samba.git/lib/crypto, branch talloc-2.4.4 Unnamed repository; edit this file 'description' to name the repository. lib:crypto: Don’t pass null pointer to memcpy() 2025-08-27T03:41:36+00:00 Jennifer Sutton jennifersutton@catalyst.net.nz 2025-05-26T00:00:16+00:00 0c92628340ea7b6e22c2a6b61e7dfb91f82879d5 This results in undefined behaviour. Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
This results in undefined behaviour.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
lib:crypto: Remove trailing whitespace 2025-08-27T03:41:36+00:00 Jennifer Sutton jennifersutton@catalyst.net.nz 2025-05-25T23:59:53+00:00 bef2ef342e973f22e423eef7fc2e01361ee5c17c Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
replace direct calls to memset_s() with commonly used macros 2025-01-02T17:01:30+00:00 Michael Tokarev mjt@tls.msk.ru 2024-11-18T11:19:54+00:00 712117155e0efae593d2867037c92741f2151252 samba provides macros for zeroing various structures in memory, and all code uses them instead of relying on memset_s(). However, a few places use memset_s() directly. Replace these usages with macros for consistency and to be able to replace memset_s() easier. A few notes. Commit 03a50d8f7d872b6ef701d12 "lib:util: Check memset_s() error code in talloc_keep_secret_destructor()" (Aug-2022) added a check for error return from memset_s(). This is the only place in whole codebase which bothers about doing this. But I've difficult time figuring out the intention. Was there a real case when this code path is actually executed? Commit 7658c9bf0a9c99e3f200571 "lib:crypto: Remove redundant array zeroing" (Nov-2023) removed the OTHER line from the two lines used to zero memory in here. Initially the code used both memset_s() *and* ZERO_ARRAY_LEN(), the former has been removed. This change removes the other - memset_s(), reintroducing ZERO_ARRAY_LEN(). Here however, it's probably better to use BURN_PTR instead of ZERO_ARRAY - in this place and a few lines above. Commit 8dddea2ceda40f2365bd6b1 "lib:talloc: Use memset_s() to avoid the call gets optimized out" (Feb-2024) is a recent commit which introduces memset_s(). However, it does not seem like it makes any difference whatsoever for a testsuite, or that it actually needs to clean up the memory to begin with. We've quite an assortment of all this memory zeroing stuff. Also it is repeated in replace.h and memory.h (two sets in these files are different but has big intersection). I'd say, to fix this mess, things from replace.h should be removed in favour of memory.h, and necessary includes added, but this is for the next time. We also have lots of direct usages of memset_s() in heimdal code. Cc: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> 
samba provides macros for zeroing various structures in memory,
and all code uses them instead of relying on memset_s().
However, a few places use memset_s() directly.  Replace these
usages with macros for consistency and to be able to replace
memset_s() easier.

A few notes.

Commit 03a50d8f7d872b6ef701d12 "lib:util: Check memset_s() error
code in talloc_keep_secret_destructor()" (Aug-2022) added a check
for error return from memset_s().  This is the only place in whole
codebase which bothers about doing this.  But I've difficult time
figuring out the intention.  Was there a real case when this code
path is actually executed?

Commit 7658c9bf0a9c99e3f200571 "lib:crypto: Remove redundant array
zeroing" (Nov-2023) removed the OTHER line from the two lines used
to zero memory in here.  Initially the code used both memset_s()
*and* ZERO_ARRAY_LEN(), the former has been removed.  This change
removes the other - memset_s(), reintroducing ZERO_ARRAY_LEN().
Here however, it's probably better to use BURN_PTR instead of
ZERO_ARRAY - in this place and a few lines above.

Commit 8dddea2ceda40f2365bd6b1 "lib:talloc: Use memset_s() to avoid
the call gets optimized out" (Feb-2024) is a recent commit which
introduces memset_s().  However, it does not seem like it makes
any difference whatsoever for a testsuite, or that it actually
needs to clean up the memory to begin with.

We've quite an assortment of all this memory zeroing stuff.  Also
it is repeated in replace.h and memory.h (two sets in these files
are different but has big intersection).  I'd say, to fix this mess,
things from replace.h should be removed in favour of memory.h, and
necessary includes added, but this is for the next time.  We also
have lots of direct usages of memset_s() in heimdal code.

