The branch, master has been updated via b8fce2c libcli/smb: use lib/crypto SHA512 functions, do not depend on heimdal. via 9ec531d lib/crypto: add and build a copied version of SHA512 functions. from 0c2c75a filter-subunit: Drop support for allow_empty_output hack.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit b8fce2c65bad91abb5b22484456bac4060526039 Author: Günther Deschner <g...@samba.org> Date: Mon Oct 13 20:01:05 2014 +0200 libcli/smb: use lib/crypto SHA512 functions, do not depend on heimdal. Guenther Signed-off-by: Günther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Günther Deschner <g...@samba.org> Autobuild-Date(master): Tue Oct 14 13:13:08 CEST 2014 on sn-devel-104 commit 9ec531d30d57e2fefbab2bdb8f9ce888c948fe39 Author: Günther Deschner <g...@samba.org> Date: Mon Oct 13 20:00:11 2014 +0200 lib/crypto: add and build a copied version of SHA512 functions. Guenther Signed-off-by: Günther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: .../heimdal/lib/hcrypto => lib/crypto}/sha512.c | 73 ++++++++++---------- .../lib/hcrypto/md5.h => lib/crypto/sha512.h | 34 +++++---- lib/crypto/wscript_build | 2 +- libcli/smb/smbXcli_base.c | 26 ++++---- 4 files changed, 68 insertions(+), 67 deletions(-) copy {source4/heimdal/lib/hcrypto => lib/crypto}/sha512.c (88%) copy source4/heimdal/lib/hcrypto/md5.h => lib/crypto/sha512.h (76%) Changeset truncated at 500 lines: diff --git a/source4/heimdal/lib/hcrypto/sha512.c b/lib/crypto/sha512.c similarity index 88% copy from source4/heimdal/lib/hcrypto/sha512.c copy to lib/crypto/sha512.c index 4bea216..9c7367b 100644 --- a/source4/heimdal/lib/hcrypto/sha512.c +++ b/lib/crypto/sha512.c @@ -31,10 +31,39 @@ * SUCH DAMAGE. */ -#include "config.h" +#include "replace.h" +#include "sha512.h" + +#ifndef min +#define min(a,b) (((a)>(b))?(b):(a)) +#endif + +/* Vector Crays doesn't have a good 32-bit type, or more precisely, + int32_t as defined by <bind/bitypes.h> isn't 32 bits, and we don't + want to depend in being able to redefine this type. To cope with + this we have to clamp the result in some places to [0,2^32); no + need to do this on other machines. Did I say this was a mess? + */ + +#ifdef _CRAY +#define CRAYFIX(X) ((X) & 0xffffffff) +#else +#define CRAYFIX(X) (X) +#endif + +static inline uint32_t +cshift (uint32_t x, unsigned int n) +{ + x = CRAYFIX(x); + return CRAYFIX((x << n) | (x >> (32 - n))); +} + +static inline uint64_t +cshift64 (uint64_t x, unsigned int n) +{ + return ((uint64_t)x << (uint64_t)n) | ((uint64_t)x >> ((uint64_t)64 - (uint64_t)n)); +} -#include "hash.h" -#include "sha.h" #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) @@ -99,7 +128,7 @@ static const uint64_t constant_512[80] = { }; void -SHA512_Init (SHA512_CTX *m) +samba_SHA512_Init (SHA512_CTX *m) { m->sz[0] = 0; m->sz[1] = 0; @@ -185,7 +214,7 @@ struct x64{ #endif void -SHA512_Update (SHA512_CTX *m, const void *v, size_t len) +samba_SHA512_Update (SHA512_CTX *m, const void *v, size_t len) { const unsigned char *p = v; size_t old_sz = m->sz[0]; @@ -220,7 +249,7 @@ SHA512_Update (SHA512_CTX *m, const void *v, size_t len) } void -SHA512_Final (void *res, SHA512_CTX *m) +samba_SHA512_Final (void *res, SHA512_CTX *m) { unsigned char zeros[128 + 16]; unsigned offset = (m->sz[0] / 8) % 128; @@ -245,7 +274,7 @@ SHA512_Final (void *res, SHA512_CTX *m) zeros[dstart+2] = (m->sz[1] >> 40) & 0xff; zeros[dstart+1] = (m->sz[1] >> 48) & 0xff; zeros[dstart+0] = (m->sz[1] >> 56) & 0xff; - SHA512_Update (m, zeros, dstart + 16); + samba_SHA512_Update (m, zeros, dstart + 16); { int i; unsigned char *r = (unsigned char*)res; @@ -262,33 +291,3 @@ SHA512_Final (void *res, SHA512_CTX *m) } } } - -void -SHA384_Init(SHA384_CTX *m) -{ - m->sz[0] = 0; - m->sz[1] = 0; - A = 0xcbbb9d5dc1059ed8ULL; - B = 0x629a292a367cd507ULL; - C = 0x9159015a3070dd17ULL; - D = 0x152fecd8f70e5939ULL; - E = 0x67332667ffc00b31ULL; - F = 0x8eb44a8768581511ULL; - G = 0xdb0c2e0d64f98fa7ULL; - H = 0x47b5481dbefa4fa4ULL; -} - -void -SHA384_Update (SHA384_CTX *m, const void *v, size_t len) -{ - SHA512_Update(m, v, len); -} - -void -SHA384_Final (void *res, SHA384_CTX *m) -{ - unsigned