summaryrefslogtreecommitdiff
path: root/lib/crypto
Commit message (Collapse)AuthorAgeFilesLines
* lib:crypto: Add GNUTLS_FIPS140_SET_(LAX|STRICT)_MODE to helpersAndreas Schneider2019-07-091-0/+11
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib:crypto: Fix path to header file in gnutls_helpers.hAndreas Schneider2019-07-091-2/+2
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib/crypto: Use GnuTLS RC4 for samba_gnutls_arcfour_confounded_md5()Andrew Bartlett2019-06-273-11/+35
| | | | | | | This allows Samba to use GnuTLS for drsuapi_{en,de}crypt_attribute_value() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib/crypto: Add GnuTLS helper function samba_gnutls_arcfour_confounded_md5()Andrew Bartlett2019-06-273-2/+85
| | | | | | | | This will avoid duplicated code as we convert arcfour_crypt_blob() into direct GnuTLS calls Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli:util: Add gnutls_error_to_werror()Andreas Schneider2019-06-272-0/+56
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/crypto: move gnutls error wrapper to own subsystemAndrew Bartlett2019-06-273-0/+104
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Fix ubsan null pointer passed as argument 2Gary Lockyer2019-05-271-4/+6
| | | | | | | | | | | | Fix ubsan warning null pointer passed as argument 2 when the source pointer is NULL. The calls to memcpy are now guarded by an if (len > 0) Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon May 27 01:29:48 UTC 2019 on sn-devel-184
* lib:crypto: Remove obsolete MD5 and HMAC MD5Andreas Schneider2019-05-219-673/+3
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue May 21 01:18:08 UTC 2019 on sn-devel-184
* lib/crypto: squash 'cast between incompatible function types' warningNoel Power2019-05-161-1/+1
| | | | | | | | | | | To avoid warning above produced by using -Wcast-function-type we; + ensure PyCFunctions of type METH_VARARGS do not declare unused and problematic kargs param. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib:crypto: Remove unused SHA512Andreas Schneider2019-05-074-340/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:crypto: Remove unused SHA256 and HMAC SHA256Andreas Schneider2019-04-307-482/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* build: Remove bld.gen_python_environments()Andrew Bartlett2019-03-211-5/+4
| | | | | | | This was part of --extra-python support. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* lib:crypto: Include only the required header filesAndreas Schneider2019-02-2710-12/+19
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* lib:crypto: Fix undefined behavior in md4Andreas Schneider2018-11-221-2/+4
| | | | | | | runtime error: left shift of 145 by 24 places cannot be represented in type 'int' Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* lib: Remove lib/crypto/crc32.[ch]Volker Lendecke2018-10-104-107/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Oct 10 01:41:52 CEST 2018 on sn-devel-144
* lib/crypto/wscript_configure: update to handle waf 2.0.4Alexander Bokovoy2018-09-051-4/+4
| | | | | Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/crypto/wscript: update to handle waf 2.0.4Alexander Bokovoy2018-09-051-1/+1
| | | | | Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/crypto: avoid 'return void_function();' which isn't portableStefan Metzmacher2018-04-031-4/+6
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org>
* Allow AESNI to be used on all processor supporting AESNI, not just Intel's ↵Eric Vannier2018-03-271-16/+0
| | | | | | | | | | | | | This improves performance/reduced CPU usage. Tests performed: - Ran on Ivy Bridge and Ryzen and verified that AESNI is detected (crypto tests) - Ran on Ryzen, and observed 50% increased speed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13302 Signed-off-by: Eric Vannier <evannier@google.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 27 13:50:09 CEST 2018 on sn-devel-144
* lib/crypto/REQUIREMENTS: DRSUAPI replication replicated secrets was missing ↵Andrew Bartlett2018-02-091-0/+1
| | | | | | | from the RC4 section Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* lib/crypto: Update REQUIREMENTS for recent Samba changesAndrew Bartlett2018-02-071-1/+1
