[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Fri Jun 30 15:00:01 UTC 2023
The branch, master has been updated
via acd081a70d2 build: Remove unused check for SHA1_Update and SHA1_RENAME_NEEDED
via 11b3c6826d1 Remove redundant check and fallback for AES CMAC 128 as we now require GnuTLS 3.6.13
via 95c843de926 crypto: Remove aesni-intel accelerated AES crypto functions
via a21ca8ac9ca Remove rudundent check and fallback for AES CFB8 as we now require GnuTLS 3.6.13
via a815eead841 Remove rudundent check/workaround for buggy GnuTLS 3.5.2 as we now require GnuTLS 3.6.13
via 055318d7e74 Remove rudundent check for gnutls_pkcs7_get_embedded_data_oid as we now require GnuTLS 3.6.13
via c630afa3c9c Remove check for gnutls_set_default_priority_append as it unused
via eda1022b599 crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2()
via 702bcbfc39a build: Set minimum required GnuTLS version to 3.6.13
from 358631ce331 smbd: Merge openat_pathref_fsp_nosymlink() into _internal()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit acd081a70d215483548d57a56b30918ed08e999a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Jun 30 22:41:51 2023 +1200
build: Remove unused check for SHA1_Update and SHA1_RENAME_NEEDED
I can not find the code that required this, even in the history.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jun 30 14:59:46 UTC 2023 on atb-devel-224
commit 11b3c6826d19d60937f75825075fc5eb67385e11
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 27 11:09:19 2022 +1300
Remove redundant check and fallback for AES CMAC 128 as we now require GnuTLS 3.6.13
This allows us to remove a lot of conditionally compiled code and so
know with more certainly that our tests are covering our code-paths.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 95c843de926ec46ab9d52ae8394250f93ee843c4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 27 11:05:17 2022 +1300
crypto: Remove aesni-intel accelerated AES crypto functions
These will shortly be unused as we will rely on GnuTLS for all AES cryptography
now that we require GnuTLS 3.6.13
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a21ca8ac9ca5305cae59d1733fffb38ce6bebb8f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 27 10:53:53 2022 +1300
Remove rudundent check and fallback for AES CFB8 as we now require GnuTLS 3.6.13
This allows us to remove a lot of conditionally compiled code and so
know with more certaintly that our tests are covering our codepaths.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a815eead8414fe6e8e999930ca4befa7c295497e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 27 10:48:42 2022 +1300
Remove rudundent check/workaround for buggy GnuTLS 3.5.2 as we now require GnuTLS 3.6.13
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 055318d7e74f3b1aad305334fa4fe5fd4b593e75
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 27 10:47:27 2022 +1300
Remove rudundent check for gnutls_pkcs7_get_embedded_data_oid as we now require GnuTLS 3.6.13
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c630afa3c9c7cdf927c2f55c63bdf418c5cf6900
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 27 10:03:48 2022 +1300
Remove check for gnutls_set_default_priority_append as it unused
This became unused with d30865014569f4b9a1261d9f0c40bc4fc98f883e
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit eda1022b599a98edcd8da3440bfa7675f987cec0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 27 09:57:06 2022 +1300
crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2()
This removes a lot of inline #ifdef and means this feature is always tested.
