{
size_t tag_size = _tag_size;
int rc;
-#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
rc = gnutls_aead_cipher_encryptv2(cipher_hnd,
iv, iv_size,
}
return NT_STATUS_OK;
-#else /* ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM */
- TALLOC_CTX *tmp_ctx = NULL;
- size_t atext_size = 0;
- uint8_t *atext = NULL;
- size_t len = 0;
- size_t i;
-
- /*
- * If we come from python bindings, we don't have a stackframe
- * around, so use the NULL context.
- *
- * This is fine as we make sure we free the memory.
- */
- if (talloc_stackframe_exists()) {
- tmp_ctx = talloc_tos();
- }
-
- for (i=0; i < auth_iovcnt; i++) {
- atext_size += auth_iov[i].iov_len;
- }
-
- atext = talloc_size(tmp_ctx, atext_size);
- if (atext == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i = 0; i < auth_iovcnt; i++) {
- memcpy(atext + len,
- auth_iov[i].iov_base,
- auth_iov[i].iov_len);
-
- len += auth_iov[i].iov_len;
- if (len > atext_size) {
- TALLOC_FREE(atext);
- return NT_STATUS_INTERNAL_ERROR;
- }
- }
-
- rc = gnutls_aead_cipher_encrypt(cipher_hnd,
- iv, iv_size,
- atext,
- atext_size,
- tag_size,
- NULL, 0,
- tag, &tag_size);
- TALLOC_FREE(atext);
- if (rc < 0) {
- return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
- }
-
- return NT_STATUS_OK;
-#endif /* ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM */
}
static NTSTATUS smb2_signing_calc_signature(struct smb2_signing_key *signing_key,
struct iovec *vector,
int count)
{
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
bool use_encryptv2 = false;
-#endif
uint16_t cipher_id;
uint8_t *tf;
size_t a_total;
case SMB2_ENCRYPTION_AES128_GCM:
algo = GNUTLS_CIPHER_AES_128_GCM;
iv_size = gnutls_cipher_get_iv_size(algo);
-#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
use_encryptv2 = true;
-#endif
break;
case SMB2_ENCRYPTION_AES256_CCM:
algo = GNUTLS_CIPHER_AES_256_CCM;
case SMB2_ENCRYPTION_AES256_GCM:
algo = GNUTLS_CIPHER_AES_256_GCM;
iv_size = gnutls_cipher_get_iv_size(algo);
-#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
use_encryptv2 = true;
-#endif
break;
default:
return NT_STATUS_INVALID_PARAMETER;
0,
16 - iv_size);
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
if (use_encryptv2) {
uint8_t tag[tag_size];
giovec_t auth_iov[1];
memcpy(tf + SMB2_TF_SIGNATURE, tag, tag_size);
} else
-#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
{
size_t ptext_size = m_total;
uint8_t *ptext = NULL;
struct iovec *vector,
int count)
{
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
bool use_encryptv2 = false;
-#endif
uint16_t cipher_id;
uint8_t *tf;
uint16_t flags;
case SMB2_ENCRYPTION_AES128_GCM:
algo = GNUTLS_CIPHER_AES_128_GCM;
iv_size = gnutls_cipher_get_iv_size(algo);
-#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
use_encryptv2 = true;
-#endif
break;
case SMB2_ENCRYPTION_AES256_CCM:
algo = GNUTLS_CIPHER_AES_256_CCM;
case SMB2_ENCRYPTION_AES256_GCM:
algo = GNUTLS_CIPHER_AES_256_GCM;
iv_size = gnutls_cipher_get_iv_size(algo);
-#ifdef ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
use_encryptv2 = true;
-#endif
break;
default:
return NT_STATUS_INVALID_PARAMETER;
}
}
-/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
if (use_encryptv2) {
giovec_t auth_iov[1];
goto out;
}
} else
-#endif /* HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2 */
{
size_t ctext_size = m_total + tag_size;
uint8_t *ctext = NULL;
#
# 3.6.10 - 3.6.14 have a severe memory leak with AES-CCM
# https://gitlab.com/gnutls/gnutls/-/merge_requests/1278
-if (gnutls_version > parse_version('3.6.10')):
- if conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls'):
- conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM', 1)
- if (gnutls_version > parse_version('3.6.14')):
- conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM', 1)
+if (gnutls_version > parse_version('3.6.14')):
+ conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM', 1)
# Check if gnutls has fips mode support
# gnutls_fips140_mode_enabled() is available since 3.3.0
projects / thirdparty / samba.git / commitdiff