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* crypto: Update the REQUIREMENTSAndreas Schneider2018-01-081-23/+47
| | | | | | | | | | | | | | Update after call with the GnuTLS maintainer to see what is supported in GnuTLS, what is working in FIPS mode or not, and what features we require to move to GnuTLS in future. The benefit will be FIPS certification and more hardware accelerated crypto. Bugs have been opened against GnuTLS to implment the missing features or add functions to declare use of old crypto functions as non-crypto use. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* lib/crypto: remove unused codeUri Simchoni2017-11-221-20/+0
| | | | | Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: crypto: Add the ability to select Intel AESNI instruction set at ↵Jeremy Allison2017-09-072-0/+19
| | | | | | | | | | | | configure time. Add --accel-aes=[none|intelaesni] to select. Default is none. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib: crypto: Plumb in the Intel AES instructions.Jeremy Allison2017-09-074-2/+224
| | | | | | | | | | | | | | | | | | | | Causes: AES_set_encrypt_key() AES_set_decrypt_key() AES_encrypt() AES_decrypt() to probe for the Intel AES instructions at runtime (only once) and then call the hardware implementations if so, otherwise fall back to the software implementations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008 Based on original work by Justin Maggard <jmaggard@netgear.com> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib: crypt: Prepare the existing code to switch to Intel AES hardware ↵Jeremy Allison2017-09-072-11/+67
| | | | | | | | | | | | | | | | | | | | | | | | | instructions. Rename the old struct aes_key as an intermediate struct aes_key_rj and wrap it in a union so we can chose an alternate aes_key struct when using Intel AES hardware. Rename the original software implementations of: AES_set_encrypt_key() AES_set_decrypt_key() AES_encrypt() AES_decrypt() by adding an _rj on the end, and call them via a wrapper function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008 Based on original work by Justin Maggard <jmaggard@netgear.com> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib/crypto: implement samba.crypto Python module for RC4Alexander Bokovoy2017-03-152-0/+97
| | | | | | | | | | | | | | | | | | | | | | | | Implement a small Python module that exposes arcfour_crypt_blob() function widely used in Samba C code. When Samba Python bindings are used to call LSA CreateTrustedDomainEx2, there is a need to encrypt trusted credentials with RC4 cipher. Current Samba Python code relies on Python runtime to provide RC4 cipher. However, in FIPS 140-2 mode system crypto libraries do not provide access RC4 cipher at all. According to Microsoft dochelp team, Windows is treating AuthenticationInformation blob encryption as 'plain text' in terms of FIPS 140-2, thus doing application-level encryption. Replace samba.arcfour_encrypt() implementation with a call to samba.crypto.arcfour_crypt_blob(). Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144
* lib: Fix some whitespaceVolker Lendecke2016-05-161-12/+13
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Fix a signed/unsigned mixupVolker Lendecke2016-05-161-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* vfs: Remove smb_traffic_analyzerVolker Lendecke2015-11-111-3/+0
| | | | | | | | | | | | | | | | Holger Hetterich told me in a personal email that he does not have time to care about this project anymore and that he is fine to remove it from Samba. Why the removal? It contains homegrown crypto that would need to be thoroughly audited and/or fixed. And if it's neither maintained nor widely used I'd rather have it removed. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Nov 11 00:23:35 CET 2015 on sn-devel-104
* lib/crypto: make it possible to use only parts of aes.[ch]Stefan Metzmacher2015-08-272-1/+14
| | | | | | | | | | | | This can be used in order to optimize some parts later. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 27 23:23:54 CEST 2015 on sn-devel-104
* lib/crypto: sync AES_cfb8_encrypt() from heimdalStefan Metzmacher2015-08-272-20/+25
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: make use of aes_test.h in aes_gcm_128_test.cStefan Metzmacher2015-08-271-221/+137