We can do this as we have chosen GnuTLS 3.6.13 as the new minimum version.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 702bcbfc39af77c1ab94a7f13fe7a50784646e5a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 27 09:51:09 2022 +1300
build: Set minimum required GnuTLS version to 3.6.13
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/schannel.c | 40 -
lib/crypto/aes.c | 329 ---
lib/crypto/aes.h | 634 -----
lib/crypto/aes_cmac_128.c | 121 -
lib/crypto/aes_cmac_128.h | 47 -
lib/crypto/aes_cmac_128_test.c | 119 -
lib/crypto/aes_test.h | 67 -
lib/crypto/aesni.h | 66 -
lib/crypto/crypto.h | 1 -
lib/crypto/py_crypto.c | 7 -
lib/crypto/rijndael-alg-fst.c | 1223 ---------
.../test_gnutls_aead_aes_256_cbc_hmac_sha512.c | 4 -
lib/crypto/wscript | 52 +-
lib/mscat/wscript | 3 +-
libcli/auth/credentials.c | 24 -
libcli/auth/tests/test_gnutls.c | 4 -
libcli/smb/smb2_signing.c | 45 -
python/samba/tests/auth_log_pass_change.py | 11 +-
python/samba/tests/krb5/lockout_tests.py | 10 -
python/samba/tests/krb5/raw_testcase.py | 7 -
source3/rpc_client/cli_samr.c | 4 -
source3/rpc_server/samr/srv_samr_nt.c | 5 -
source4/libnet/libnet_passwd.c | 4 -
source4/rpc_server/samr/samr_password.c | 4 -
source4/selftest/tests.py | 12 +-
source4/torture/local/local.c | 7 -
source4/torture/rpc/samr.c | 2 -
third_party/aesni-intel/aesni-intel_asm.c | 2812 --------------------
third_party/aesni-intel/inst-intel.h | 306 ---
third_party/aesni-intel/wscript | 32 -
third_party/wscript | 4 -
wscript | 2 -
wscript_configure_system_gnutls | 23 +-
33 files changed, 7 insertions(+), 6024 deletions(-)
delete mode 100644 lib/crypto/aes.c
delete mode 100644 lib/crypto/aes_cmac_128.c
delete mode 100644 lib/crypto/aes_cmac_128.h
delete mode 100644 lib/crypto/aes_cmac_128_test.c
delete mode 100644 lib/crypto/aes_test.h
delete mode 100644 lib/crypto/aesni.h
delete mode 100644 lib/crypto/rijndael-alg-fst.c
delete mode 100644 third_party/aesni-intel/aesni-intel_asm.c
delete mode 100644 third_party/aesni-intel/inst-intel.h
delete mode 100644 third_party/aesni-intel/wscript
Changeset truncated at 500 lines:
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 872e7d185e6..4f5db9fc32e 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -35,10 +35,6 @@
#include "auth/gensec/gensec_toplevel_proto.h"
#include "libds/common/roles.h"
-#ifndef HAVE_GNUTLS_AES_CFB8
-#include "lib/crypto/aes.h"
-#endif
-
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -150,7 +146,6 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
uint8_t seq_num[8])
{
if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-#ifdef HAVE_GNUTLS_AES_CFB8
gnutls_cipher_hd_t cipher_hnd = NULL;
gnutls_datum_t key = {
.data = state->creds->session_key,
@@ -186,17 +181,6 @@ static NTSTATUS netsec_do_seq_num(struct schannel_state *state,
NT_STATUS_CRYPTO_SYSTEM_INVALID);
}
-#else /* NOT HAVE_GNUTLS_AES_CFB8 */
- AES_KEY key;
- uint8_t iv[AES_BLOCK_SIZE];
-
- AES_set_encrypt_key(state->creds->session_key, 128, &key);
- ZERO_STRUCT(iv);
- memcpy(iv+0, checksum, 8);
- memcpy(iv+8, checksum, 8);
-
- aes_cfb8_encrypt(seq_num, seq_num, 8, &key, iv, AES_ENCRYPT);
-#endif /* HAVE_GNUTLS_AES_CFB8 */
} else {
static const uint8_t zeros[4];
uint8_t _sequence_key[16];
@@ -261,7 +245,6 @@ static NTSTATUS netsec_do_seal(struct schannel_state *state,
