summaryrefslogtreecommitdiff
path: root/wscript_configure_system_gnutls
Commit message (Collapse)AuthorAgeFilesLines
* waf: Check for gnutls_pbkdf2()Andreas Schneider2022-07-281-0/+3
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* waf: Import Logs in wscript_configure_system_gnutlsAndreas Schneider2022-04-041-1/+1
| | | | | | | We do not use Options, but we do use Logs.warn() Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: let smb2_signing_decrypt_pdu() cope with ↵Stefan Metzmacher2022-02-021-0/+3
| | | | | | | | | | | | | | | | | | | | | | gnutls_aead_cipher_decrypt() ptext_len bug The initial implementation of gnutls_aead_cipher_decrypt() had a bug and used: *ptext_len = ctext_len; instead of: *ptext_len = ctext_len - tag_size; This got fixed with gnutls 3.5.2. As we only require gnutls 3.4.7 we need to cope with this... BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Feb 2 18:29:08 UTC 2022 on sn-devel-184
* build: Without getrandom() require gnutls 3.7.2Volker Lendecke2022-01-211-0/+4
| | | | | | | | | | | | | | gnutls before 3.7.2 and without getrandom() will open /dev/urandom at library initialization time before main() is run. We use closefrom(3) in samba-bgqd and samba-dcerpd, which closes /dev/urandom, which then breaks gnutls. On system with getrandom(), no file descriptor is opened and gnutls 3.7.2+ will open and close /dev/urandom whenever it needs to access it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 21 21:42:08 UTC 2022 on sn-devel-184
* gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15Stefan Metzmacher2021-07-201-3/+7
| | | | | | | | | | | | | | The memory leak bug up to 3.6.14 was only related to ccm, but gcm was fine. This avoids talloc+memcpy on more systems, e.g. ubuntu 20.04, and brings ~ 20% less cpu overhead, see: https://hackmd.io/@asn/samba_crypto_benchmarks BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* waf: Check correctly if gnutls has been compiled with fips mode supportAndreas Schneider2021-04-131-3/+26
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Apr 13 19:17:56 UTC 2021 on sn-devel-184
* waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14Andreas Schneider2020-09-111-1/+4
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Sep 11 08:27:26 UTC 2020 on sn-devel-184
* s3:lib:tls: Use better priority lists for modern GnuTLSAndreas Schneider2020-06-171-0/+3
| | | | | | | | | | | | | | | We should use the default priority list. That is a good practice, because TLS protocol hardening and phasing out of legacy algorithms, is easier to co-ordinate when happens at a single place. See crypto policies of Fedora. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184
* waf: Check if GnuTLS has support for crypto policiesAndreas Schneider2020-03-191-0/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2Andreas Schneider2020-02-041-2/+13
| | | | | | | | | | | | | | | This is available since version 3.6.10, but 3.6.10 has a bug which got fixed in 3.6.11, see: https://gitlab.com/gnutls/gnutls/-/merge_requests/1085 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14250 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Feb 4 06:44:00 UTC 2020 on sn-devel-184
* waf: Check for gnutls_aead_cipher_encryptv2()Andreas Schneider2019-10-081-0/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
* waf: Check for AES128 CMAC support in GnuTLSAndreas Schneider2019-08-211-0/+5
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* build: Remove explicit check for HAVE_GNUTLS_AEAD as we require GnuTLS 3.4.7Andrew Bartlett2019-08-211-8/+0
| | | | | | | We strictly require it and if this were to fail we would want the compile to fail. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4-rpc_server: Remove Heimdal-based BackupKey serverAndrew Bartlett2019-08-211-6/+0
| | | | | | | We rely on a modern GnuTLS now. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* build: Set minimum GnuTLS version at 3.4.7Andrew Bartlett2019-08-211-10/+1
| | | | | | | | This will soon be required for encrypted_secrets in the AD DC, the BackupKey server and SMB2 as we remove use of the internal AES code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* waf: Check for GNUTLS AES CFB supportAndreas Schneider2019-08-211-0/+6
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* waf: Also check for gnutls_privkey_export_x509()Andreas Schneider2019-05-071-0/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* waf: Remove unused GNUTLS definesAndreas Schneider2019-04-301-3/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* waf: Move check for gnutls_aead_cipher_init to main gnutls wscriptAndreas Schneider2019-04-301-0/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* waf: Add check for gnutls_x509_crt_set_subject_unique_id()Andreas Schneider2019-04-301-0/+3
| | | | | | | This is used by the GnuTLS backupkey implementation. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* waf: Move gnutls_pkcs7_get_embedded_data_oid to main gnutls fileAndreas Schneider2019-04-301-0/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* waf: Add mandatory requirement for GnuTLS >= 3.2.0Andreas Schneider2019-04-301-0/+24
We plan to move to GnuTLS for crypto in Samba, this is the first step to make it mandatory and to require a version which is in LTS distributions. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status