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: optimize aes_gcm_128Stefan Metzmacher2015-08-272-36/+25
| | | | | | | | | | | | - We avoid variables in order to do a lazy cleanup in aes_ccm_128_digest() via ZERO_STRUCTP(ctx) - We use the optimized aes_block_{xor,rshift}() functions - Align AES_BLOCK_SIZE arrays to 8 bytes BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: optimize aes_ccm_128Stefan Metzmacher2015-08-272-47/+78
| | | | | | | | | | | | | - We avoid variables in order to do a lazy cleanup in aes_ccm_128_digest() via ZERO_STRUCTP(ctx) - We use the optimized aes_block_xor() function - We reuse A_i instead of rebuilding it everything completely. - Align AES_BLOCK_SIZE arrays to 8 bytes BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: optimize aes_cmac_128Stefan Metzmacher2015-08-272-85/+25
| | | | | | | | | | | | | - We avoid variables in order to do a lazy cleanup in aes_cmac_128_final() via ZERO_STRUCTP(ctx) - We avoid unused memcpy() calls - We use the optimized aes_block_{xor,lshift}() functions - Align AES_BLOCK_SIZE arrays to 8 bytes BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: add optimized helper functions aes_block_{xor,lshift,rshift}()Stefan Metzmacher2015-08-271-0/+575
| | | | | | | | | These are typical operations on an AES_BLOCK used by different modes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: add aes_ccm_128 testsStefan Metzmacher2015-08-273-5/+449
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: verify 0 updates in aes_gcm_128 testsStefan Metzmacher2015-08-271-0/+12
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: run all aes_gcm_128 testcasesStefan Metzmacher2015-08-271-4/+4
| | | | | | | | | We should not skip the first one. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: add aes_cmac_128 chunked testsStefan Metzmacher2015-08-271-0/+26
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Revert "lib: Fix deps for LIBCRYPTO"Douglas Bagnall2015-06-281-2/+2
| | | | | | | | | | | | | | | | | This reverts commit 30bfb8d63804f0c98312fadaadcb104120dadafb. Talloc is still needed by LIBCRYPTO, because arcfour.h includes lib/util/data_blob.h which includes talloc.h. It seems arcfour only uses the DATA_BLOB struct (in e.g. arcfour_crypt and arcfour_init). Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sun Jun 28 11:47:16 CEST 2015 on sn-devel-104
* lib: Fix deps for LIBCRYPTOVolker Lendecke2015-06-231-2/+2
| | | | | | | LIBCRYPTO itself does not depend on talloc Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Simplify arcfour_cryptVolker Lendecke2015-06-231-4/+5
| | | | | | | We don't need a dependency on data_blob in crypto Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Prevent clashes between system and Samba SHA functionsEmmanuel Dreyfus2015-06-033-2/+12
| | | | | | | | | | | | | | | | | | Samba provides its own set of SHA function, which would replace libc-provided flavors. This is a problem because while the prototypes are the same, the context structure are different. As a result, when connecting to a LDAP/SSL directory, we go through libldap/libssl/libcrypto and there libcrypto expects to call libc SHA functions, not Samba's. The fix is to check for SHA function presence and rename Samba's version to avoid a clash. Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo <simo@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 3 01:54:24 CEST 2015 on sn-devel-104
* lib/crypto: fix header guard for crypto.hMichael Adam2015-03-231-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* lib/crypto: Document nettle supported cryptoMichael Ledford2015-02-251-0/+21
| | | | | | Signed-off-by: Michael Ledford <michael@ledford.cc> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* lib/crypto: Document what crypto code is used for, and if GnuTLS supports itAndrew Bartlett2015-02-171-0/+97
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Feb 17 11:45:15 CET 2015 on sn-devel-104
* lib/crypto: add aes_gcm_128 support.Stefan Metzmacher2014-10-165-2/+642
| | | | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/crypto: add and build a copied version of SHA512 functions.Günther Deschner2014-10-143-1/+358
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
View Lorry Controller Status