diff options
| author | Andreas Schneider <asn@samba.org> | 2020-01-24 16:34:42 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2020-02-04 06:43:59 +0000 |
| commit | d459ca04fc46a52276a860e73ae9ec8f813c260e (patch) | |
| tree | 2e42e0294087355965aecd1a2b79bf14ecce2074 | |
| parent | 4258f805f4aefaac43ca938e3a0a11dc85340512 (diff) | |
| download | samba-d459ca04fc46a52276a860e73ae9ec8f813c260e.tar.gz | |
libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2
This is available since version 3.6.10, but 3.6.10 has a bug which got fixed
in 3.6.11, see:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1085
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14250
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 4 06:44:00 UTC 2020 on sn-devel-184
| -rw-r--r-- | libcli/smb/smb2_signing.c | 7 | ||||
| -rw-r--r-- | wscript_configure_system_gnutls | 15 |
2 files changed, 15 insertions, 7 deletions
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 7561a7a858d..7b33a42526e 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -478,9 +478,7 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key, 0, 16 - iv_size); -/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */ -#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \ - GNUTLS_VERSION_NUMBER > 0x03060a +#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) { uint8_t tag[tag_size]; giovec_t auth_iov[1]; @@ -682,8 +680,7 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, } /* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */ -#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \ - GNUTLS_VERSION_NUMBER > 0x03060a +#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) { giovec_t auth_iov[1]; diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls index f6d9ac3c65e..b2b955f3c90 100644 --- a/wscript_configure_system_gnutls +++ b/wscript_configure_system_gnutls @@ -1,5 +1,8 @@ from waflib import Options +def parse_version(v): + return tuple(map(int, (v.split(".")))) + gnutls_min_required_version = "3.4.7" gnutls_required_version = gnutls_min_required_version @@ -9,14 +12,22 @@ conf.CHECK_CFG(package='gnutls', msg='Checking for GnuTLS >= %s' % gnutls_required_version, mandatory=True) +gnutls_version = conf.cmd_and_log(conf.env.PKGCONFIG + ['--modversion', 'gnutls']).strip() + # Define gnutls as a system library conf.SET_TARGET_TYPE('gnutls', 'SYSLIB') # Check for gnutls_pkcs7_get_embedded_data_oid (>= 3.5.5) required by libmscat conf.CHECK_FUNCS_IN('gnutls_pkcs7_get_embedded_data_oid', 'gnutls') -# Check for gnutls_aead_cipher_encryptv2 (>= 3.6.10) -conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls') +# Check for gnutls_aead_cipher_encryptv2 +# +# This is available since version 3.6.10, but 3.6.10 has a bug which got fixed +# in 3.6.11, see: +# +# https://gitlab.com/gnutls/gnutls/-/merge_requests/1085 +if (parse_version('3.6.10') != parse_version(gnutls_version)): + conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls') if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'): conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1) |