Cc: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 lib:crypto: Remove unused macro definitions 2024-07-02T03:39:35+00:00 Jo Sutton josutton@catalyst.net.nz 2023-12-05T02:40:30+00:00 239a8f277ca5b30baac2255a720d8d43d12bfc69 As we now require GnuTLS 3.6.13, we can rely on GnuTLS providing these macros. Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <martin@meltin.net> 
As we now require GnuTLS 3.6.13, we can rely on GnuTLS providing these
macros.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
 lib:crypto: Add constant denoting maximum GKDI clock skew in minutes 2024-05-16T02:11:36+00:00 Jo Sutton josutton@catalyst.net.nz 2024-04-16T04:05:55+00:00 fbdeb4b0b47db09dea56fec379f487ea709f994f Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:crypto: Fix Coverity build 2024-04-24T05:16:29+00:00 Jo Sutton josutton@catalyst.net.nz 2024-04-21T23:10:00+00:00 46955bc7664b8cf665c9bccf3b88d4afa26b9526 The Coverity build is failing with the following errors: [1936/5164] Compiling lib/crypto/gkdi.c In file included from /usr/lib64/gcc/x86_64-suse-linux/7/include/stdint.h:9:0, from /usr/include/inttypes.h:27, from ../../lib/crypto/../replace/replace.h:64, from ../../source4/include/includes.h:23, from ../../lib/crypto/gkdi.c:21: ../../lib/crypto/gkdi.c: In function ‘gkdi_get_key_start_time’: ../../lib/crypto/gkdi.c:197:4: error: initializer element is not constant UINT64_MAX / ^ ../../lib/crypto/gkdi.c:197:4: note: (near initialization for ‘max_gkid.l0_idx’) ../../lib/crypto/gkdi.c:200:4: error: initializer element is not constant UINT64_MAX / ^ ../../lib/crypto/gkdi.c:200:4: note: (near initialization for ‘max_gkid.l1_idx’) ../../lib/crypto/gkdi.c:204:4: error: initializer element is not constant UINT64_MAX / gkdi_key_cycle_duration % ^ ../../lib/crypto/gkdi.c:204:4: note: (near initialization for ‘max_gkid.l2_idx’) Fix the build by removing the ‘static’ specifier on this constant. Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
The Coverity build is failing with the following errors:

[1936/5164] Compiling lib/crypto/gkdi.c
In file included from /usr/lib64/gcc/x86_64-suse-linux/7/include/stdint.h:9:0,
                 from /usr/include/inttypes.h:27,
                 from ../../lib/crypto/../replace/replace.h:64,
                 from ../../source4/include/includes.h:23,
                 from ../../lib/crypto/gkdi.c:21:
../../lib/crypto/gkdi.c: In function ‘gkdi_get_key_start_time’:
../../lib/crypto/gkdi.c:197:4: error: initializer element is not constant
    UINT64_MAX /
    ^
../../lib/crypto/gkdi.c:197:4: note: (near initialization for ‘max_gkid.l0_idx’)
../../lib/crypto/gkdi.c:200:4: error: initializer element is not constant
    UINT64_MAX /
    ^
../../lib/crypto/gkdi.c:200:4: note: (near initialization for ‘max_gkid.l1_idx’)
../../lib/crypto/gkdi.c:204:4: error: initializer element is not constant
    UINT64_MAX / gkdi_key_cycle_duration %
    ^
../../lib/crypto/gkdi.c:204:4: note: (near initialization for ‘max_gkid.l2_idx’)

Fix the build by removing the ‘static’ specifier on this constant.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/crypto: add legacy_gnutls_server_end_point_cb() if needed 2024-04-23T23:50:33+00:00 Stefan Metzmacher metze@samba.org 2024-03-05T08:55:47+00:00 2f2af3aa8a0366e6502751415a08413bf28ba0cb gnutls_session_channel_binding(GNUTLS_CB_TLS_SERVER_END_POINT) is only available with gnutls 3.7.2, but we still want to support older gnutls versions and that's easily doable... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
gnutls_session_channel_binding(GNUTLS_CB_TLS_SERVER_END_POINT)
is only available with gnutls 3.7.2, but we still want to
support older gnutls versions and that's easily doable...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:crypto: Add more unit tests for GKDI functions 2024-04-21T22:10:36+00:00 Jo Sutton josutton@catalyst.net.nz 2024-04-15T00:19:12+00:00 02d7ab13ee271448efe5715bdaaf5e6907d32e08 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:crypto: Reformat source code 2024-04-16T03:58:31+00:00 Jo Sutton josutton@catalyst.net.nz 2024-04-01T21:33:27+00:00 7b7fdfbce3c2b6f86399fb585e334a78fe696423 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4-dsdb: Populate new GKDI root keys from the server configuration object 2024-03-28T01:50:41+00:00 Andrew Bartlett abartlet@samba.org 2024-03-22T01:08:22+00:00 3687bf22aa1ce2515997b06efb536d5da4294c9a This honours MS-GKDI 3.1.4.1.1 Creating a New Root Key Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
This honours MS-GKDI 3.1.4.1.1 Creating a New Root Key

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>