From 735f3d7dde3daf5d0af2e8a1de60422b88663992 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 31 Jan 2022 20:33:43 +0100
Subject: libcli/smb: let smb2_signing_decrypt_pdu() cope with
 gnutls_aead_cipher_decrypt() ptext_len bug

The initial implementation of gnutls_aead_cipher_decrypt() had a bug and
used:
    *ptext_len = ctext_len;
instead of:
    *ptext_len = ctext_len - tag_size;

This got fixed with gnutls 3.5.2.

As we only require gnutls 3.4.7 we need to cope with this...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb  2 18:29:08 UTC 2022 on sn-devel-184
---
 wscript_configure_system_gnutls | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'wscript_configure_system_gnutls')

diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls
index 62fe3d5ddda..c6eb9df7b64 100644
--- a/wscript_configure_system_gnutls
+++ b/wscript_configure_system_gnutls
@@ -44,6 +44,9 @@ if (gnutls_version > parse_version('3.6.10')):
         if (gnutls_version > parse_version('3.6.14')):
             conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM', 1)
 
+if (gnutls_version < parse_version('3.5.2')):
+    conf.DEFINE('HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG', 1)
+
 # Check if gnutls has fips mode support
 # gnutls_fips140_mode_enabled() is available since 3.3.0
 fragment = '''
-- 
cgit v1.2.1