bool forward)
{
if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-#ifdef HAVE_GNUTLS_AES_CFB8
gnutls_cipher_hd_t cipher_hnd = NULL;
uint8_t sess_kf0[16] = {0};
gnutls_datum_t key = {
@@ -354,29 +337,6 @@ static NTSTATUS netsec_do_seal(struct schannel_state *state,
}
}
gnutls_cipher_deinit(cipher_hnd);
-#else /* NOT HAVE_GNUTLS_AES_CFB8 */
- AES_KEY key;
- uint8_t iv[AES_BLOCK_SIZE];
- uint8_t sess_kf0[16];
- int i;
-
- for (i = 0; i < 16; i++) {
- sess_kf0[i] = state->creds->session_key[i] ^ 0xf0;
- }
-
- AES_set_encrypt_key(sess_kf0, 128, &key);
- ZERO_STRUCT(iv);
- memcpy(iv+0, seq_num, 8);
- memcpy(iv+8, seq_num, 8);
-
- if (forward) {
- aes_cfb8_encrypt(confounder, confounder, 8, &key, iv, AES_ENCRYPT);
- aes_cfb8_encrypt(data, data, length, &key, iv, AES_ENCRYPT);
- } else {
- aes_cfb8_encrypt(confounder, confounder, 8, &key, iv, AES_DECRYPT);
- aes_cfb8_encrypt(data, data, length, &key, iv, AES_DECRYPT);
- }
-#endif /* HAVE_GNUTLS_AES_CFB8 */
} else {
gnutls_cipher_hd_t cipher_hnd;
uint8_t _sealing_key[16];
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
deleted file mode 100644
index 4ff019af91a..00000000000
--- a/lib/crypto/aes.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "replace.h"
-#include "aes.h"
-
-#ifdef SAMBA_RIJNDAEL
-#include "rijndael-alg-fst.h"
-
-#if defined(HAVE_AESNI_INTEL)
-
-/*
- * NB. HAVE_AESNI_INTEL is only defined if -lang-asm is
- * available.
- */
-
-static inline void __cpuid(unsigned int where[4], unsigned int leaf)
-{
- asm volatile("cpuid" :
- "=a" (where[0]),
- "=b" (where[1]),
- "=c" (where[2]),
- "=d" (where[3]): "a" (leaf));
-}
-
-/*
- * has_intel_aes_instructions()
- * return true if supports AES-NI and false if doesn't
- */
-static bool has_intel_aes_instructions(void)
-{
- static int has_aes_instructions = -1;
- unsigned int cpuid_results[4];
-
- if (has_aes_instructions != -1) {
- return (bool)has_aes_instructions;
- }
-
- __cpuid(cpuid_results, 1);
- has_aes_instructions = !!(cpuid_results[2] & (1 << 25));
- return (bool)has_aes_instructions;
-}
-
-/*
- * Macro to ensure the AES key schedule starts on a 16 byte boundary.
- */
-
-#define SET_ACC_CTX(k) \
- do { \
- (k)->u.aes_ni.acc_ctx = \
- (struct crypto_aes_ctx *)(((unsigned long)(k)->u.aes_ni._acc_ctx + 15) & ~0xfUL); \
- } while (0)
-
-/*
- * The next 4 functions call the Intel AES hardware implementations
- * of:
- *
- * AES_set_encrypt_key()
- * AES_set_decrypt_key()
- * AES_encrypt()
- * AES_decrypt()
- */
-
-static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
- const int bits,
- AES_KEY *key)
-{
- SET_ACC_CTX(key);
- return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
-}
-
-static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
- const int bits,
- AES_KEY *key)
-{
- SET_ACC_CTX(key);
- return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
-}
-
-static void AES_encrypt_aesni(const unsigned char *in,
- unsigned char *out,
- const AES_KEY *key)
-{
- aesni_enc(key->u.aes_ni.acc_ctx, out, in);
-}
-
-static void AES_decrypt_aesni(const unsigned char *in,
- unsigned char *out,
- const AES_KEY *key)
-{
- aesni_dec(key->u.aes_ni.acc_ctx, out, in);
-}
-#else /* defined(HAVE_AESNI_INTEL) */
-
-/*
- * Dummy implementations if no Intel AES instructions present.
- * Only has_intel_aes_instructions() will ever be called.
