
| | | | | | | LIBCRYPTO itself does not depend on talloc Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Simplify arcfour_cryptVolker Lendecke2015-06-231-4/+5
| | | | | | | We don't need a dependency on data_blob in crypto Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Prevent clashes between system and Samba SHA functionsEmmanuel Dreyfus2015-06-033-2/+12
| | | | | | | | | | | | | | | | | | Samba provides its own set of SHA function, which would replace libc-provided flavors. This is a problem because while the prototypes are the same, the context structure are different. As a result, when connecting to a LDAP/SSL directory, we go through libldap/libssl/libcrypto and there libcrypto expects to call libc SHA functions, not Samba's. The fix is to check for SHA function presence and rename Samba's version to avoid a clash. Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo <simo@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 3 01:54:24 CEST 2015 on sn-devel-104
* lib/crypto: fix header guard for crypto.hMichael Adam2015-03-231-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* lib/crypto: Document nettle supported cryptoMichael Ledford2015-02-251-0/+21
| | | | | | Signed-off-by: Michael Ledford <michael@ledford.cc> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* lib/crypto: Document what crypto code is used for, and if GnuTLS supports itAndrew Bartlett2015-02-171-0/+97
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Feb 17 11:45:15 CET 2015 on sn-devel-104
* lib/crypto: add aes_gcm_128 support.Stefan Metzmacher2014-10-165-2/+642
| | | | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: add and build a copied version of SHA512 functions.Günther Deschner2014-10-143-1/+358
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib/crypto: Protect crypto.h against multiple inclusionMartin Schwenke2014-09-191-0/+4
| | | | | Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Volker Lendecke <vl@samba.org>
* lib: Fix strict-aliasing warning in md5 code.Andreas Schneider2014-01-091-3/+6
| | | | | | | | If the compiler detects strict aliasing problems it isn't able to optimize the code. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* crypto: fix build on OS XBjörn Jacke2014-01-081-0/+1
| | | | | | | | | | | we also need to use the CC_MD5_CTX from CommonCrypto here instead of the MD5_CTX Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jan 8 08:12:29 CET 2014 on sn-devel-104
* build: Remove the struct MD5Context conf file check.Andrew Bartlett2013-06-241-1/+0
| | | | | | | | | | Fix the build. Reviewed-by: Jeremy Allison <jra@samba.org> Tested-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Mon Jun 24 14:11:09 CEST 2013 on sn-devel-104
* build: Build with system md5.h on OpenIndianaAndrew Bartlett2013-06-196-8/+9
| | | | | | | | | | | | | | | | | | | | This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
* build: Update md5.h detection in waf and autoconf to use sys/md5.h and -lmdAndrew Bartlett2013-05-223-9/+19
| | | | | | | | | | | | | This brings the two build systems in sync, without using md5.h (which is a problem name) Tested on FreeBSD Andrew Bartlett Reviewed-by: Richard Sharpe <rsharpe@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Wed May 22 10:06:40 CEST 2013 on sn-devel-104
* crypto/aes_ccm_128: fix compile warning on openindianaBjörn Jacke2012-08-231-1/+1
|
* lib/crypto: add aes_ccm_128Stefan Metzmacher2012-07-234-1/+226
| | | | metze
* lib/crypto: Detect CommonCrypto and use it if availableMatthieu Patou2012-03-143-1/+15
| | | | | | | | | | CommonCrypto/CommonDigest is available on Mac and there is function in the libc for MD5 calculation. MD5Final is a C define of CC_MD5_Final. Under some circumstance we have the symbol defined twice in samba binaries on Snow Leopard at least. By detecting CommonCrypto/CommonDigest we end up always using the system version if available.
* lib/crypto: add aes_cmac_128_test.c as local.crypto.aes_cmac_128 testStefan Metzmacher2012-02-292-1/+93
| | | | metze
* lib/crypto: add aes_cmac_128* (rfc 4493)Stefan Metzmacher2012-02-294-4/+231
| | | | | | Thanks to Jeremy, Michael and Volker for the debugging! metze
* lib/crypto: fix hmac_sha256_final() prototypeStefan Metzmacher2012-02-271-1/+1
| | | | metze
* crypto: Use libbsd md5 header, if available.Jelmer Vernooij2012-02-073-2/+17
|
* crypto/md5: Change prototypes to match BSD.Jelmer Vernooij2012-02-071-5/+7
|
* crypto: Add prototype for main torture functions.Jelmer Vernooij2012-02-073-0/+4
|
* build: avoid util.h as a public header name due to conflict with MacOSAndrew Bartlett2011-09-233-3/+3
|
* lib/crypto: rename the SHA256_ functions to samba_SHA256_Andrew Tridgell2011-04-063-18/+18
| | | | | | | this prevents a symbol duplication with the openssl library, which may be linked in via a secondary library dependency Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s3: Fix Coverity ID 958: BAD_SIZEOFVolker Lendecke2011-03-271-1/+1
| | | | | | This is supposed to wipe out the md5 context, not only the first bytes of it. Others, please check!
* tdb: Use <tdb.h> to include tdb so system headers are found when building ↵Jelmer Vernooij2011-02-281-1/+1
| | | | against system tdb.
* lib/crypto: add aes_cfb8_encrypt()Stefan Metzmacher2011-01-032-0/+26
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 3 17:32:07 CET 2011 on sn-devel-104
* s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2010-10-311-18/+0
| | | | | | | | The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
* libcli-auth: Remove unnecessary dependency on libsamba-hostconfig.Jelmer Vernooij2010-10-111-1/+1
|
View Lorry Controller Status