diff options
| author | Stefan Metzmacher <metze@samba.org> | 2021-03-09 10:40:04 +0100 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2021-07-20 15:25:37 +0000 |
| commit | 5512416a8fbe00a7a5343afe0d50846e0a8f342b (patch) | |
| tree | 84000d93f07dcf00172367e41e65690a16de57e0 /wscript_configure_system_gnutls | |
| parent | f97f94e93b03495cf03d08873de5f3b912a003a0 (diff) | |
| download | samba-5512416a8fbe00a7a5343afe0d50846e0a8f342b.tar.gz | |
gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15
The memory leak bug up to 3.6.14 was only related to ccm, but gcm was
fine.
This avoids talloc+memcpy on more systems, e.g. ubuntu 20.04,
and brings ~ 20% less cpu overhead, see:
https://hackmd.io/@asn/samba_crypto_benchmarks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'wscript_configure_system_gnutls')
| -rw-r--r-- | wscript_configure_system_gnutls | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls index 28abd29f964..9864235d17e 100644 --- a/wscript_configure_system_gnutls +++ b/wscript_configure_system_gnutls @@ -13,7 +13,8 @@ conf.CHECK_CFG(package='gnutls', msg='Checking for GnuTLS >= %s' % gnutls_required_version, mandatory=True) -gnutls_version = conf.cmd_and_log(conf.env.PKGCONFIG + ['--modversion', 'gnutls']).strip() +gnutls_version_str = conf.cmd_and_log(conf.env.PKGCONFIG + ['--modversion', 'gnutls']).strip() +gnutls_version = parse_version(gnutls_version_str) # Define gnutls as a system library conf.SET_TARGET_TYPE('gnutls', 'SYSLIB') @@ -33,8 +34,11 @@ conf.CHECK_FUNCS_IN('gnutls_set_default_priority_append', 'gnutls') # # 3.6.10 - 3.6.14 have a severe memory leak with AES-CCM # https://gitlab.com/gnutls/gnutls/-/merge_requests/1278 -if (parse_version(gnutls_version) > parse_version('3.6.14')): - conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls') +if (gnutls_version > parse_version('3.6.10')): + if conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls'): + conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM', 1) + if (gnutls_version > parse_version('3.6.14')): + conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM', 1) # Check if gnutls has fips mode support # gnutls_fips140_mode_enabled() is available since 3.3.0 |