-*/
-
-static bool has_intel_aes_instructions(void)
-{
- return false;
-}
-
-static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
- const int bits,
- AES_KEY *key)
-{
- return -1;
-}
-
-static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
- const int bits,
- AES_KEY *key)
-{
- return -1;
-}
-
-static void AES_encrypt_aesni(const unsigned char *in,
- unsigned char *out,
- const AES_KEY *key)
-{
- abort();
-}
-
-static void AES_decrypt_aesni(const unsigned char *in,
- unsigned char *out,
- const AES_KEY *key)
-{
- abort();
-}
-#endif /* defined(HAVE_AENI_INTEL) */
-
-/*
- * The next 4 functions are the pure software implementations
- * of:
- *
- * AES_set_encrypt_key()
- * AES_set_decrypt_key()
- * AES_encrypt()
- * AES_decrypt()
- */
-
-static int
-AES_set_encrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key)
-{
- key->u.aes_rj.rounds = rijndaelKeySetupEnc(key->u.aes_rj.key, userkey, bits);
- if (key->u.aes_rj.rounds == 0)
- return -1;
- return 0;
-}
-
-static int
-AES_set_decrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key)
-{
- key->u.aes_rj.rounds = rijndaelKeySetupDec(key->u.aes_rj.key, userkey, bits);
- if (key->u.aes_rj.rounds == 0)
- return -1;
- return 0;
-}
-
-static void
-AES_encrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key)
-{
- rijndaelEncrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out);
-}
-
-static void
-AES_decrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key)
-{
- rijndaelDecrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out);
-}
-
-/*
- * The next 4 functions are the runtime switch for Intel AES hardware
- * implementations of:
- *
- * AES_set_encrypt_key()
- * AES_set_decrypt_key()
- * AES_encrypt()
- * AES_decrypt()
- *
- * If the hardware instructions don't exist, fall back to the software
- * versions.
- */
-
-int
-AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
-{
- if (has_intel_aes_instructions()) {
- return AES_set_encrypt_key_aesni(userkey, bits, key);
- }
- return AES_set_encrypt_key_rj(userkey, bits, key);
-}
-
-int
-AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
-{
- if (has_intel_aes_instructions()) {
- return AES_set_decrypt_key_aesni(userkey, bits, key);
- }
- return AES_set_decrypt_key_rj(userkey, bits, key);
-}
-
-void
-AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
-{
- if (has_intel_aes_instructions()) {
- AES_encrypt_aesni(in, out, key);
- return;
- }
- AES_encrypt_rj(in, out, key);
-}
-
-void
-AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
-{
- if (has_intel_aes_instructions()) {
- AES_decrypt_aesni(in, out, key);
- return;
- }
- AES_decrypt_rj(in, out, key);
-}
-
-#endif /* SAMBA_RIJNDAEL */
-
-#ifdef SAMBA_AES_CBC_ENCRYPT
-void
-AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
- unsigned long size, const AES_KEY *key,
- unsigned char *iv, int forward_encrypt)
-{
- unsigned char tmp[AES_BLOCK_SIZE];
- int i;
-
- if (forward_encrypt) {
- while (size >= AES_BLOCK_SIZE) {
- for (i = 0; i < AES_BLOCK_SIZE; i++)
- tmp[i] = in[i] ^ iv[i];
- AES_encrypt(tmp, out, key);
- memcpy(iv, out, AES_BLOCK_SIZE);
- size -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- if (size) {
- for (i = 0; i < size; i++)
- tmp[i] = in[i] ^ iv[i];
- for (i = size; i < AES_BLOCK_SIZE; i++)
- tmp[i] = iv[i];
- AES_encrypt(tmp, out, key);
- memcpy(iv, out, AES_BLOCK_SIZE);
- }
