diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /lib/crypto/gnutls_weak_crypto.c | |
parent | Initial commit. (diff) | |
download | samba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/crypto/gnutls_weak_crypto.c')
-rw-r--r-- | lib/crypto/gnutls_weak_crypto.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/lib/crypto/gnutls_weak_crypto.c b/lib/crypto/gnutls_weak_crypto.c new file mode 100644 index 0000000..68ce588 --- /dev/null +++ b/lib/crypto/gnutls_weak_crypto.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2019 Andreas Schneider <asn@samba.org> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" +#include "lib/crypto/gnutls_helpers.h" + +#include <gnutls/crypto.h> +#include <gnutls/gnutls.h> + +bool samba_gnutls_weak_crypto_allowed(void) +{ + gnutls_cipher_hd_t cipher_hnd = NULL; + gnutls_datum_t key = { + .data = discard_const_p(unsigned char, "SystemLibraryDTC"), + .size = 16, + }; + int rc; + + /* + * If RC4 is not allowed to be initialzed then weak crypto is not + * allowed. + */ + rc = gnutls_cipher_init(&cipher_hnd, + GNUTLS_CIPHER_ARCFOUR_128, + &key, + NULL); + if (rc == GNUTLS_E_UNWANTED_ALGORITHM) { + return false; + } + + gnutls_cipher_deinit(cipher_hnd); + + return true; +} |