char data[SHA512_DIGEST_LENGTH]; - SHA512_Final(data, m); - memcpy(res, data, SHA384_DIGEST_LENGTH); -} - diff --git a/source4/heimdal/lib/hcrypto/md5.h b/lib/crypto/sha512.h similarity index 76% copy from source4/heimdal/lib/hcrypto/md5.h copy to lib/crypto/sha512.h index b2df6e5..dc394fd 100644 --- a/source4/heimdal/lib/hcrypto/md5.h +++ b/lib/crypto/sha512.h @@ -33,30 +33,32 @@ /* $Id$ */ -#ifndef HEIM_MD5_H -#define HEIM_MD5_H 1 +#ifndef HEIM_SHA_H +#define HEIM_SHA_H 1 +#if 0 /* symbol renaming */ -#define MD5_Init hc_MD5_Init -#define MD5_Update hc_MD5_Update -#define MD5_Final hc_MD5_Final +#define SHA512_Init hc_SHA512_Init +#define SHA512_Update hc_SHA512_Update +#define SHA512_Final hc_SHA512_Final +#endif /* - * + * SHA-2 512 */ -#define MD5_DIGEST_LENGTH 16 +#define SHA512_DIGEST_LENGTH 64 -struct md5 { - unsigned int sz[2]; - uint32_t counter[4]; - unsigned char save[64]; +struct hc_sha512state { + uint64_t sz[2]; + uint64_t counter[8]; + unsigned char save[128]; }; -typedef struct md5 MD5_CTX; +typedef struct hc_sha512state SHA512_CTX; -void MD5_Init (struct md5 *m); -void MD5_Update (struct md5 *m, const void *p, size_t len); -void MD5_Final (void *res, struct md5 *m); /* uint32_t res[4] */ +void samba_SHA512_Init (SHA512_CTX *); +void samba_SHA512_Update (SHA512_CTX *, const void *, size_t); +void samba_SHA512_Final (void *, SHA512_CTX *); -#endif /* HEIM_MD5_H */ +#endif /* HEIM_SHA_H */ diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build index a1f29ae..11f7493 100644 --- a/lib/crypto/wscript_build +++ b/lib/crypto/wscript_build @@ -12,7 +12,7 @@ elif not bld.CONFIG_SET('HAVE_SYS_MD5_H') and not bld.CONFIG_SET('HAVE_COMMONCRY extra_source += ' md5.c' bld.SAMBA_SUBSYSTEM('LIBCRYPTO', - source='''crc32.c hmacmd5.c md4.c arcfour.c sha256.c hmacsha256.c + source='''crc32.c hmacmd5.c md4.c arcfour.c sha256.c sha512.c hmacsha256.c aes.c rijndael-alg-fst.c aes_cmac_128.c aes_ccm_128.c ''' + extra_source, deps='talloc' + extra_deps diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index ad405a2..4daaf2a 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -32,7 +32,7 @@ #include "smbXcli_base.h" #include "librpc/ndr/libndr.h" #include "libcli/smb/smb2_negotiate_context.h" -#include <hcrypto/sha.h> +#include "lib/crypto/sha512.h" struct smbXcli_conn; struct smbXcli_req; @@ -4743,23 +4743,23 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) /* First we hash the request */ smb2cli_req_get_sent_iov(subreq, sent_iov); - SHA512_Init(&sctx); - SHA512_Update(&sctx, conn->smb2.preauth_sha512, + samba_SHA512_Init(&sctx); + samba_SHA512_Update(&sctx, conn->smb2.preauth_sha512, sizeof(conn->smb2.preauth_sha512)); for (i = 0; i < 3; i++) { - SHA512_Update(&sctx, sent_iov[i].iov_base, sent_iov[i].iov_len); + samba_SHA512_Update(&sctx, sent_iov[i].iov_base, sent_iov[i].iov_len); } - SHA512_Final(conn->smb2.preauth_sha512, &sctx); + samba_SHA512_Final(conn->smb2.preauth_sha512, &sctx); TALLOC_FREE(subreq); /* And now we hash the response */ - SHA512_Init(&sctx); - SHA512_Update(&sctx, conn->smb2.preauth_sha512, + samba_SHA512_Init(&sctx); + samba_SHA512_Update(&sctx, conn->smb2.preauth_sha512, sizeof(conn->smb2.preauth_sha512)); for (i = 0; i < 3; i++) { - SHA512_Update(&sctx, iov[i].iov_base, iov[i].iov_len); + samba_SHA512_Update(&sctx, iov[i].iov_base, iov[i].iov_len); } - SHA512_Final(conn->smb2.preauth_sha512, &sctx); + samba_SHA512_Final(conn->smb2.preauth_sha512, &sctx); tevent_req_done(req); } @@ -5357,13 +5357,13 @@ NTSTATUS smb2cli_session_update_preauth(struct smbXcli_session *session, return NT_STATUS_OK; } - SHA512_Init(&sctx); - SHA512_Update(&sctx, session->smb2_channel.preauth_sha512, + samba_SHA512_Init(&sctx); + samba_SHA512_Update(&sctx, session->smb2_channel.preauth_sha512, sizeof(session->smb2_channel.preauth_sha512)); for (i = 0; i < 3; i++) { - SHA512_Update(&sctx, iov[i].iov_base, iov[i].iov_len); + samba_SHA512_Update(&sctx, iov[i].iov_base, iov[i].iov_len); } - SHA512_Final(session->smb2_channel.preauth_sha512, &sctx); + samba_SHA512_Final(session->smb2_channel.preauth_sha512, &sctx); return NT_STATUS_OK; } -- Samba Shared Repository