- } else {
- while (size >= AES_BLOCK_SIZE) {
- memcpy(tmp, in, AES_BLOCK_SIZE);
- AES_decrypt(tmp, out, key);
- for (i = 0; i < AES_BLOCK_SIZE; i++)
- out[i] ^= iv[i];
- memcpy(iv, tmp, AES_BLOCK_SIZE);
- size -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- if (size) {
- memcpy(tmp, in, AES_BLOCK_SIZE);
- AES_decrypt(tmp, out, key);
- for (i = 0; i < size; i++)
- out[i] ^= iv[i];
- memcpy(iv, tmp, AES_BLOCK_SIZE);
- }
- }
-}
-#endif /* SAMBA_AES_CBC_ENCRYPT */
-
-#ifdef SAMBA_AES_CFB8_ENCRYPT
-void
-AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
- unsigned long size, const AES_KEY *key,
- unsigned char *iv, int forward_encrypt)
-{
- int i;
-
- for (i = 0; i < size; i++) {
- unsigned char tmp[AES_BLOCK_SIZE + 1];
-
- memcpy(tmp, iv, AES_BLOCK_SIZE);
- AES_encrypt(iv, iv, key);
- if (!forward_encrypt) {
- tmp[AES_BLOCK_SIZE] = in[i];
- }
- out[i] = in[i] ^ iv[0];
- if (forward_encrypt) {
- tmp[AES_BLOCK_SIZE] = out[i];
- }
- memcpy(iv, &tmp[1], AES_BLOCK_SIZE);
- }
-}
-#endif /* SAMBA_AES_CFB8_ENCRYPT */
diff --git a/lib/crypto/aes.h b/lib/crypto/aes.h
index 00bfa3e26ce..21c1edabe98 100644
--- a/lib/crypto/aes.h
+++ b/lib/crypto/aes.h
@@ -36,643 +36,9 @@
#ifndef LIB_CRYPTO_AES_H
#define LIB_CRYPTO_AES_H 1
-#include "aesni.h"
-
-#define SAMBA_RIJNDAEL 1
-#define SAMBA_AES_CBC_ENCRYPT 1
-#define SAMBA_AES_CFB8_ENCRYPT 1
-#define SAMBA_AES_BLOCK_XOR 1
-
-/* symbol renaming */
-#define AES_set_encrypt_key samba_AES_set_encrypt_key
-#define AES_set_decrypt_key samba_AES_decrypt_key
-#define AES_encrypt samba_AES_encrypt
-#define AES_decrypt samba_AES_decrypt
-#define AES_cbc_encrypt samba_AES_cbc_encrypt
-#define AES_cfb8_encrypt samba_AES_cfb8_encrypt
-
/*
*
*/
#define AES_BLOCK_SIZE 16
-#define AES_MAXNR 14
-
-#define AES_ENCRYPT 1
-#define AES_DECRYPT 0
-
-struct aes_key_rj {
- uint32_t key[(AES_MAXNR+1)*4];
- int rounds;
-};
-
-typedef struct aes_key {
- union {
- struct aes_key_rj aes_rj;
- struct crypto_aesni_ctx aes_ni;
- } u;
-} AES_KEY;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *);
-int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *);
-
-void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *);
-void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *);
-
-void AES_cbc_encrypt(const unsigned char *, unsigned char *,
- const unsigned long, const AES_KEY *,
- unsigned char *, int);
-
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
- unsigned long size, const AES_KEY *key,
- unsigned char *iv, int forward_encrypt);
-
-#define aes_cfb8_encrypt(in, out, size, key, iv, forward_encrypt) \
- AES_cfb8_encrypt(in, out, size, key, iv, forward_encrypt)
-
-#ifdef __cplusplus
-}
-#endif
-
-#ifdef SAMBA_AES_BLOCK_XOR
-static inline void aes_block_xor(const uint8_t in1[AES_BLOCK_SIZE],
- const uint8_t in2[AES_BLOCK_SIZE],
- uint8_t out[AES_BLOCK_SIZE])
-{
-#define __IS_ALIGN8(p) ((((uintptr_t)(p)) & 0x7) == 0)
-#define __IS_ALIGNED(a,b,c) __IS_ALIGN8(\
- ((uintptr_t)(a)) | \
- ((uintptr_t)(b)) | \
- ((uintptr_t)(c)))
- /* If everything is aligned we can optimize */
- if (likely(__IS_ALIGNED(in1, in2, out))) {
-#define __RO64(p) ((const uint64_t *)(p))
-#define __RW64(p) ((uint64_t *)(p))
- __RW64(out)[0] = __RO64(in1)[0] ^ __RO64(in2)[0];
- __RW64(out)[1] = __RO64(in1)[1] ^ __RO64(in2)[1];
--
Samba Shared Repository
More information about the samba-cvs
mailing list